Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2024-5860

Summary
Assigner-Wordfence
Assigner Org ID-b15e7b5b-3da4-40ae-a43c-f7aa60e62599
Published At-18 Jun, 2024 | 03:13
Updated At-08 Apr, 2026 | 17:26
Rejected At-
Credits

Tickera <= 3.5.2.8 - Missing Authorization to Authenticated (Susbcriber+) Ticket Deletion

The Tickera – WordPress Event Ticketing plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the tc_dl_delete_tickets AJAX action in all versions up to, and including, 3.5.2.8. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete all tickets associated with events.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:Wordfence
Assigner Org ID:b15e7b5b-3da4-40ae-a43c-f7aa60e62599
Published At:18 Jun, 2024 | 03:13
Updated At:08 Apr, 2026 | 17:26
Rejected At:
▼CVE Numbering Authority (CNA)
Tickera <= 3.5.2.8 - Missing Authorization to Authenticated (Susbcriber+) Ticket Deletion

The Tickera – WordPress Event Ticketing plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the tc_dl_delete_tickets AJAX action in all versions up to, and including, 3.5.2.8. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete all tickets associated with events.

Affected Products
Vendor
tickera
Product
Tickera – Sell Tickets & Manage Events
Default Status
unaffected
Versions
Affected
  • From 0 through 3.5.2.8 (semver)
Problem Types
TypeCWE IDDescription
CWECWE-862CWE-862 Missing Authorization
Type: CWE
CWE ID: CWE-862
Description: CWE-862 Missing Authorization
Metrics
VersionBase scoreBase severityVector
3.14.3MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Version: 3.1
Base score: 4.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
finder
Lucio Sá
Timeline
EventDate
Disclosed2024-06-17 00:00:00
Event: Disclosed
Date: 2024-06-17 00:00:00
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.wordfence.com/threat-intel/vulnerabilities/id/d86aa41c-24df-49ec-b273-7bb57addddde?source=cve
N/A
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3103413%40tickera-event-ticketing-system&new=3103413%40tickera-event-ticketing-system&sfp_email=&sfph_mail=
N/A
Hyperlink: https://www.wordfence.com/threat-intel/vulnerabilities/id/d86aa41c-24df-49ec-b273-7bb57addddde?source=cve
Resource: N/A
Hyperlink: https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3103413%40tickera-event-ticketing-system&new=3103413%40tickera-event-ticketing-system&sfp_email=&sfph_mail=
Resource: N/A
▼Authorized Data Publishers (ADP)
1. CISA ADP Vulnrichment
Affected Products
Vendor
tickera
Product
tickera
CPEs
  • cpe:2.3:a:tickera:tickera:-:*:*:*:*:wordpress:*:*
Default Status
unknown
Versions
Affected
  • From 0 through 3.5.2.8 (custom)
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
2. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.wordfence.com/threat-intel/vulnerabilities/id/d86aa41c-24df-49ec-b273-7bb57addddde?source=cve
x_transferred
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3103413%40tickera-event-ticketing-system&new=3103413%40tickera-event-ticketing-system&sfp_email=&sfph_mail=
x_transferred
Hyperlink: https://www.wordfence.com/threat-intel/vulnerabilities/id/d86aa41c-24df-49ec-b273-7bb57addddde?source=cve
Resource:
x_transferred
Hyperlink: https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3103413%40tickera-event-ticketing-system&new=3103413%40tickera-event-ticketing-system&sfp_email=&sfph_mail=
Resource:
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security@wordfence.com
Published At:18 Jun, 2024 | 04:15
Updated At:08 Apr, 2026 | 19:22

The Tickera – WordPress Event Ticketing plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the tc_dl_delete_tickets AJAX action in all versions up to, and including, 3.5.2.8. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete all tickets associated with events.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.14.3MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Type: Secondary
Version: 3.1
Base score: 4.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
CPE Matches
tickera
tickera
>>tickera>>Versions before 3.5.2.9(exclusive)
cpe:2.3:a:tickera:tickera:*:*:*:*:*:wordpress:*:*
Weaknesses
CWE IDTypeSource
CWE-862Primarysecurity@wordfence.com
CWE-863Secondarynvd@nist.gov
CWE ID: CWE-862
Type: Primary
Source: security@wordfence.com
CWE ID: CWE-863
Type: Secondary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3103413%40tickera-event-ticketing-system&new=3103413%40tickera-event-ticketing-system&sfp_email=&sfph_mail=security@wordfence.com
Product
https://www.wordfence.com/threat-intel/vulnerabilities/id/d86aa41c-24df-49ec-b273-7bb57addddde?source=cvesecurity@wordfence.com
Third Party Advisory
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3103413%40tickera-event-ticketing-system&new=3103413%40tickera-event-ticketing-system&sfp_email=&sfph_mail=af854a3a-2127-422b-91ae-364da2661108
Product
https://www.wordfence.com/threat-intel/vulnerabilities/id/d86aa41c-24df-49ec-b273-7bb57addddde?source=cveaf854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Hyperlink: https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3103413%40tickera-event-ticketing-system&new=3103413%40tickera-event-ticketing-system&sfp_email=&sfph_mail=
Source: security@wordfence.com
Resource:
Product
Hyperlink: https://www.wordfence.com/threat-intel/vulnerabilities/id/d86aa41c-24df-49ec-b273-7bb57addddde?source=cve
Source: security@wordfence.com
Resource:
Third Party Advisory
Hyperlink: https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3103413%40tickera-event-ticketing-system&new=3103413%40tickera-event-ticketing-system&sfp_email=&sfph_mail=
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Product
Hyperlink: https://www.wordfence.com/threat-intel/vulnerabilities/id/d86aa41c-24df-49ec-b273-7bb57addddde?source=cve
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

1416Records found
CVE-2025-12356
Matching Score-10
Assigner-Wordfence
ShareView Details
Matching Score-10
Assigner-Wordfence
CVSS Score-4.3||MEDIUM
EPSS-0.01% / 1.87%
||
7 Day CHG~0.00%
Published-18 Feb, 2026 | 05:29
Updated-08 Apr, 2026 | 17:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tickera – WordPress Event Ticketing <= 3.5.6.4 - Missing Authorization to Authenticated (Subscriber+) Event/Post Status Update

The Tickera – Sell Tickets & Manage Events plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wp_ajax_change_ticket_status' AJAX endpoint in all versions up to, and including, 3.5.6.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update post/event statuses.

