CWE-862 CVEs and Security Vulnerabilities

Filtered by CWE-862

Search

Switch to Advanced Search (Beta)

Total 6172 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2025-40602	1 Sonicwall	10 Sma1000, Sma6200, Sma6200 Firmware and 7 more	2025-12-19	6.6 Medium
A local privilege escalation vulnerability due to insufficient authorization in the SonicWall SMA1000 appliance management console (AMC).
CVE-2025-54751	2 Wordpress, Wpxpo	2 Wordpress, Postx	2025-12-19	7.1 High
Missing Authorization vulnerability in WPXPO PostX ultimate-post allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PostX: from n/a through <= 4.1.36.
CVE-2025-49041	1 Wordpress	1 Wordpress	2025-12-19	6.5 Medium
Missing Authorization vulnerability in The African Boss Get Cash get-cash allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Get Cash: from n/a through <= 3.2.3.
CVE-2025-58877	2 Javothemes, Wordpress	2 Javo Core, Wordpress	2025-12-19	7.5 High
Missing Authorization vulnerability in javothemes Javo Core javo-core allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Javo Core: from n/a through <= 3.0.0.529.
CVE-2025-49902	1 Wordpress	1 Wordpress	2025-12-19	6.5 Medium
Missing Authorization vulnerability in A WP Life Login Page Customizer – Customizer Login Page, Admin Page, Custom Design customizer-login-page allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Login Page Customizer – Customizer Login Page, Admin Page, Custom Design: from n/a through <= 2.1.1.
CVE-2025-54741	1 Wordpress	1 Wordpress	2025-12-19	8.6 High
Missing Authorization vulnerability in Tyler Moore Super Blank super-blank allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Super Blank: from n/a through <= 1.2.0.
CVE-2025-54743	2 Mkscripts, Wordpress	2 Download After Email, Wordpress	2025-12-19	5.3 Medium
Missing Authorization vulnerability in mkscripts Download After Email download-after-email allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Download After Email: from n/a through 2.1.5-2.1.6.
CVE-2025-13498	2 Codename065, Wordpress	2 Download Manager Plugin, Wordpress	2025-12-19	4.3 Medium
The Download Manager plugin for WordPress is vulnerable to unauthorized access of sensitive information in all versions up to, and including, 3.3.32. This is due to missing authorization and capability checks on the `wpdm_media_access` AJAX action. This makes it possible for authenticated attackers, with Subscriber-level access and above, to retrieve passwords and access control settings for protected media attachments, which can then be used to bypass the intended media protection and download restricted files.
CVE-2025-54745	2 Miniorange, Wordpress	2 Google Authenticator, Wordpress	2025-12-19	6.5 Medium
Missing Authorization vulnerability in miniOrange miniOrange's Google Authenticator miniorange-2-factor-authentication allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects miniOrange's Google Authenticator: from n/a through <= 6.1.1.
CVE-2025-60045	2 Themeatelier, Wordpress	2 Idonate, Wordpress	2025-12-19	7.5 High
Missing Authorization vulnerability in ThemeAtelier IDonatePro idonate-pro allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects IDonatePro: from n/a through <= 2.1.11.
CVE-2025-64214	2 Stylemixthemes, Wordpress	2 Masterstudy Lms, Wordpress	2025-12-19	7.5 High
Missing Authorization vulnerability in StylemixThemes MasterStudy LMS Pro masterstudy-lms-learning-management-system-pro allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects MasterStudy LMS Pro: from n/a through < 4.7.16.
CVE-2025-63039	2 Cridio, Wordpress	2 Listingpro, Wordpress	2025-12-19	6.5 Medium
Missing Authorization vulnerability in CridioStudio ListingPro listingpro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ListingPro: from n/a through <= 2.9.9.
CVE-2025-58938	2 Themeatelier, Wordpress	2 Idonate, Wordpress	2025-12-19	7.6 High
Missing Authorization vulnerability in ThemeAtelier IDonatePro idonate-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects IDonatePro: from n/a through <= 2.1.9.
CVE-2025-60077	1 Wordpress	1 Wordpress	2025-12-19	7.5 High
Missing Authorization vulnerability in YayCommerce YayPricing yaypricing allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects YayPricing: from n/a through <= 3.5.3.
CVE-2025-64268	2 Arraytics, Wordpress	2 Timetics, Wordpress	2025-12-19	7.5 High
Missing Authorization vulnerability in Arraytics Timetics timetics allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Timetics: from n/a through <= 1.0.44.
CVE-2025-64222	3 Fantasticplugins, Woocommerce, Wordpress	3 Woocommerce Recover Abandoned Cart, Woocommerce, Wordpress	2025-12-19	7.5 High
Missing Authorization vulnerability in FantasticPlugins WooCommerce Recover Abandoned Cart rac allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WooCommerce Recover Abandoned Cart: from n/a through <= 24.6.0.
CVE-2025-64375	1 Wordpress	1 Wordpress	2025-12-19	6.5 Medium
Missing Authorization vulnerability in Mahmudul Hasan Arif WP Social Ninja wp-social-reviews allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Social Ninja: from n/a through <= 3.20.1.
CVE-2025-60086	2 Matt, Wordpress	2 Wp Voting Contest, Wordpress	2025-12-19	7.5 High
Missing Authorization vulnerability in Matt WP Voting Contest wp-voting-contest allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Voting Contest: from n/a through <= 5.8.
CVE-2025-64192	2 8theme, Wordpress	2 Xstore, Wordpress	2025-12-19	6.3 Medium
Missing Authorization vulnerability in 8theme XStore xstore allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects XStore: from n/a through < 9.6.
CVE-2025-64209	2 Stylemixthemes, Wordpress	2 Masterstudy Lms, Wordpress	2025-12-19	7.5 High
Missing Authorization vulnerability in StylemixThemes Masterstudy masterstudy allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Masterstudy: from n/a through < 4.8.122.

« first previous Page 2 of 309. next last »