Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2023-52177

Summary
Assigner-Patchstack
Assigner Org ID-21595511-bba5-4825-b968-b78d1f9984a3
Published At-12 Jun, 2024 | 08:42
Updated At-28 Apr, 2026 | 16:09
Rejected At-
Credits

WordPress Integrate Google Drive plugin <= 1.3.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in SoftLab Integrate Google Drive.This issue affects Integrate Google Drive: from n/a through 1.3.3.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:Patchstack
Assigner Org ID:21595511-bba5-4825-b968-b78d1f9984a3
Published At:12 Jun, 2024 | 08:42
Updated At:28 Apr, 2026 | 16:09
Rejected At:
▼CVE Numbering Authority (CNA)
WordPress Integrate Google Drive plugin <= 1.3.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in SoftLab Integrate Google Drive.This issue affects Integrate Google Drive: from n/a through 1.3.3.

Affected Products
Vendor
SoftLab
Product
Integrate Google Drive
Collection URL
https://wordpress.org/plugins
Package Name
integrate-google-drive
Default Status
unaffected
Versions
Affected
  • From n/a through 1.3.3 (custom)
    • -> unaffectedfrom1.3.4
Problem Types
TypeCWE IDDescription
CWECWE-862CWE-862 Missing Authorization
Type: CWE
CWE ID: CWE-862
Description: CWE-862 Missing Authorization
Metrics
VersionBase scoreBase severityVector
3.15.4MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
Version: 3.1
Base score: 5.4
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Update to 1.3.4 or a higher version.

Configurations

Workarounds

Exploits

Credits

finder
Nguyen Xuan Chien (Patchstack Alliance)
Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://patchstack.com/database/vulnerability/integrate-google-drive/wordpress-integrate-google-drive-plugin-1-3-3-broken-access-control-vulnerability?_s_id=cve
vdb-entry
Hyperlink: https://patchstack.com/database/vulnerability/integrate-google-drive/wordpress-integrate-google-drive-plugin-1-3-3-broken-access-control-vulnerability?_s_id=cve
Resource:
vdb-entry
▼Authorized Data Publishers (ADP)
1. CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
2. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://patchstack.com/database/vulnerability/integrate-google-drive/wordpress-integrate-google-drive-plugin-1-3-3-broken-access-control-vulnerability?_s_id=cve
vdb-entry
x_transferred
Hyperlink: https://patchstack.com/database/vulnerability/integrate-google-drive/wordpress-integrate-google-drive-plugin-1-3-3-broken-access-control-vulnerability?_s_id=cve
Resource:
vdb-entry
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:audit@patchstack.com
Published At:12 Jun, 2024 | 09:15
Updated At:02 Dec, 2025 | 20:47

Missing Authorization vulnerability in SoftLab Integrate Google Drive.This issue affects Integrate Google Drive: from n/a through 1.3.3.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.15.4MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
Primary3.16.3MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Type: Secondary
Version: 3.1
Base score: 5.4
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
Type: Primary
Version: 3.1
Base score: 6.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
CPE Matches

softlabbd
softlabbd
>>integrate_google_drive>>Versions before 1.3.4(exclusive)
cpe:2.3:a:softlabbd:integrate_google_drive:*:*:*:*:*:wordpress:*:*
Weaknesses
CWE IDTypeSource
CWE-862Secondaryaudit@patchstack.com
CWE-862Primarynvd@nist.gov
CWE ID: CWE-862
Type: Secondary
Source: audit@patchstack.com
CWE ID: CWE-862
Type: Primary
Source: nvd@nist.gov
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
https://patchstack.com/database/vulnerability/integrate-google-drive/wordpress-integrate-google-drive-plugin-1-3-3-broken-access-control-vulnerability?_s_id=cveaudit@patchstack.com
Third Party Advisory
https://patchstack.com/database/vulnerability/integrate-google-drive/wordpress-integrate-google-drive-plugin-1-3-3-broken-access-control-vulnerability?_s_id=cveaf854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Hyperlink: https://patchstack.com/database/vulnerability/integrate-google-drive/wordpress-integrate-google-drive-plugin-1-3-3-broken-access-control-vulnerability?_s_id=cve
Source: audit@patchstack.com
Resource:
Third Party Advisory
Hyperlink: https://patchstack.com/database/vulnerability/integrate-google-drive/wordpress-integrate-google-drive-plugin-1-3-3-broken-access-control-vulnerability?_s_id=cve
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

534Records found

CVE-2022-44626
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.3||MEDIUM
EPSS-0.40% / 31.66%
||
7 Day CHG~0.00%
Published-25 Mar, 2024 | 11:15
Updated-28 Apr, 2026 | 19:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Squirrly SEO (Peaks) plugin <= 12.1.20 - Broken Access Control vulnerability

Missing Authorization vulnerability in Squirrly SEO Plugin by Squirrly SEO.This issue affects SEO Plugin by Squirrly SEO: from n/a through 12.1.20.