Action-Not Available
Vendor-tickera
Product-Tickera – Sell Tickets & Manage Events
CWE ID-CWE-862
Missing Authorization
CVE-2022-4974
Matching Score-6
Assigner-Wordfence
ShareView Details
Matching Score-6
Assigner-Wordfence
CVSS Score-6.3||MEDIUM
EPSS-0.21% / 42.57%
||
7 Day CHG~0.00%
Published-16 Oct, 2024 | 06:43
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Freemius SDK <= 2.4.2 - Missing Authorization Checks

The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.

Action-Not Available
Vendor-kaizencoderspatrickposnerdipcodetoddhalfpennyrisethemegetsparrowbycrikwpmooseivan_paulinwgaugevincoitldninjas/elementinvadermatthias-reuterninjalibscliffpaulickvinod-dalviedgegalleryplugincodeiesvernalmohsinofflinejetixwptranzlykartikparmar/koen12344pluginswarepippozanardowpsoulpasyukjaydeep-nimavatnpluginspagupdamian-gorapopeatingco2okjcodexmikebelsivanchernyakovactuaryzaskgfiremmeowcrewinvisnetdanielisermarviorochatickeraavidthemes/essekiahumblethemesjanwylshelob9munirkamalsyntacticsdotsbavokoservicessmartwpresssamdaniclosetechnologyblockmeisterwebheadllcthinleekdovypdotrextobias_conradinfosatechahmed17tobias_conrad/sorsawostylingwebbenprinceahmedlitonice13cloudlivingversacompbrandonfirexyulexswitcorpwpcohortdjenhwpdevpowersintoxstudiousmanaliqureshiethereumicoiolkoudaljkohlbachirkanusetkadiviframeworklistplusattestfrostbourncodexonicssalttechnogaloovermattpramschuferrichard-bzerozendesignwptravelenginecyberhobothemeseitprintyedisonaveblocksparesebetsamuelsilvaptunitecmsxplodedthemesmajickwpconedevmaurolopes/tripettointeractivegeomapswhiteshadowmilukove/dvizheniasnazzythemeswpdivewalkerwpwpt00lsgiladtakoniinfornwebmvvapps/wpjolialex-yesaadiqbalpaulio21patrickgarmanoceasmulticollabsslatlasmbrown24buttonizermcurlysonalsinha21tauhidprogkher/wpdeversurbmadangub86maltathemesmaxsdesignanfrageformularggeddescrollsequencegowebsmartyblackandwhitedigitalmarcqueraltwpscriptsdanielealessandrajavmahupfivfsruslanmeepluginsandyabelowsslzenejslondon/5starpluginsanasbinmukimoceanwpthemestynasirahmedwupow3scloudpenguininitiativesgallerycreatorcloudspongewpgeniuzrenaudbodkylegilmanjburleigh1modulemasterswphrmanagerbestpluginswordpressmaartenbelmanshiddenpearlsvanyukovproteusthemes9brada6sovstackcleverpluginstheafricanbosstherealwebdisruptthemeythemesmasterblocksrankbearxjohnykmihail-barinovwpengineiksstudiokartechifyskymindsjohnc1979khothemespremmercemhmrajibwordpluslostboy7clickervoltcoderpresswordpresscheftheafricanboss/halmatfullworkswpeka-clubbandidomte90wpcohort/wpvibesjurskikkikuchi1220nicheaddonsboriscolombier/prelcalleythemescadudecastroalvesankitmaruspartacannastaadeothemesdarellmilukovefoopluginsrafacarvalhidowpkubestarfishwpcromer12wpeventpartners/codesavorymumarym1985josevegaelliotvsshabtinitin247ggwiczpassionatebrainscebbiwebba-agencysakurapixelseancarricoseezeebouncingsproutbenmoreassyntakdevswpbitszeethemerebelcodejwebsolthijzieflexithemesmantrabrainchillichalliproperfractionsangaranwiserstepsdreamfoxsmgteamtakanakuielbisnerodashlabsltdcommercepunditpootlepressbilaltaswpdeliciousanssilaitilacmbibby/alexmossdrosendouriahs-victorslidedecksj_oskshaikatfastaf/oloyede-jamiumajick/stevejburgemuhammad-rehmanpeterschulznlekanatheedeeshawoninfowpmunichinterfacelabpootlepress/dgwyerultimateblocksmikewire_rocksolidplugins360moomooagencymohammedrezqshamim51maciejbak85dudodam6plequalizedigitalclosemarketing/svovafjwindalphabposervicewoodyhaydaybadhonrockslimbcodetribalnerdpluginandplayibenicwp-makingkrspcypressnorthtonyzeolijamesparkninjawoopopsjanthielemanndavidandersonggriessermnelson4pagebuildersandwichdaniyalahmedkvohotv/royalnavneetgloriousthemessjavedwebmuehleprasadkirpekarmilmorthemekraftkitthemeshqthemethemelocationpmbaldha/creativethemeshqgreenjaymediawpchillultradevskairasebet/dejanmarkovicglowlogixdivisumomatstarsaharonyankaggdesignrafalosinskichetmaclinekallivemeshfoxmoonweconnectcodelynn999olezhyk5powerfulwpbeeneebaguilerasoftinputwpwptblukeseagermdedevmberdingblockypagestevehentywpmagicspmbaldhah3technologiestropicalistasindyakinsergeikartikparmarbrightvesseldevprotectyouruploadsstaxwpfrenifyboltonstudioswpsaadkenanfallonatakanozivacybfintalwplegalpagesalekvthecodechimemojofywpstreamweaselsdaigo75danish-alimelapressimtiazrayhanronena100bpluginsBdThemesRoyal Elementor AddonsThe Events Calendar (StellarWP)WPWeb EliteThemeisle
