CWE-862 CVEs and Security Vulnerabilities

Filtered by CWE-862

Search

Switch to Advanced Search (Beta)

Total 7033 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2026-25313	2 Shahjahan Jewel, Wordpress	2 Fluentform, Wordpress	2026-02-20	4.3 Medium
Missing Authorization vulnerability in Shahjahan Jewel FluentForm fluentform allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects FluentForm: from n/a through <= 6.1.14.
CVE-2025-65036	2 Xwiki, Xwikisas	2 Pro Macros, Xwiki-pro-macros	2026-02-20	8.3 High
XWiki Remote Macros provides XWiki rendering macros that are useful when migrating content from Confluence. Prior to 1.27.1, the macro executes Velocity from the details pages without checking for permissions, which can lead to remote code execution. This vulnerability is fixed in 1.27.1.
CVE-2026-26977	1 Frappe	2 Learning, Lms	2026-02-20	5.3 Medium
Frappe Learning Management System (LMS) is a learning system that helps users structure their content. In versions 2.44.0 and below, unauthorized users are able to access the details of unpublished courses via API endpoints. A fix for this issue is planned for the 2.45.0 release.
CVE-2026-25420	2 Mailerlite, Wordpress	2 Mailerlite, Wordpress	2026-02-20	4.3 Medium
Missing Authorization vulnerability in MailerLite MailerLite official-mailerlite-sign-up-forms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MailerLite: from n/a through <= 1.7.18.
CVE-2026-25388	2 Scripteo, Wordpress	2 Ads Pro, Wordpress	2026-02-20	5.4 Medium
Missing Authorization vulnerability in scripteo Ads Pro ap-plugin-scripteo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ads Pro: from n/a through <= 5.0.
CVE-2026-25364	2 Boldgrid, Wordpress	2 Client Invoicing By Sprout Invoices, Wordpress	2026-02-20	5.3 Medium
Missing Authorization vulnerability in BoldGrid Client Invoicing by Sprout Invoices sprout-invoices allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Client Invoicing by Sprout Invoices: from n/a through <= 20.8.8.
CVE-2025-70148	1 Codeastro	1 Membership Management System	2026-02-20	7.5 High
Missing authentication and authorization in print_membership_card.php in CodeAstro Membership Management System 1.0 allows unauthenticated attackers to access membership card data of arbitrary users via direct requests with a manipulated id parameter, resulting in insecure direct object reference (IDOR).
CVE-2026-27328	2 Devsblink, Wordpress	2 Edublink, Wordpress	2026-02-20	5.3 Medium
Missing Authorization vulnerability in DevsBlink EduBlink edublink allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects EduBlink: from n/a through <= 2.0.7.
CVE-2026-27056	2 Stellarwp, Wordpress	2 Ithemes Sync, Wordpress	2026-02-20	4.3 Medium
Missing Authorization vulnerability in StellarWP iThemes Sync ithemes-sync allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects iThemes Sync: from n/a through <= 3.2.8.
CVE-2026-23804	2 Bbr Plugins, Wordpress	2 Better Business Reviews, Wordpress	2026-02-20	5.4 Medium
Missing Authorization vulnerability in BBR Plugins Better Business Reviews better-business-reviews allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Better Business Reviews: from n/a through <= 0.1.1.
CVE-2026-24375	2 Wordpress, Wpswings	2 Wordpress, Ultimate Gift Cards For Woocommerce	2026-02-20	5.3 Medium
Missing Authorization vulnerability in WP Swings Ultimate Gift Cards For WooCommerce woo-gift-cards-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ultimate Gift Cards For WooCommerce: from n/a through <= 3.2.4.
CVE-2026-24999	2 Almapay, Wordpress	2 Alma, Wordpress	2026-02-20	5.3 Medium
Missing Authorization vulnerability in Alma Alma alma-gateway-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Alma: from n/a through <= 5.16.1.
CVE-2026-25000	2 Kraftplugins, Wordpress	2 Wheel Of Life, Wordpress	2026-02-20	5.3 Medium
Missing Authorization vulnerability in Kraft Plugins Wheel of Life wheel-of-life allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Wheel of Life: from n/a through <= 1.2.0.
CVE-2026-25003	2 Madalin.ungureanu, Wordpress	2 Client Portal, Wordpress	2026-02-20	4.3 Medium
Missing Authorization vulnerability in madalin.ungureanu Client Portal client-portal allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Client Portal: from n/a through <= 1.2.1.
CVE-2026-25308	2 Wordpress, Wp.insider	2 Wordpress, Simple Membership	2026-02-20	4.3 Medium
Missing Authorization vulnerability in wp.insider Simple Membership simple-membership allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simple Membership: from n/a through <= 4.6.9.
CVE-2026-25311	2 10up, Wordpress	2 Autoshare For Twitter, Wordpress	2026-02-20	5.4 Medium
Missing Authorization vulnerability in 10up Autoshare for Twitter autoshare-for-twitter allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Autoshare for Twitter: from n/a through <= 2.3.1.
CVE-2026-25314	2 Wordpress, Wp Messiah	2 Wordpress, Top Table Of Contents	2026-02-20	4.3 Medium
Missing Authorization vulnerability in WP Messiah TOP Table Of Contents top-table-of-contents allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects TOP Table Of Contents: from n/a through <= 1.3.31.
CVE-2026-25318	2 Wisernotify Team, Wordpress	2 Wiserreview Product Reviews For Woocommerce, Wordpress	2026-02-20	4.3 Medium
Missing Authorization vulnerability in Wisernotify team WiserReview Product Reviews for WooCommerce wiser-review allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WiserReview Product Reviews for WooCommerce: from n/a through <= 2.9.
CVE-2026-25320	2 Cool Plugins, Wordpress	2 Elementor Contact Form Db, Wordpress	2026-02-20	5.3 Medium
Missing Authorization vulnerability in Cool Plugins Elementor Contact Form DB sb-elementor-contact-form-db allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Elementor Contact Form DB: from n/a through <= 2.1.3.
CVE-2026-25321	2 Psm Plugins, Wordpress	2 Supportcandy, Wordpress	2026-02-20	5.3 Medium
Missing Authorization vulnerability in PSM Plugins SupportCandy supportcandy allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SupportCandy: from n/a through <= 3.4.4.

« first previous Page 17 of 352. next last »