Action-Not Available
Vendor-squirrlySquirrly
Product-seo_plugin_by_squirrly_seoSEO Plugin by Squirrly SEO
CWE ID-CWE-862
Missing Authorization
CVE-2024-34804
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.39% / 30.62%
||
7 Day CHG~0.00%
Published-11 Jun, 2024 | 16:23
Updated-28 Apr, 2026 | 16:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Tagembed plugin <= 5.8 - Broken Access Control vulnerability

Missing Authorization vulnerability in Tagembed.This issue affects Tagembed: from n/a through 5.8.

Action-Not Available
Vendor-Tagembed
Product-Tagembed
CWE ID-CWE-862
Missing Authorization
CVE-2024-34815
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.37% / 28.89%
||
7 Day CHG~0.00%
Published-11 Jun, 2024 | 16:18
Updated-28 Apr, 2026 | 16:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Import and export users and customers plugin <= 1.26.5 - Broken Access Control vulnerability

Missing Authorization vulnerability in Javier Carazo Import and export users and customers import-users-from-csv-with-meta.This issue affects Import and export users and customers: from n/a through <= 1.26.5.

Action-Not Available
Vendor-Javier Carazowebtoffee
Product-Import and export users and customersimport_and_export_users_and_customers
CWE ID-CWE-862
Missing Authorization
CVE-2024-34826
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.3||MEDIUM
EPSS-0.33% / 24.53%
||
7 Day CHG~0.00%
Published-11 Jun, 2024 | 15:07
Updated-28 Apr, 2026 | 16:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress CF7 WOW Styler plugin <= 1.6.4 - Broken Access Control vulnerability

Missing Authorization vulnerability in Saleswonder Team: Tobias CF7 WOW Styler cf7-styler.This issue affects CF7 WOW Styler: from n/a through <= 1.6.4.

Action-Not Available
Vendor-Saleswonder Team: Tobias
Product-CF7 WOW Styler
CWE ID-CWE-862
Missing Authorization
CVE-2024-34824
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.25% / 15.81%
||
7 Day CHG~0.00%
Published-11 Jun, 2024 | 09:27
Updated-28 Apr, 2026 | 16:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress SportsPress – Sports Club & League Manager plugin <= 2.7.20 - Broken Access Control vulnerability

Missing Authorization vulnerability in ThemeBoy SportsPress – Sports Club & League Manager.This issue affects SportsPress – Sports Club & League Manager: from n/a through 2.7.20.

Action-Not Available
Vendor-themeboyThemeBoy
Product-sportspressSportsPress – Sports Club & League Manager
CWE ID-CWE-862
Missing Authorization
CVE-2024-33588
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.39% / 30.97%
||
7 Day CHG~0.00%
Published-29 Apr, 2024 | 12:39
Updated-28 Apr, 2026 | 16:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress basepress plugin <= 2.16.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in codeSavory Knowledge Base documentation & wiki plugin – BasePress.This issue affects Knowledge Base documentation & wiki plugin – BasePress: from n/a through 2.16.1.

Action-Not Available
Vendor-codeSavory
Product-Knowledge Base documentation & wiki plugin – BasePress
CWE ID-CWE-862
Missing Authorization
CVE-2023-50899
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.48% / 38.29%
||
7 Day CHG+0.01%
Published-09 Dec, 2024 | 11:29
Updated-28 Apr, 2026 | 16:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Product Catalog Enquiry for WooCommerce by MultiVendorX plugin <= 5.0.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in MultiVendorX Product Catalog Enquiry for WooCommerce by MultiVendorX allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Product Catalog Enquiry for WooCommerce by MultiVendorX: from n/a through 5.0.2.

Action-Not Available
Vendor-MultiVendorX
Product-Product Catalog Enquiry for WooCommerce by MultiVendorX
CWE ID-CWE-862
Missing Authorization
CVE-2024-3237
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-5.4||MEDIUM
EPSS-0.37% / 28.81%
||
7 Day CHG~0.00%
Published-04 May, 2024 | 03:31
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ConvertPlug <= 3.5.25 - Missing Authorization to Authenticated (Subscriber+) Limited Arbitrary Options Update

The ConvertPlug plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the cp_dismiss_notice() function in all versions up to, and including, 3.5.25. This makes it possible for authenticated attackers, with subscriber-level access and above, to update arbitrary option values to true.

Action-Not Available
Vendor-Brainstorm Force
Product-ConvertPlus
CWE ID-CWE-862
Missing Authorization
CVE-2024-32515
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.39% / 30.64%
||
7 Day CHG~0.00%
Published-17 Apr, 2024 | 07:41
Updated-28 Apr, 2026 | 16:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Mega Addons For Elementor plugin <= 1.8 - Broken Access Control vulnerability

Missing Authorization vulnerability in Qamar Sheeraz, Nasir Ahmad Mega Addons For Elementor.This issue affects Mega Addons For Elementor: from n/a through 1.8.