Product-annasta Filters for WooCommerceBattle Suit for DiviBetter Robots.txt – AI-Ready Crawl Control & Bot GovernanceStyler Mate for Contact Form 7eaSYNC Booking – Hotels, Restaurants & Car RentalsWidget Detector for ElementorTickera – Sell Tickets & Manage EventsBlock Slider – Responsive Image Slider, Video Slider & Post SliderGloriousThemes Starter SitesGateway for PayLate on WooCommerceUltimate Post Kit Addons for ElementorDivi Content RestrictorLivemesh Addons for Beaver BuilderWidgets on Pages and PostsEvent Tickets and RegistrationWP Page TemplatesAutoSave NetAWCA – The Great Analytics Insights for Your eStoreWebinarIgnition – Live, Automated & Evergreen Webinars for WooCommerceInsert or Embed Articulate Content into WordPressForm Vibes – Database Manager for FormsQuick Contact FormLocal Delivery Drivers for WooCommerceAddon Elements for Elementor (formerly Elementor Addon Elements)Media Cloud for Bunny CDN, Amazon S3, Cloudflare R2, Google Cloud Storage, DigitalOcean and moreMenu Item SchedulerExpire tagsAdd Pinterest conversion tags for Pinterest Ads + Site verificationGA4WP – Analytics Dashboard for the WebsiteHM Multiple RolesWP Search FilterPlace Order Without Payment for WooCommerceBookPress – For Book AuthorsMusic Player for Elementor – Audio Player & Podcast PlayerPost Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC)Bulk Attachment DownloadWordPress Dev Powers – ACF Color Coded Field Types PluginPost Carousel DiviWP Google Street View (with 360° virtual tour) & Google maps + Local SEOAutomatic Internal Links for SEO by PagupEasy Post Views CountAdvanced Page Visit Counter – Most Wanted Analytics Plugin for WordPressWordPress Gallery Plugin – Edge Photo GalleryBulk WooCommerce Category CreatorBooking Addon for WooCommerceEasy PrayerUkrposhtaPremmerce Variation Swatches for WooCommerceThe Events CalendarTK Google Fonts GDPR CompliantGuest posting / Frontend Posting / Front Editor – WP Front User SubmitDuplicate Variations for WoocommerceCF7 Constant Contact Fields MappingGeo MashupReplyable – Subscribe to Comments and Reply by EmailWP Photo EffectsMenu Image, Icons made easyAwesome SSLFiboSearch – Ajax Search for WooCommerceProduct Image Watermark for WooBetter SharingPremmerceRT Easy Builder – Advanced addons for ElementorAll-in-One Video GalleryTinyMCE AnnotateKVoucherWP fail2ban – Advanced SecurityDa ReactionsPayment Gateway for PayFabricNotification Bar, Announcement and Cookie Notice WordPress Plugin – FooBarNotifSMS – SMS Notifications OTP & 2FA for WordPress & WooCommerceWP Easy Pay – Payment and Donation form Builder for SquareConversion de moneda WoocommerceCustomers Table for WooCommerce: View, Search, Bulk EditorSchema Plugin For Divi, Gutenberg & ShortcodesMaster Accordion ( Former WP Awesome FAQ Plugin )Masonry Gallery & Posts For Divi (WP Tools)Blocksy CompanionRoyal Addons for Elementor – Addons and Templates Kit for ElementorBlockSpare — News, Magazine and Blog Addons for (Gutenberg) Block EditorWP Get PersonalPost Slider and Post Carousel with Post Vertical Scrolling Widget – A Responsive Post SliderGet Better Reviews for WooCommerceInbound BrewSimple Feature Requests Free – User Feedback BoardAnfrageformular – Multi Step Drag & Drop Formular Builder – LeadgenerierungEqualize Digital Accessibility Checker – WCAG, ADA, EAA and Section 508 complianceWordPress Coupon Plugin for Bloggers and Marketers – WP OffersEasy Code SnippetsDeMomentSomTres AddressDeMomentSomTres Media Tools AutoMarket ExporterWP GratifyHQTheme ExtraSlideDeck: Responsive WordPress Slider PluginMulti Page Auto Advance for Gravity FormsWP BugBotDeals of the Day WooCommercebbResolutionsSmart Variations Images & Swatches for WooCommercePremmerce Wishlist for WooCommerceRevolution for ElementorEasy Social Feed – Social Photos Gallery and Post Feed for WordPressPayment Gateway Per Product for WooCommerceWP Notification BellHelpie FAQ — Accordion, Docs & Knowledge BaseFrontend group restriction for LearnDashWidgets for WooCommerce Products on ElementorNugget by Ingot: Easy, automated and native A/B testing for