CWE-862 CVEs and Security Vulnerabilities

Filtered by CWE-862

Search

Switch to Advanced Search (Beta)

Total 5694 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2025-59011	1 Wordpress	1 Wordpress	2025-09-30	7.5 High
Missing Authorization vulnerability in shinetheme Traveler allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Traveler: from n/a through n/a.
CVE-2025-58919	1 Wordpress	1 Wordpress	2025-09-29	5.3 Medium
Missing Authorization vulnerability in guihom Wide Banner allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Wide Banner: from n/a through 1.0.4.
CVE-2025-60094	1 Wordpress	1 Wordpress	2025-09-29	4.3 Medium
Missing Authorization vulnerability in Benjamin Intal Stackable allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Stackable: from n/a through 3.18.1.
CVE-2025-60096	3 Codexthemes, Elementor, Wordpress	3 Thegem, Elementor, Wordpress	2025-09-29	5.4 Medium
Missing Authorization vulnerability in CodexThemes TheGem (Elementor) allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects TheGem (Elementor): from n/a through 5.10.5.
CVE-2025-60097	2 Codexthemes, Wordpress	2 Thegem, Wordpress	2025-09-29	5.4 Medium
Missing Authorization vulnerability in CodexThemes TheGem allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects TheGem: from n/a through 5.10.5.
CVE-2025-60098	1 Wordpress	1 Wordpress	2025-09-29	6.5 Medium
Missing Authorization vulnerability in Jeff Farthing Theme My Login allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Theme My Login: from n/a through 7.1.12.
CVE-2025-60103	2 Cridio, Wordpress	2 Listingpro, Wordpress	2025-09-29	5.4 Medium
Missing Authorization vulnerability in CridioStudio ListingPro allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects ListingPro: from n/a through 2.9.8.
CVE-2024-50052	1 Mattermost	2 Mattermost, Mattermost Server	2025-09-29	4.3 Medium
Mattermost versions 9.10.x <= 9.10.2, 9.11.x <= 9.11.1, 9.5.x <= 9.5.9 fail to check that the origin of the message in an integration action matches with the original post metadata which allows an authenticated user to delete an arbitrary post.
CVE-2025-53374	1 Dokploy	1 Dokploy	2025-09-29	4.3 Medium
Dokploy is a self-hostable Platform as a Service (PaaS) that simplifies the deployment and management of applications and databases. An authenticated low-privileged account can retrieve detailed profile information about another users in the same organization by directly invoking user.one. The response discloses personally-identifiable information (PII) such as e-mail address, role, two-factor status, organization ID, and various account flags. The fix will be available in the v0.23.7.
CVE-2025-10871	1 Gitlab	1 Gitlab	2025-09-29	3.8 Low
An issue has been discovered in GitLab EE affecting all versions from 16.6 before 18.2.7, 18.3 before 18.3.3, and 18.4 before 18.4.1. Project Maintainers can exploit a vulnerability where they can assign custom roles to users with permissions exceeding their own, effectively granting themselves elevated privileges.
CVE-2025-60106	1 Wordpress	1 Wordpress	2025-09-29	4.9 Medium
Missing Authorization vulnerability in Roxnor EmailKit allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects EmailKit: from n/a through 1.6.0.
CVE-2025-48326	1 Wordpress	1 Wordpress	2025-09-29	6.5 Medium
Missing Authorization vulnerability in Acclectic Media Acclectic Media Organizer allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Acclectic Media Organizer: from n/a through 1.4.
CVE-2025-60116	1 Wordpress	1 Wordpress	2025-09-29	5.4 Medium
Missing Authorization vulnerability in ThemeGoods Grand Conference Theme Custom Post Type allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Grand Conference Theme Custom Post Type: from n/a through 2.6.3.
CVE-2025-60121	2 Exthemes, Wordpress	2 Wooevents, Wordpress	2025-09-29	5.3 Medium
Missing Authorization vulnerability in Ex-Themes WooEvents allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WooEvents: from n/a through 4.1.7.
CVE-2025-60152	1 Wordpress	1 Wordpress	2025-09-29	4.3 Medium
Missing Authorization vulnerability in wpshuffle Subscribe To Unlock allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Subscribe To Unlock: from n/a through 1.1.5.
CVE-2025-60166	1 Wordpress	1 Wordpress	2025-09-29	4.3 Medium
Missing Authorization vulnerability in wpshuffle WP Subscription Forms PRO allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP Subscription Forms PRO: from n/a through 2.0.5.
CVE-2025-60122	1 Wordpress	1 Wordpress	2025-09-29	4.3 Medium
Missing Authorization vulnerability in HivePress HivePress Claim Listings allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects HivePress Claim Listings: from n/a through 1.1.3.
CVE-2025-60130	1 Wordpress	1 Wordpress	2025-09-29	5.3 Medium
Missing Authorization vulnerability in wedos.com WEDOS Global allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects WEDOS Global: from n/a through 1.2.2.
CVE-2025-60123	1 Wordpress	1 Wordpress	2025-09-29	4.3 Medium
Missing Authorization vulnerability in HivePress HivePress Claim Listings allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects HivePress Claim Listings: from n/a through 1.1.3.
CVE-2025-60155	1 Wordpress	1 Wordpress	2025-09-29	5.3 Medium
Missing Authorization vulnerability in loopus WP Virtual Assistant allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP Virtual Assistant: from n/a through 3.0.

« first previous Page 16 of 285. next last »