Action-Not Available
Vendor-Qamar Sheeraz, Nasir Ahmad
Product-Mega Addons For Elementor
CWE ID-CWE-862
Missing Authorization
CVE-2024-32144
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.34% / 25.67%
||
7 Day CHG~0.00%
Published-11 Jun, 2024 | 15:48
Updated-28 Apr, 2026 | 16:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Welcart e-Commerce plugin <= 2.9.14 - Broken Access Control vulnerability

Missing Authorization vulnerability in Welcart Inc. Welcart e-Commerce.This issue affects Welcart e-Commerce: from n/a through 2.9.14.

Action-Not Available
Vendor-welcartWelcart Inc.
Product-welcart_e-commerceWelcart e-Commerce
CWE ID-CWE-862
Missing Authorization
CVE-2024-30464
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-1.52% / 71.48%
||
7 Day CHG~0.00%
Published-09 Jun, 2024 | 10:41
Updated-28 Apr, 2026 | 16:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Social Icons Widget & Block by WPZOOM plugin <= 4.2.15 - Broken Access Control vulnerability

Missing Authorization vulnerability in WPZOOM Social Icons Widget & Block by WPZOOM.This issue affects Social Icons Widget & Block by WPZOOM: from n/a through 4.2.15.

Action-Not Available
Vendor-wpzoomWPZOOM
Product-social_icons_widgetSocial Icons Widget & Block by WPZOOM
CWE ID-CWE-862
Missing Authorization
CVE-2024-31281
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.3||MEDIUM
EPSS-0.34% / 26.21%
||
7 Day CHG~0.00%
Published-17 May, 2024 | 08:54
Updated-28 Apr, 2026 | 16:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Church Admin plugin <= 4.1.6 - Broken Access Control vulnerability

Missing Authorization vulnerability in andy_moyle Church Admin church-admin.This issue affects Church Admin: from n/a through <= 4.1.6.

Action-Not Available
Vendor-church_admin_projectandy_moyle
Product-church_adminChurch Admin
CWE ID-CWE-862
Missing Authorization
CVE-2024-31375
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.39% / 31.41%
||
7 Day CHG~0.00%
Published-08 Apr, 2024 | 08:59
Updated-28 Apr, 2026 | 16:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP2LEADS plugin <= 3.2.7 - Broken Access Control vulnerability

Missing Authorization vulnerability in Saleswonder Team: Tobias WP2LEADS wp2leads.This issue affects WP2LEADS: from n/a through <= 3.2.7.

Action-Not Available
Vendor-Saleswonder Team: Tobias
Product-WP2LEADS
CWE ID-CWE-862
Missing Authorization
CVE-2024-30466
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.35% / 27.12%
||
7 Day CHG~0.00%
Published-09 Jun, 2024 | 10:43
Updated-28 Apr, 2026 | 16:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WooCommerce Multilingual & Multicurrency plugin <= 5.3.4 - Broken Access Control vulnerability

Missing Authorization vulnerability in OnTheGoSystems WooCommerce Multilingual & Multicurrency.This issue affects WooCommerce Multilingual & Multicurrency: from n/a through 5.3.4.

Action-Not Available
Vendor-onthegosystemsOnTheGoSystems
Product-woocommerce_multilingual_\&_multicurrencyWooCommerce Multilingual & Multicurrency
CWE ID-CWE-862
Missing Authorization
CVE-2024-30528
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.28% / 19.74%
||
7 Day CHG~0.00%
Published-04 Jun, 2024 | 19:19
Updated-28 Apr, 2026 | 16:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Spiffy Calendar plugin <= 4.9.10 - Broken Access Control vulnerability

Missing Authorization vulnerability in Spiffy Plugins Spiffy Calendar.This issue affects Spiffy Calendar: from n/a through 4.9.10.

Action-Not Available
Vendor-spiffypluginsSpiffy Plugins
Product-spiffy_calendarSpiffy Calendar
CWE ID-CWE-862
Missing Authorization
CVE-2022-40702
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.38% / 29.86%
||
7 Day CHG~0.00%
Published-17 Jan, 2024 | 16:51
Updated-28 Apr, 2026 | 19:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Advanced Local Pickup for WooCommerce Plugin <= 1.5.2 is vulnerable to Broken Access Control

Missing Authorization vulnerability in Zorem Advanced Local Pickup for WooCommerce.This issue affects Advanced Local Pickup for WooCommerce: from n/a through 1.5.2.