everyoneGreenshift – animation and page builder blocksSTEWoo – Super Transactional Emails for WooCommerceThe best plugin for restrict content, support all Custom Post Types and Elementor – Password ProtectedFlat Rate Shipping Method for WooCommerceSimple Sitemap – Create a Responsive HTML SitemapClickerVolt – Affiliate Links & Click Tracking for Performance MarketersWooCommerce Next Order CouponNEXUSCAPTCHA 4WP – Antispam CAPTCHA solution for WordPressWP Relevant AdsIks Menu – WordPress Category Accordion Menu & FAQsWP Data Access – App Builder for Tables, Forms, Charts, Maps & DashboardsMarijuana Age VerifyWooCommerce upcoming ProductsEvents Calendar RegistrationChoice Payment Gateway for WooCommerceFilr – Secure document libraryWOW Styler for CF7 – Visual Styler for Contact Form 7 FormsPage Builder Sandwich – Front End WordPress Page Builder PluginBetter Addons for ElementorCuisine PalaceSVG Flags – Beautiful Scalable Flags For All Countries!VidSEO – Video transcript embedding for WordPress & LLMRating-Widget: Star Review SystemCryptocurrency Product for WooCommerceNew User ApproveUnakitGo Fetch Jobs (for WP Job Manager)Pixel Manager for WooCommerce – Conversion Tracking, Google Ads, GA4, TikTok, Dynamic RemarketingAutomizy Gravity FormsRaCar Clear Cart for WooCommerceWP-HR Manager: The Human Resources Plugin for WordPressReally Simple Featured Video – Featured Video Support for Posts, Pages & WooCommerce ProductsWordPress Auto SEO Plugin – Upfiv SEO WizardCookie Banner for GDPR / CCPA – WPLP Cookie ConsentFunnelmentalsShipping Gateway Per Product for WooCommerceDeMomentSomTres Grid ArchiveLicense Manager for WooCommerceVit Website ReviewsLawPress – Law Firm Website ManagementSpeculorAquarella LiteJoli Table Of ContentsWP Travel Engine – Tour Booking Plugin – Tour Operator SoftwareReset Course Progress For LearnDashResponsive Social Slider WidgetNitek Carousel Slider Cool TransitionsNumber ChatStreamWeasels Twitch IntegrationTreePress – Easy Family Trees & Ancestor ProfilesEvents Addon for ElementorContact List – Online Staff Directory & Address BookProtect Uploads with Login – Protect Your UploadsFrontend Admin by DynamiAppsWholesale for WooCommerceFull Page Blog DesignerAgy – Age verification for WooCommerceEthereumICOFuse Social Floating SidebarMOBILOOK — Mobile View & Mobile‑Friendly TestServer InfoCategorify – WordPress Media Library Category & File ManagerWUPO Group Attributes for WooCommerceLMS Plugin – eLearning, Online Courses by AttestMixed Media Gallery BlocksWordPress Slider Block GutensliderBlog Sidebar WidgetOcean ExtraNicheTable – Responsive Comparison Table BlockGlossaryConeBlog – Elementor Blog WidgetsXT Floating Cart for WooCommerceAEH Speed Optimization: Browser Cache, Optimized Minify, Lazy Loading & Image OptimizationUnder ConstructionElationAll in One Invite CodesLittleBot InvoicesUltra Elementor AddonsCustom Registration and Custom Login Forms with New RecaptchaMedia Library File DownloadSecure IP LoginsDomain Mapping System | Create Microsites with Multiple Alias Domains (multisite optional)Team Members – A WordPress Team Plugin with Gallery, Grid, Carousel, Slider, Table, List, and MoreClean Social IconsCoupon Affiliates – Affiliate Plugin for WooCommerceCountry Based Payments for WooCommerceFooter Plugin for DiviImage Carousel For DiviAge Verification Screen for WooCommerceDelivery for WooCommercePrice Bands for WooCommercePootle Pagebuilder – WordPress Page builderSEO Audit – WP Site AuditorSocial Gallery LiteContact Form 7 – Capsule CRM – IntegrationEverseCustom Login Page CustomizerRun time Image resizingBookit — Booking & Appointment CalendarFive-Star Ratings ShortcodeWordPress Everse Starter Sites – Elementor TemplatesSurveyFunnel – Survey Plugin for WordPressGutenberg Blocks – ACF Blocks SuiteWP Disable SitemapPro Broken Links MaintainerCustom WooCommerce Checkout Fields EditorAdd Tiktok Pixel for Tiktok ads (+Woocommerce)Security SafeFeedpress Generator – External RSS Frontend CustomizerModern Designs for Gravity FormsACF for WooCommerce ProductFile Manager for Google Drive – Integrate Google DriveAirpressDynamic Pricing and Discount Rules for WooCommerceBetter Messages – Integration for WC Vendors