CWE-862 CVEs and Security Vulnerabilities

Filtered by CWE-862

Search

Switch to Advanced Search (Beta)

Total 6413 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2025-67577	1 Wordpress	1 Wordpress	2025-12-10	5.3 Medium
Missing Authorization vulnerability in hassantafreshi Easy Form Builder easy-form-builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Form Builder: from n/a through <= 3.8.20.
CVE-2025-63049	2 Cridio, Wordpress	2 Listingpro Lead Form, Wordpress	2025-12-10	5.3 Medium
Missing Authorization vulnerability in CridioStudio ListingPro Lead Form listingpro-lead-form allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects ListingPro Lead Form: from n/a through <= 1.0.2.
CVE-2025-67581	2 Themetechmount, Wordpress	2 Truebooker, Wordpress	2025-12-10	5.3 Medium
Missing Authorization vulnerability in themetechmount TrueBooker truebooker-appointment-booking allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects TrueBooker: from n/a through <= 1.1.0.
CVE-2025-67599	2 Webtoffee, Wordpress	2 Ecommerce Marketing Automation, Wordpress	2025-12-10	4.3 Medium
Missing Authorization vulnerability in WebToffee WebToffee eCommerce Marketing Automation decorator-woocommerce-email-customizer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WebToffee eCommerce Marketing Automation: from n/a through <= 2.1.1.
CVE-2025-63067	1 Wordpress	1 Wordpress	2025-12-10	4.3 Medium
Missing Authorization vulnerability in p-themes Porto Theme - Functionality porto-functionality allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Porto Theme - Functionality: from n/a through <= 3.6.2.
CVE-2022-46845	1 Wordpress	1 Wordpress	2025-12-10	5.3 Medium
Missing Authorization vulnerability in Essential Plugin Slider a SlidersPack allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Slider a SlidersPack: from n/a before 2.3.
CVE-2022-47425	2 Reputeinfosystems, Wordpress	2 Armember, Wordpress	2025-12-10	4.3 Medium
Missing Authorization vulnerability in Repute Infosystems ARMember allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ARMember: from n/a through 3.4.10.
CVE-2025-63069	1 Wordpress	1 Wordpress	2025-12-10	5.3 Medium
Missing Authorization vulnerability in Vinod Dalvi Ivory Search add-search-to-menu allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ivory Search: from n/a through <= 5.5.12.
CVE-2025-63077	3 Elementor, Happymonster, Wordpress	3 Elementor, Happy Addons For Elementor, Wordpress	2025-12-10	4.3 Medium
Missing Authorization vulnerability in HappyMonster Happy Addons for Elementor happy-elementor-addons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Happy Addons for Elementor: from n/a through <= 3.20.2.
CVE-2023-23729	2 Brainstormforce, Wordpress	2 Spectra, Wordpress	2025-12-10	5.4 Medium
Missing Authorization vulnerability in Brainstorm Force Spectra allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Spectra: from n/a through 2.3.0.
CVE-2025-63063	1 Wordpress	1 Wordpress	2025-12-10	6.5 Medium
Missing Authorization vulnerability in Yandex Metrika Yandex.Metrica wp-yandex-metrika allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Yandex.Metrica: from n/a through <= 1.2.2.
CVE-2025-49961	1 Wordpress	1 Wordpress	2025-12-10	6.3 Medium
Missing Authorization vulnerability in Breeze Team Breeze Checkout breeze-checkout allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Breeze Checkout: from n/a through <= 1.4.0.
CVE-2024-21417	1 Microsoft	15 Windows 10 1809, Windows 10 21h2, Windows 10 21h2 and 12 more	2025-12-09	8.8 High
Windows Text Services Framework Elevation of Privilege Vulnerability
CVE-2025-42891	1 Sap	1 Enterprise Search For Abap	2025-12-09	5.5 Medium
Due to a missing authorization check in SAP Enterprise Search for ABAP, an attacker with high privileges may read and export the contents of database tables into an ABAP report. This could lead to a high impact on data confidentiality and a low impact on data integrity. There is no impact on application's availability.
CVE-2025-52738	2 Mediawiki, Wordpress	2 Wikipedia Preview, Wordpress	2025-12-09	6.5 Medium
Missing Authorization vulnerability in Wikimedia Foundation Wikipedia Preview wikipedia-preview allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Wikipedia Preview: from n/a through <= 1.15.0.
CVE-2025-52757	1 Wordpress	1 Wordpress	2025-12-09	6.3 Medium
Missing Authorization vulnerability in FantasticPlugins SUMO Memberships for WooCommerce sumomemberships allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SUMO Memberships for WooCommerce: from n/a through <= 7.6.0.
CVE-2025-48600	1 Google	1 Android	2025-12-09	5.5 Medium
In multiple files, there is a possible way to reveal information across users due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2025-12577	2 Passionui, Wordpress	2 Listar, Wordpress	2025-12-08	4.3 Medium
The Listar – Directory Listing & Classifieds WordPress Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the '/wp-json/listar/v1/place/save' REST API endpoint in all versions up to, and including, 3.0.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update listing details.
CVE-2025-12091	3 Instantsearchplus, Woocommerce, Wordpress	3 Search,filters&merchandising For Woocommerce, Woocommerce, Wordpress	2025-12-08	4.3 Medium
The Search, Filters & Merchandising for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wcis_save_email' endpoint in all versions up to, and including, 3.0.63. This makes it possible for authenticated attackers, with Subscriber-level access and above, to deactivate the plugin.
CVE-2025-13309	1 Wordpress	1 Wordpress	2025-12-08	4.3 Medium
The Accessiy By CodeConfig Accessibility – Easy One-Click Accessibility Toolbar That Truly Matters plugin for WordPress is vulnerable to authorization bypass in versions up to, and including, 1.0.0. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers with subscriber-level access and above to modify the plugin’s global accessibility settings.

« first previous Page 27 of 321. next last »