Action-Not Available
Vendor-zoremZoremzorem
Product-advanced_local_pickup_for_woocommerceAdvanced Local Pickup for WooCommerceadvanced_local_pickup_for_woocommerce
CWE ID-CWE-862
Missing Authorization
CVE-2026-7051
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-5.4||MEDIUM
EPSS-0.41% / 32.77%
||
7 Day CHG~0.00%
Published-13 May, 2026 | 04:26
Updated-13 May, 2026 | 14:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Blog2Social: Social Media Auto Post & Scheduler <= 8.9.0 - Missing Authorization to Authenticated (Subscriber+) Delete Arbitrary B2S Post Records via 'postId' Parameter

The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 8.9.0. This is due to a missing ownership verification in the B2S_Post_Tools::deleteUserPublishPost() and B2S_Post_Tools::deleteUserSchedPost() functions, neither function includes a blog_user_id constraint in its database query, allowing authenticated attackers to soft-delete any user's B2S post records by supplying arbitrary sequential wp_b2s_posts.id values via the 'postId' parameter. This makes it possible for authenticated attackers to delete other users' published and scheduled social media post records, disrupting content publishing workflows.

Action-Not Available
Vendor-pr-gateway
Product-Blog2Social: Social Media Auto Post & Scheduler
CWE ID-CWE-862
Missing Authorization
CVE-2026-57327
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.3||MEDIUM
EPSS-0.25% / 16.11%
||
7 Day CHG~0.00%
Published-29 Jun, 2026 | 13:36
Updated-29 Jun, 2026 | 16:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress MainWP plugin <= 6.1.1 - Broken Access Control vulnerability

Subscriber Broken Access Control in MainWP <= 6.1.1 versions.

Action-Not Available
Vendor-mainwp
Product-MainWP
CWE ID-CWE-862
Missing Authorization
CVE-2022-40223
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.44% / 35.52%
||
7 Day CHG~0.00%
Published-08 Nov, 2022 | 18:20
Updated-28 Apr, 2026 | 16:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress SearchWP premium plugin <= 4.2.5 - Broken Authentication vulnerability

Nonce token leakage and missing authorization in SearchWP premium plugin <= 4.2.5 on WordPress leading to plugin settings change.

Action-Not Available
Vendor-SearchWP, LLC (SearchWP)
Product-searchwpSearchWP
CWE ID-CWE-862
Missing Authorization
CVE-2024-25922
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.36% / 28.47%
||
7 Day CHG~0.00%
Published-21 Mar, 2024 | 17:33
Updated-28 Apr, 2026 | 16:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Peach Payments Gateway plugin <= 3.1.9 - Broken Access Control vulnerability

Missing Authorization vulnerability in Peach Payments Peach Payments Gateway.This issue affects Peach Payments Gateway: from n/a through 3.1.9.

Action-Not Available
Vendor-Peach Payments
Product-Peach Payments Gateway
CWE ID-CWE-862
Missing Authorization
CVE-2024-2538
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-5.4||MEDIUM
EPSS-0.57% / 42.94%
||
7 Day CHG~0.00%
Published-20 Mar, 2024 | 05:32
Updated-08 Apr, 2026 | 18:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Permalink Manager <= 2.4.3.1 - Missing Authorization to Authenticated(Author+) Arbitrary Post Slug Modification

The Permalink Manager Lite plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ajax_save_permalink' function in all versions up to, and including, 2.4.3.1. This makes it possible for authenticated attackers, with author access and above, to modify the permalinks of arbitrary posts.

Action-Not Available
Vendor-permalink_manager_lite_projectmbispermalink_manager_lite_project
Product-permalink_manager_litePermalink Manager Litepermalink_manager_lite
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CWE ID-CWE-862
Missing Authorization
CVE-2026-57661
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.22% / 12.85%
||
7 Day CHG~0.00%
Published-26 Jun, 2026 | 14:53
Updated-26 Jun, 2026 | 21:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WPComplete plugin <= 2.9.5.5 - Broken Access Control vulnerability

Subscriber Broken Access Control in WPComplete <= 2.9.5.5 versions.

Action-Not Available
Vendor-Nexcess
Product-WPComplete
CWE ID-CWE-862
Missing Authorization
CVE-2022-40203
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.3||MEDIUM
EPSS-0.40% / 32.45%
||
7 Day CHG~0.00%
Published-17 Jan, 2024 | 16:08
Updated-28 Apr, 2026 | 19:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Advanced Dynamic Pricing for WooCommerce Plugin <= 4.1.5 is vulnerable to Broken Access Control

Missing Authorization vulnerability in AlgolPlus Advanced Dynamic Pricing for WooCommerce.This issue affects Advanced Dynamic Pricing for WooCommerce: from n/a through 4.1.5.