MarketplaceLightbox & Modal Popup WordPress Plugin – FooBoxDancePress (TRWA)SKT Templates – 100% Free Templates for Elementor & GutenbergAdvanced Classifieds & Directory ProListPlus – Unlimited Listing DirectoryUltimate Widgets LightPanorama – 360 Virtual Tour, Panoramic image viewer and MoreUltimeterQyrr – simply and modern QR-Code creationChange Price Title for WooCommerceCheckout with Cash App on EDDSV Tracking ManagerPodcast Box – Best Podcasting Plugin for WordPressElements for LifterLMSPassster – Password Protect Pages and ContentVillarAds.txt & App-ads.txt Manager for WordPressEasy Smooth Scroll Links – Smooth Scrolling AnchorLocalSEOMapWordPress form builder plugin for contact forms, surveys and quizzes – TripettoBlock, Suspend, Report for BuddyPressAdd Twitter Pixel for Twitter adsPremmerce Multi-currency for WoocommerceXT Quick View for WooCommercePrimary Addon for ElementorClimateClick: Climate Action for allFocus on Reviews for WooCommerceFeatured Images in RSS for Mailchimp & MoreSEO BoosterPremmerce Product Filter for WooCommerceBook BuyBack PricesWPGSI: Spreadsheet IntegrationSSL Atlas – Free SSL Certificate & HTTPS Redirect for WordPressWP Group PromoterFast WordPressPost Snippets – Custom WordPress Code Snippets CustomizerImage Alt Text Manager – Bulk & Dynamic Alt Tags For image SEO Optimization + AIActivity Log For MainWPHasiumBlocked in China | Check if your site is available in the Chinese mainlandElastaFeatured Products First for WooCommerce – A Extension of WooCommerce (WooCommerce Addon Plugin)Display Eventbrite EventsWP Affiliate DisclosureRestaurant & Cafe Addon for ElementorTeam Collaboration & Content Workflow Plugin for WordPress Editorial Teams – MulticollabWordPress Animation Plugin – Animated EverythingWP Encryption – One Click Free SSL Certificate & SSL / HTTPS Redirect, Security & SSL ScanContact Form 7 Multi-Step FormsWoocommerce Customer Reviews with Artificial Intelligence analyzis, with IBM Watson Tone AnalyzerPower Ups for ElementorWP Lead StreamVideopackWordPress Translation plugin for Post, Pages & WooCommerce products. Tranzly IO AI DeepL automatic WordPress Translator.Auto SEO META keywords (META tags keywords) optimization + WooCommerceBulk Edit Coupons for WooCommerce – WP Sheet EditorWooCommerce PayPlugRW Divi Unite GalleryWP Tools Divi Product CarouselQuick Affiliate StorePremmerce Permalink Manager for WooCommercePremmerce WooCommerce Customers ManagerWP Sessions Time Monitoring Full AutomaticWP Dev Powers – Display Screen Dimensions to Admin PluginAbeta Link PunchOutScrollsequence – Cinematic Scroll Image Animation PluginPremmerce Redirect ManagerYT Player – Embed and Customize Video PlayersPremmerce Wholesale Pricing for WooCommerceDelete Duplicate Postskk Star Ratings – Rate Post & Collect User FeedbacksDelete Posts automaticallyDrip Feed Content Extended for LearndashMaster Blocks – Gutenberg Site BuilderStation Pro – Advanced Audio Streaming & Player for WordPressWordPress SEO ChecklistOverlay Image Divi ModuleAnt Admin Notices for TeamAmelaSuper Video player – Fully Customizable Video Player with PlaylistWP Conference ScheduleEasy Math Captcha for CF7OpenseaXT Ajax Add To Cart for WooCommerceTiered Pricing Table for WooCommerceBulk Auto Image Alt Text (Alt tag, Alt attribute) optimizer (image SEO)Code ManagerWidget for Contact form 7StoreCustomizer – A plugin to Customize all WooCommerce PagesPopOverXYZ – Show Light Weight Beautiful Tool Tips On Any TextProduct Author for WooCommerceMaster Addons For Elementor – Widgets, Extensions, Theme Builder, Popup Builder & Template KitsPurusCaxton – Create Pro page layouts in GutenbergSalon Booking System – Free VersionWP School CalendarQuick Event ManagerWP Meta and Date RemoverTopNewsWp – Display Tikcer News, RSS Feed Widget and Many MoreWordPress Google TranslateAFI – The Easiest Integration PluginVO Store Locator – WP Store Locator PluginWS BootstrapPast Events ExtensionEasy Appointment Booking & Scheduling System – Webba Booking CalendarMultisite Robots.txt ManagerWPOptin – AI-Powered Top Bars, PopUps & Lead GenerationBlog Designer Pack – Blog, Post Grid, Post Slider, Post Carousel, Category Post, NewsShare This