CWE-862 CVEs and Security Vulnerabilities

Filtered by CWE-862

Search

Switch to Advanced Search (Beta)

Total 6407 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2025-13794	2 Themeisle, Wordpress	2 Auto Featured Image, Wordpress	2025-12-16	4.3 Medium
The Auto Featured Image (Auto Post Thumbnail) plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the bulk_action_generate_handler function in all versions up to, and including, 4.2.1. This makes it possible for authenticated attackers, with Contributor-level access and above, to delete or generate featured images on posts they do not own.
CVE-2025-64638	3 Onpay.io, Woocommerce, Wordpress	3 For Woocommerce, Woocommerce, Wordpress	2025-12-16	5.3 Medium
Missing Authorization vulnerability in OnPay.io OnPay.io for WooCommerce onpay-io-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects OnPay.io for WooCommerce: from n/a through <= 1.0.47.
CVE-2025-54045	2 Cminds, Wordpress	2 Cm On Demand Search And Replace, Wordpress	2025-12-16	4.3 Medium
Missing Authorization vulnerability in CreativeMindsSolutions CM On Demand Search And Replace cm-on-demand-search-and-replace allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CM On Demand Search And Replace: from n/a through <= 1.5.4.
CVE-2025-64632	2 Auctollo, Wordpress	2 Google-sitemap-generator, Wordpress	2025-12-16	5.3 Medium
Missing Authorization vulnerability in Auctollo Google XML Sitemaps google-sitemap-generator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Google XML Sitemaps: from n/a through <= 4.1.21.
CVE-2025-66120	2 Catfolders, Wordpress	2 Catfolders, Wordpress	2025-12-16	5.3 Medium
Missing Authorization vulnerability in CatFolders CatFolders catfolders allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CatFolders: from n/a through <= 2.5.3.
CVE-2025-64242	2 Merv Barrett, Wordpress	2 Easy Property Listings, Wordpress	2025-12-16	4.3 Medium
Missing Authorization vulnerability in Merv Barrett Easy Property Listings easy-property-listings allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Property Listings: from n/a through <= 3.5.15.
CVE-2025-67965	2 Favethemes, Wordpress	2 Homey, Wordpress	2025-12-16	5.3 Medium
Missing Authorization vulnerability in favethemes Homey Core homey-core allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Homey Core: from n/a through <= 2.4.3.
CVE-2025-64243	2 E-plugins, Wordpress	2 Directory Pro, Wordpress	2025-12-16	4.3 Medium
Missing Authorization vulnerability in e-plugins Directory Pro directory-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Directory Pro: from n/a through <= 2.5.6.
CVE-2025-59001	2 Themenectar, Wordpress	2 Salient Core, Wordpress	2025-12-16	4.3 Medium
Missing Authorization vulnerability in ThemeNectar Salient Core salient-core allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Salient Core: from n/a through <= 3.0.8.
CVE-2025-43497	1 Apple	1 Macos	2025-12-16	5.2 Medium
An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Tahoe 26.1. An app may be able to break out of its sandbox.
CVE-2023-20252	1 Cisco	1 Catalyst Sd-wan Manager	2025-12-16	9.8 Critical
A vulnerability in the Security Assertion Markup Language (SAML) APIs of Cisco Catalyst SD-WAN Manager Software could allow an unauthenticated, remote attacker to gain unauthorized access to the application as an arbitrary user. This vulnerability is due to improper authentication checks for SAML APIs. An attacker could exploit this vulnerability by sending requests directly to the SAML API. A successful exploit could allow the attacker to generate an authorization token sufficient to gain access to the application.
CVE-2025-67572	1 Wordpress	1 Wordpress	2025-12-16	5.3 Medium
Missing Authorization vulnerability in PenciDesign PenNews pennews allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PenNews: from n/a through < 6.7.4.
CVE-2025-66166	2 Merkulove, Wordpress	2 Lottier For Elementor, Wordpress	2025-12-16	5.4 Medium
Missing Authorization vulnerability in merkulove Lottier for Elementor lottier-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Lottier for Elementor: from n/a through <= 1.0.9.
CVE-2025-66162	2 Merkulove, Wordpress	2 Spoter For Elementor, Wordpress	2025-12-16	5.4 Medium
Missing Authorization vulnerability in merkulove Spoter for Elementor spoter-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Spoter for Elementor: from n/a through <= 1.04.
CVE-2025-66129	1 Wordpress	1 Wordpress	2025-12-16	5.3 Medium
Missing Authorization vulnerability in wppochipp Pochipp pochipp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Pochipp: from n/a through <= 1.18.0.
CVE-2025-66128	3 Brevo, Woocommerce, Wordpress	3 Sendinblue For Woocommerce, Woocommerce, Wordpress	2025-12-16	5.3 Medium
Missing Authorization vulnerability in Brevo Sendinblue for WooCommerce woocommerce-sendinblue-newsletter-subscription allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sendinblue for WooCommerce: from n/a through <= 4.0.49.
CVE-2025-66124	2 Wordpress, Zeen101	2 Wordpress, Leaky Paywall	2025-12-16	5.3 Medium
Missing Authorization vulnerability in ZEEN101 Leaky Paywall leaky-paywall allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Leaky Paywall: from n/a through <= 4.22.5.
CVE-2025-64251	1 Wordpress	1 Wordpress	2025-12-16	4.9 Medium
Missing Authorization vulnerability in azzaroco Ultimate Learning Pro indeed-learning-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ultimate Learning Pro: from n/a through <= 3.9.3.
CVE-2025-64246	1 Wordpress	1 Wordpress	2025-12-16	4.3 Medium
Missing Authorization vulnerability in netopsae Accessibility by AudioEye accessibility-by-audioeye allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Accessibility by AudioEye: from n/a through <= 1.0.49.
CVE-2025-64238	1 Wordpress	1 Wordpress	2025-12-16	4.3 Medium
Missing Authorization vulnerability in NicolasKulka WPS Bidouille wps-bidouille allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPS Bidouille: from n/a through <= 1.33.1.

« first previous Page 19 of 321. next last »