Action-Not Available
Vendor-AlgolPlus
Product-advanced_dynamic_pricing_for_woocommerceAdvanced Dynamic Pricing for WooCommerce
CWE ID-CWE-862
Missing Authorization
CVE-2024-24716
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.31% / 23.23%
||
7 Day CHG~0.00%
Published-09 Jun, 2024 | 10:21
Updated-28 Apr, 2026 | 16:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Awesome Support plugin <= 6.1.6 - Broken Access Control vulnerability

Missing Authorization vulnerability in Awesome Support Team Awesome Support.This issue affects Awesome Support: from n/a through 6.1.6.

Action-Not Available
Vendor-getawesomesupportAwesome Support Team
Product-awesome_supportAwesome Support
CWE ID-CWE-862
Missing Authorization
CVE-2026-57632
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.27% / 19.30%
||
7 Day CHG~0.00%
Published-26 Jun, 2026 | 14:53
Updated-26 Jun, 2026 | 18:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Email Marketing for WooCommerce by Omnisend plugin <= 1.19.0 - Broken Access Control vulnerability

Subscriber Broken Access Control in Email Marketing for WooCommerce by Omnisend <= 1.19.0 versions.

Action-Not Available
Vendor-Omnisend
Product-Email Marketing for WooCommerce by Omnisend
CWE ID-CWE-862
Missing Authorization
CVE-2026-56023
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.20% / 10.36%
||
7 Day CHG~0.00%
Published-25 Jun, 2026 | 13:12
Updated-25 Jun, 2026 | 16:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress UPI QR Code Payment Gateway for WooCommerce plugin <= 1.6.2 - Broken Access Control vulnerability

Customer Broken Access Control in UPI QR Code Payment Gateway for WooCommerce <= 1.6.2 versions.

Action-Not Available
Vendor-Knit Pay
Product-UPI QR Code Payment Gateway for WooCommerce
CWE ID-CWE-862
Missing Authorization
CVE-2026-5139
Matching Score-4
Assigner-Mattermost, Inc.
ShareView Details
Matching Score-4
Assigner-Mattermost, Inc.
CVSS Score-5.4||MEDIUM
EPSS-0.17% / 6.62%
||
7 Day CHG~0.00%
Published-22 Jun, 2026 | 13:34
Updated-23 Jun, 2026 | 20:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
GitLab Plugin Allows Non-Admin Users to Modify Default Instance Configuration

Mattermost versions 11.7.x <= 11.7.0, 11.6.x <= 11.6.2, 11.5.x <= 11.5.5, 10.11.x <= 10.11.17 fail to enforce administrator authorization on the {{setDefaultInstance}} call within the {{/gitlab connect}} command handler, which allows any authenticated user to overwrite the global default GitLab instance configuration via the {{/gitlab connect <instance-name>}} slash command.. Mattermost Advisory ID: MMSA-2026-00644

Action-Not Available
Vendor-Mattermost, Inc.
Product-mattermost_serverMattermost
CWE ID-CWE-862
Missing Authorization
CVE-2024-21748
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.30% / 21.34%
||
7 Day CHG~0.00%
Published-08 Jun, 2024 | 16:14
Updated-28 Apr, 2026 | 16:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Icegram Engage plugin <= 3.1.21 - Broken Access Control vulnerability

Missing Authorization vulnerability in Icegram.This issue affects Icegram: from n/a through 3.1.21.

Action-Not Available
Vendor-icegramIcegram
Product-icegram_expressIcegram
CWE ID-CWE-862
Missing Authorization
CVE-2024-21751
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.33% / 24.97%
||
7 Day CHG~0.00%
Published-10 Jun, 2024 | 08:05
Updated-28 Apr, 2026 | 16:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress RabbitLoader plugin <= 2.19.13 - Broken Access Control vulnerability

Missing Authorization vulnerability in RabbitLoader.This issue affects RabbitLoader: from n/a through 2.19.13.

Action-Not Available
Vendor-yoginetworkRabbitLoaderrabbitloader
Product-rabbitloaderRabbitLoaderrabbitloader
CWE ID-CWE-862
Missing Authorization
CVE-2024-20477
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-5.4||MEDIUM
EPSS-0.46% / 36.45%
||
7 Day CHG~0.00%
Published-02 Oct, 2024 | 16:55
Updated-08 Oct, 2024 | 16:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Nexus Dashboard Fabric Controller Unauthorized REST API Endpoint Vulnerability

A vulnerability in a specific REST API endpoint of Cisco NDFC could allow an authenticated, low-privileged, remote attacker to upload or delete files on an affected device. This vulnerability exists because of missing authorization controls on the affected REST API endpoint. An attacker could exploit this vulnerability by sending crafted API requests to the affected endpoint. A successful exploit could allow the attacker to upload files into a specific container or delete files from a specific folder within that container. This vulnerability only affects a specific REST API endpoint and does not affect the web-based management interface.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-nexus_dashboard_fabric_controllernexus_dashboardCisco Data Center Network Manager
CWE ID-CWE-862
Missing Authorization
CVE-2024-13541
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-4.3||MEDIUM
EPSS-0.30% / 22.08%
||
7 Day CHG~0.00%
Published-12 Feb, 2025 | 03:21
Updated-08 Apr, 2026 | 17:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
aDirectory – WordPress Directory Listing Plugin <= 2.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Deletion

The aDirectory – WordPress Directory Listing Plugin plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the adqs_delete_listing() function in all versions up to, and including, 2.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary posts.