ImageRedirection for Contact Form 7Education Addon for ElementorShubanChat Button- Leads and Order over ChatAutomatic YouTube GalleryGenealogical Tree – Family Tree & Ancestry for WordPressWP Frontend ProfileGet feedback from visitors – WP Feedback Suite PluginInternal Link Juicer: SEO Auto Linker for WordPresswGauge – Free VersionViralikeSocialMark – Easy Watermark/Logo on Social Media Post Link Share PreviewImpexium Single Sign OnURL Shortify – Simple and Easy URL ShortenerTablesome Table – Contact Form DB – WPForms, CF7, Gravity, Forminator, FluentBlockMeister – Block Pattern BuilderFAQ Manager For Divi, Gutenberg Block & ShortcodeHooked Editable ContentPowerFolio – Portfolio & Image Gallery for ElementorRadio Player – Live Shoutcast, Icecast and Any Audio Stream PlayerPreloader for DiviError Log MonitorLive Drag and Drop Builder for Contact Form 7Better Messages – Live Chat, Chat Rooms, Real-Time Messaging & Private MessagesPremmerce User RolesWordPress Dev Powers – Element Selector jQuery Powers PluginDivi Gravity Forms (WP Tools)WordPress WooCommerce Sync for Google SheetPurosaWP MooseWP Activity LogComments Not Replied ToPledged Plugins Secure Gateway for Authorize.net and WooCommerceWP Table Builder – Drag & Drop Table BuilderAdvanced Database ReplacerEthPress – Web3 LoginTarot Card OracleGFireM Action AfterNokkeChange Prices with Time for WooCommerceSnazzyAdmin WP Admin ThemeModern Addons for Elementor Page BuilderHuCommerce | Magyar kiegészítések WooCommerce webáruházakhozSend Prebuilt EmailsAlley Business ToolkitProduct Attachment for WooCommercejav's – WooCommerce and Trello integration WooTrelloOrder and Inventory Manager for WooCommerceWalker CorePremmerce Product Search for WooCommerceSync eCommerce NEOUltimate Divi Modules Suite – Divi Sumo LiteWP Books Gallery – Build Stunning Book Showcases & Libraries in MinutesZip Code RedirectSurbma | GDPR Proof Cookie Consent & Notice BarProduct Options and Price Calculation Formulas for WooCommerce – Uni CPOProduct Customer List for WooCommerceStop Contact Form 7 Spam & WPForms Spam – Free ProtectionEasy Newsletter SignupsRest Routes – Custom Endpoints for WordPress REST APIBulk Edit Categories and Tags – Create Thousands Quickly on the EditorCP Simple NewsletterMeridiaSimple Social Page Widget & ShortcodeAidWP – Donation & Payment Forms (Stripe Powered)Multipurpose Gutenberg BlockBulk Edit Posts and Products in SpreadsheetWP Free SSLStreak CRM For Gmail For Contact Form 7 – WordPress PluginLivemesh SiteOrigin WidgetsRun Contests, Raffles, and Giveaways with ContestsWPFrontend Admin – Add and edit posts, pages, users and more all from the frontendCourt Reservation – Manage Your Court Bookings OnlineWordPress Directory Plugin For Business Listings – WP Local PlusEnhanced Ecommerce Google Analytics for WooCommerceKnowledge Base documentation & wiki plugin – BasePress DocsAtlas – Knowledge BaseWP Author BioUltimate Carousel For DiviWoocommerce Customers Order HistoryStore Toolkit – WooCommerce Extensions, Quick Enhancements & Handy ToolsBrandAny Popup – Popup Forms, Optins & AdsAdvanced Menu Manager Pro – Built for Content-heavy WordPress Sites to Add, Filter, Lock, and Edit Menus EasilySticky add to cart for WooWP EmailyEU VAT Assistant for WooCommerceLittleBot ACH for Stripe + PlaidWPMailer – The best mail builder, No More Core for your emails support Elementor, CF7 forms etc…TwentyFourth WP ScraperSocial KitButtonizer – Floating Menus, Sticky Buttons, & Popup BuilderFast Checkout for WooCommerceBanner Management, Product Slider, Product Carousel for WooCommerceBlockyPage – Gutenberg Based Page BuilderEthereum WalletPage Builder for Gutenberg – StarterBlocksGFireM Advance SearchRadio Station by netmix® – Manage and play your Show Schedule in WordPress!JDs PortfolioContent Aware Sidebars – Fastest Widget Area PluginCartPops – High Converting Add To Cart Popup For WooCommerceBuilder for WooCommerce product reviews shortcodes – ReviewShortQuick Paypal PaymentsOne Click LoginRestrict – membership, site, content and user access restrictions for WordPressDrop Shadow BoxesNicheBaseYatri ToolsBAVOKO SEO Tools – All-in-One WordPress SEOPremmerce SEO for WooCommerceRevivePress – Keep