Action-Not Available
Vendor-adirectoryadirectory
Product-adirectoryaDirectory – WP Business Directory Plugin and Classified Ads Listings Directory
CWE ID-CWE-862
Missing Authorization
CVE-2024-1502
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-5.4||MEDIUM
EPSS-0.43% / 34.42%
||
7 Day CHG~0.00%
Published-12 Mar, 2024 | 23:33
Updated-08 Apr, 2026 | 18:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tutor LMS – eLearning and online course solution <= 2.6.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Deletion

The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the tutor_delete_announcement() function in all versions up to, and including, 2.6.1. This makes it possible for authenticated attackers, with subscriber-level access and above, to delete arbitrary posts.

Action-Not Available
Vendor-Themeum
Product-tutor_lmsTutor LMS – eLearning and online course solution
CWE ID-CWE-862
Missing Authorization
CVE-2024-13361
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-6.3||MEDIUM
EPSS-0.31% / 22.66%
||
7 Day CHG~0.00%
Published-22 Jan, 2025 | 07:29
Updated-08 Apr, 2026 | 16:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
AI Power: Complete AI Pack <= 1.8.96 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Shortcode Execution

The AI Power: Complete AI Pack plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the wpaicg_save_image_media function in all versions up to, and including, 1.8.96. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload image files and embed shortcode attributes in the image_alt value that will execute when sending a POST request to the attachment page.

Action-Not Available
Vendor-aipowersenols
Product-aipowerAI Puffer – Your AI engine for WordPress (formerly AI Power)
CWE ID-CWE-862
Missing Authorization
CVE-2025-14455
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-5.4||MEDIUM
EPSS-0.25% / 16.35%
||
7 Day CHG~0.00%
Published-19 Dec, 2025 | 09:29
Updated-08 Apr, 2026 | 17:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Image Photo Gallery Final Tiles Grid <= 3.6.7 - Missing Authorization to Authenticated (Contributor+) Gallery Management

The Image Photo Gallery Final Tiles Grid plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.6.7. This is due to the plugin not properly verifying that a user is authorized to perform actions on gallery management functions. This makes it possible for authenticated attackers, with Contributor-level access and above, to delete, modify, or clone galleries created by any user, including administrators.

Action-Not Available
Vendor-wpchill
Product-Image Photo Gallery Final Tiles Grid
CWE ID-CWE-862
Missing Authorization
CVE-2023-38383
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.43% / 34.27%
||
7 Day CHG~0.00%
Published-13 Dec, 2024 | 14:23
Updated-28 Apr, 2026 | 16:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Language plugin <= 1.2.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in OnTheGoSystems Language allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Language: from n/a through 1.2.1.

Action-Not Available
Vendor-OnTheGoSystems
Product-Language
CWE ID-CWE-862
Missing Authorization
CVE-2026-42651
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.3||MEDIUM
EPSS-0.24% / 15.24%
||
7 Day CHG~0.00%
Published-15 Jun, 2026 | 20:18
Updated-16 Jun, 2026 | 01:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Classified Listing plugin <= 5.3.9 - Broken Access Control vulnerability

Subscriber Broken Access Control in Classified Listing <= 5.3.9 versions.

Action-Not Available
Vendor-Mamunur Rashid
Product-Classified Listing
CWE ID-CWE-862
Missing Authorization
CVE-2024-1125
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-5.4||MEDIUM
EPSS-0.32% / 24.32%
||
7 Day CHG~0.00%
Published-09 Mar, 2024 | 07:01
Updated-08 Apr, 2026 | 19:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
EventPrime – Events Calendar, Bookings and Tickets <= 3.4.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Deletion

The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the calendar_events_delete() function in all versions up to, and including, 3.4.3. This makes it possible for authenticated attackers, with subscriber-level access and above, to delete arbitrary posts.

Action-Not Available
Vendor-Metagauss Inc.
Product-eventprimeEventPrime – Events Calendar, Bookings and Tickets
CWE ID-CWE-862
Missing Authorization
CVE-2026-42776
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.3||MEDIUM
EPSS-0.20% / 10.24%
||
7 Day CHG~0.00%
Published-25 May, 2026 | 22:32
Updated-26 May, 2026 | 10:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Sunshine Photo Cart plugin <= 3.6.7 - Broken Access Control vulnerability

Missing Authorization vulnerability in WP Sunshine Sunshine Photo Cart allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Sunshine Photo Cart: from n/a through 3.6.7.