your Old Content EvergreenCartoon UrlBlock Styler For Gravity FormsStrumenti Partita IVA per WoocommerceSheetPress – Manage WordPress Meta data with Google SheetsProduct Size Charts Plugin for WooCommerceExtend Filter Products By Price WidgetEasy TikTok Feed – TikTok Video, Feed & Gallery PluginPost List Designer – Category Post, Recent Post, Post ListWP Coupons and Deals – Coupon Plugin For Affiliate MarketersGiveaways for woocommerceMass Pages/Posts CreatorUser Menus – Nav Menu VisibilityPage Builder Gutenberg Blocks – Kioken BlocksPrime Mover – Migrate WordPress Website & BackupsSSL Zen — SSL Certificate Installer & HTTPS RedirectsWPBITS Addons For Elementor Page BuilderLive TV Player – Worldwide Live TV Channels Player for WordPressDigital Goods (Checkout Field Editor) for WooCommerce CheckoutBaniSky Login RedirectWP Delicious – Recipe Plugin for Food Bloggers (formerly Delicious Recipes)Connect WooCommerce Shop to ERP/CRM, Verifactu and EU/VAT ComplianceWPVisitorInfo – Show Visitor Information & Conditional Data Based On That InformationStackable – Page Builder Gutenberg BlocksAvailability Datepicker – Booking Calendar for Contact Form 7 – Input WPGenerate Images (AI) – Magic Post ThumbnailGrid & Styler For Contact Form 7 And DiviYASR – Yet Another Star Rating Plugin for WordPressPay For Post with WooCommerceWP SPID ItaliaEther and ERC20 tokens WooCommerce Payment GatewayRestrict User Access – Ultimate Membership & Content ProtectionNinja Libs Amazon SESMailChimp ManagerGallery by FooGallerySQL Reporting Services – SSRS Plugin for WordPressSimple SponsorshipsWoo Admin Product NotesWC Shop Sync – Square Payment Gateway and Product Synchronization for WooCommerceProduct Carousel For WooCommerce – WoorouSellPostcode RedirectFullscreen MenuBulk Edit and Create User Profiles – WP Sheet EditorXT Variation Swatches for WooCommerceDocument Viewer – Embed Word, Excel, PowerPoint & PDFs InstantlyPrime Slider – Addons for ElementorPremmerce Brands for WooCommerceWP Adminify – White Label WordPress, Admin Menu Editor, Login CustomizerJoli FAQ SEO – WordPress FAQ PluginWP Tools Divi Blog CarouselUltimate Gutenberg – Custom Block TemplatesDivi Torque Lite – Divi Theme, Divi Builder & Extra ThemeCodeKit – Custom Codes EditorAPPExperts – Mobile App Builder for WordPress | WooCommerce to iOS and Android AppsFIT: Featured Image ToolkitConnected SermonsKikote – Location Picker at Checkout & Google Address AutoFill Plugin for WooCommerceGet Directions MapShared Files – Frontend File Upload Form & Secure File SharingWP Comment Cleaner – Delete All Comments, Disable Comments, Bulk Delete & Remove CommentsPinblocks — Gutenberg blocks with Pinterest widgetsGlorious Services & SupportBuddyPress WooCommerce My Account Integration. Create WooCommerce Member PagesWP Mobile Menu – The Mobile-Friendly Responsive MenuWordPress Reviews by ReviewPressAdd Linkedin insight tags for Linkedin adsConsultPress LiteWP Required Taxonomies – Categories and Tags MandatoryA no-code page builder for beautiful performance-based contentUltimate Bulk SEO Noindex Nofollow – Speed up Penalty Recovery Ultimate SEO BoosterHide Shipping Method For WooCommerceShipping Method Display Style for WooCommerceLightbox – EverlightBox GalleryLogo Showcase – Responsive Logo Carousel, Logo Slider & Logo GridSV Proven ExpertDynific Addons for Elementor (formerly AnyWhere Elementor)Wadi SurveyRemove Add to Cart WooCommerceazw woocommerce file uploadsWp My Admin BarGuestofy – Restaurant Reservations Plugin, Room Planer, Reservation FormGFireM Fields3D Viewer – Display Interactive 3D ModelsFeedbackScout: The easiest way to collect, prioritise, manage and track customer feedback.Fraud Prevention For WooCommerce and EDDCryptocurrency Portfolio TrackerКнопка ЮMoneyTag Groups is the Advanced Way to Display Your Taxonomy TermsWP Munich Blocks – Gutenberg Blocks for WordPressStreamCast – Live Radio Streaming PlayerWP AutoMedicW3SCloud Contact Form 7 to Zoho CRMWP Event Partners – WordPress Plugin for Event and Conference ManagementFood Store – Online Food Delivery & PickupXT Points & Rewards for WooCommerceRocket Maintenance Mode & Coming Soon PageSpotlight Social Feeds – Block, Shortcode, and