Action-Not Available
Vendor-WP Sunshine
Product-Sunshine Photo Cart
CWE ID-CWE-862
Missing Authorization
CVE-2026-4124
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-5.4||MEDIUM
EPSS-0.29% / 20.30%
||
7 Day CHG~0.00%
Published-09 Apr, 2026 | 02:25
Updated-24 Apr, 2026 | 18:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Ziggeo <= 3.1.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Modification via 'ziggeo_ajax' AJAX Action

The Ziggeo plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 3.1.1. The wp_ajax_ziggeo_ajax handler only verifies a nonce (check_ajax_referer) but performs no capability checks via current_user_can(). Furthermore, the nonce ('ziggeo_ajax_nonce') is exposed to all logged-in users on every page via the wp_head and admin_head hooks . This makes it possible for authenticated attackers, with Subscriber-level access and above, to invoke multiple administrative operations including: saving arbitrary translation strings (translations_panel_save_strings via update_option('ziggeo_translations')), creating/updating/deleting event templates (event_editor_save_template/update_template/remove_template via update_option('ziggeo_events')), modifying SDK application settings (sdk_applications operations), and managing notifications (notification_handler via update_option('ziggeo_notifications')).

Action-Not Available
Vendor-oliverfriedmann
Product-Ziggeo
CWE ID-CWE-862
Missing Authorization
CVE-2024-10078
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-6.3||MEDIUM
EPSS-0.40% / 31.97%
||
7 Day CHG~0.00%
Published-18 Oct, 2024 | 07:35
Updated-08 Apr, 2026 | 19:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WP Easy Post Types <= 1.4.4 - Authenticated (Subscriber+) Missing Authorization via Multiple Functions

The WP Easy Post Types plugin for WordPress is vulnerable to unauthorized access, modification, and loss of data due to a missing capability check on multiple functions in all versions up to, and including, 1.4.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to add, modify, or delete plugin options and posts.

Action-Not Available
Vendor-newsignaturechertzwp_easy_post_types_project
Product-wp_easy_post_typesWP Easy Post Typeswp_easy_post_types
CWE ID-CWE-862
Missing Authorization
CVE-2024-0828
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-5.4||MEDIUM
EPSS-0.36% / 28.24%
||
7 Day CHG~0.00%
Published-13 Mar, 2024 | 15:26
Updated-08 Apr, 2026 | 18:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Play.ht – Make Your Blog Posts Accessible With Text to Speech Audio <= 3.6.4 - Missing Authorization

The Play.ht – Make Your Blog Posts Accessible With Text to Speech Audio plugin for WordPress is vulnerable to unauthorized access of functionality due to a missing capability check on several functions in all versions up to, and including, 3.6.4. This makes it possible for authenticated attackers, with subscriber access or higher, to delete, retrieve, or modify post metadata, retrieve posts contents of protected posts, modify conversion data and delete article audio.

Action-Not Available
Vendor-hammadhhammadh
Product-play.htPlay.ht – Make Your Blog Posts Accessible With Text to Speech Audio
CWE ID-CWE-862
Missing Authorization
CVE-2026-40133
Matching Score-4
Assigner-SAP SE
ShareView Details
Matching Score-4
Assigner-SAP SE
CVSS Score-6.3||MEDIUM
EPSS-0.22% / 11.95%
||
7 Day CHG~0.00%
Published-12 May, 2026 | 02:21
Updated-12 May, 2026 | 14:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Missing Authorization check in SAP S/4HANA Condition Maintenance

Due to missing authorization check in SAP S/4HANA Condition Maintenance, an authenticated attacker could gain unauthorized access to view and modify condition table records, resulting in low impact on the confidentiality and integrity of the data. Additionally, this vulnerability may prevent the legitimate user from accessing the records, causing low impact on application availability.

Action-Not Available
Vendor-SAP SE
Product-SAP S/4HANA Condition Maintenance
CWE ID-CWE-862
Missing Authorization
CVE-2026-40740
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.18% / 7.45%
||
7 Day CHG~0.00%
Published-15 Apr, 2026 | 10:21
Updated-29 Apr, 2026 | 09:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Tutor LMS plugin <= 3.9.7 - Broken Access Control vulnerability

Missing Authorization vulnerability in Themeum Tutor LMS tutor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tutor LMS: from n/a through <= 3.9.7.

Action-Not Available
Vendor-Themeum
Product-Tutor LMS
CWE ID-CWE-862
Missing Authorization
CVE-2024-10003
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-6.3||MEDIUM
EPSS-0.42% / 33.65%
||
7 Day CHG~0.00%
Published-22 Oct, 2024 | 04:31
Updated-08 Apr, 2026 | 17:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Rover IDX <= 3.0.0.2903 - Authenticated (Subscriber+) Missing Authorization via Multiple Functions

The Rover IDX plugin for WordPress is vulnerable to unauthorized access, modification, and loss of data due to a missing capability check on multiple functions in all versions up to, and including, 3.0.0.2903. This makes it possible for authenticated attackers, with subscriber-level access and above, to add, modify, or delete plugin options.

Action-Not Available
Vendor-roveridxstevemullen
Product-rover_idxRover IDX
CWE ID-CWE-862
Missing Authorization
CVE-2026-3829
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-5.4||MEDIUM
EPSS-0.20% / 10.19%
||
7 Day CHG~0.00%
Published-14 May, 2026 | 05:30
Updated-14 May, 2026 | 14:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WP Encryption - One Click SSL & Force HTTPS <= 7.8.5.10 - Missing Authorization to Authenticated (Subscriber+) SSL Setup Tampering

The WP Encryption – One Click Free SSL Certificate & SSL / HTTPS Redirect, Security & SSL Scan plugin for WordPress is vulnerable to unauthorized modification of data due to missing capability checks on the 'wple_basic_get_requests' function in all versions up to, and including, 7.8.5.10. This makes it possible for authenticated attackers, with subscriber level access and above, to reset the SSL setup state, force SSL to appear complete, and modify plan selection options.

Action-Not Available
Vendor-gowebsmarty
Product-WP Encryption – One Click Free SSL Certificate & SSL / HTTPS Redirect, Security & SSL Scan
CWE ID-CWE-862
Missing Authorization
CVE-2026-39651
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.18% / 8.15%
||
7 Day CHG~0.00%
Published-08 Apr, 2026 | 08:30
Updated-29 Apr, 2026 | 10:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Total Poll Lite plugin <= 4.12.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in TotalSuite Total Poll Lite totalpoll-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Total Poll Lite: from n/a through <= 4.12.0.

Action-Not Available
Vendor-TotalSuite
Product-Total Poll Lite
CWE ID-CWE-862
Missing Authorization
CVE-2026-39614
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.17% / 6.01%
||
7 Day CHG~0.00%
Published-08 Apr, 2026 | 08:30
Updated-29 Apr, 2026 | 10:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress JW Player for WordPress plugin <= 2.3.6 - Broken Access Control vulnerability

Missing Authorization vulnerability in ilGhera JW Player for WordPress jw-player-7-for-wp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JW Player for WordPress: from n/a through <= 2.3.6.

Action-Not Available
Vendor-ilGhera
Product-JW Player for WordPress
CWE ID-CWE-862
Missing Authorization
CVE-2026-3977
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.28% / 19.36%
||
7 Day CHG~0.00%
Published-12 Mar, 2026 | 03:02
Updated-22 Apr, 2026 | 21:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
projectsend AJAX Endpoints authorization

A security vulnerability has been detected in projectsend up to r1945. The affected element is an unknown function of the component AJAX Endpoints. The manipulation leads to missing authorization. The attack can be initiated remotely. The identifier of the patch is 35dfd6f08f7d517709c77ee73e57367141107e6b. To fix this issue, it is recommended to deploy a patch.

Action-Not Available
Vendor-n/a
Product-projectsend
CWE ID-CWE-862
Missing Authorization
CWE ID-CWE-863
Incorrect Authorization
CVE-2026-39504
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.17% / 6.01%
||
7 Day CHG~0.00%
Published-08 Apr, 2026 | 08:30
Updated-29 Apr, 2026 | 10:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress InstaWP Connect plugin <= 0.1.2.5 - Broken Access Control vulnerability

Missing Authorization vulnerability in InstaWP InstaWP Connect instawp-connect allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects InstaWP Connect: from n/a through <= 0.1.2.5.

Action-Not Available
Vendor-InstaWP
Product-InstaWP Connect
CWE ID-CWE-862
Missing Authorization
CVE-2024-1677
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-6.3||MEDIUM
EPSS-0.51% / 39.99%
||
7 Day CHG~0.00%
Published-02 May, 2024 | 16:52
Updated-08 Apr, 2026 | 18:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Print Labels with Barcodes. Create price tags, product labels, order labels for WooCommerce <= 3.4.6 - Improper Authorization

The Print Labels with Barcodes. Create price tags, product labels, order labels for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data, modification of data, and loss of data due to an improper capability check on 42 separate AJAX functions in all versions up to, and including, 3.4.6. This makes it possible for authenticated attackers, with subscriber access and above, to fully control the plugin which includes the ability to modify plugin settings and profiles, and create, edit, retrieve, and delete templates and barcodes.

Action-Not Available
Vendor-ukrsolutionukrsolution
Product-print_labels_with_barcodesPrint Labels with Barcodes. Create price tags, product labels, order labels for WooCommerce
CWE ID-CWE-862
Missing Authorization
CWE ID-CWE-863
Incorrect Authorization
  • Previous
  • 1
  • 2
  • 3
  • 4
  • ...
  • 10
  • 11
  • Next
Details not found