WidgetForceFieldForms to Zapier, Integromat, IFTTT, Workato, Automate.io, elastic.io, Built.io, APIANT, WebhookPrint My Blog – Print, PDF, & eBook Converter WordPress PluginRecurWP – WordPress Recurly Payment GatewayLimb Gallery | Create Beautiful Image & Video GalleriesOut of stock display for woocommercePersistent LoginAnnouncement & Notification Banner – BulletinLearnMoreIvory Search – WordPress Search PluginImage Photo Gallery Final Tiles GridEasy Settings for LearnDashWP Radio – Worldwide Online Radio Stations Directory for WordPressBefore and After Product Images for WooCommerceScheduled Notification BarWoowGallerySTAX Header BuilderWP-Cron Status CheckerGo Viral – social share, social sharebar, social locker, social chat, open graph, reactions, share & view countersBulk Auto Image Title Attribute (Image Title tag) optimizer (Image SEO)Justified GalleryWPBakery Page Builder Addons by LivemeshEasy Zillow ReviewsTabs with Recommended Posts (Widget)WP SierraFront End PMWP Frontend Admin – Display WP Admin Pages in the FrontendEmail TrackerPerformance KitEmail Header FooterWP Post BlockSimple Giveaways – Grow your business, email lists and traffic with contestsCheckout with Zelle on WoocommerceThank You Page for WooCommerceMapGeo – Interactive Geo MapsPost to Google My Business (Google Business Profile)WP Link BioAdFoxly – Ad Manager, AdSense Ads & Ads.txtPoints Management System For Gamification, Ranks, Badges, and Loyalty Rewards Program – myCredKRSP Frontend File UploaderUltimate Blocks – 25+ Gutenberg Blocks for Block EditorStarfish Review Generation & Marketing for WordPressB2B Request a QuoteLivemesh Addons by ElementorWP Contact Slider – Contact Form Slider WidgetTK SmugMug Slideshow ShortcodeEmails Blacklist for Everest FormsCoinbase Commerce – Crypto Gateway for WooCommerceUnlimited Elements For ElementorWooCommerce Variation Swatches for ProductsWCC SEO Keyword ResearchRankBearGift Message for WooCommerceSouth Pole: Climate action nowWidgets on PagesContact Widgets For Elementor all the contact links you need in one placeSecurity Ninja – WordPress Security & FirewallProduct Country Restrictions for WooCommerce – Country CatalogsGallery PhotoBlocksWordPress Buffer – HYPESocial. Social Media Auto Post, Social Media Auto Publish and ScheduleFloating Social Share Icons and Social Share buttons – Next Previous Post Links – FLSparrow: Product Reviews and Ratings for WooCommerceLive Scores for SportsPressBroadcast LiteAffiliate Link Builder Plugin for Amazon Associates – Review EngineBulk Edit Products for WooCommerce – WP Sheet EditorDivi CollageEasy Age VerifyDisable Payment Methods based on cart conditions for WooCommerceDashy – Google Analytics advanced dashboardCheckout with Venmo on EDDWP Smart Export (Free)Better Messages – WCFM IntegrationAdvanced Custom Fields options import/exportTurbo WidgetsArendelleExtra Fees for WooCommerce
CWE ID-CWE-862
Missing Authorization
CVE-2024-35729
Matching Score-6
Assigner-Patchstack
ShareView Details
Matching Score-6
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.30% / 53.50%
||
7 Day CHG~0.00%
Published-10 Jun, 2024 | 07:44
Updated-28 Apr, 2026 | 16:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Tickera plugin <= 3.5.2.6 - Broken Access Control vulnerability

Missing Authorization vulnerability in Tickera Tickera tickera-event-ticketing-system allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tickera: from n/a through <= 3.5.2.6.

Action-Not Available
Vendor-tickeraTickeratickera
Product-tickeraTickeratickera
CWE ID-CWE-862
Missing Authorization
CVE-2025-22671
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.30% / 52.87%
||
7 Day CHG+0.21%
Published-27 Mar, 2025 | 14:13
Updated-28 Apr, 2026 | 16:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Disable Elementor Editor Translation plugin <= 1.0.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in Leap13 Disable Elementor Editor Translation disable-elementor-editor-translation allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Disable Elementor Editor Translation: from n/a through <= 1.0.2.

Action-Not Available
Vendor-Leap13
Product-Disable Elementor Editor Translation
CWE ID-CWE-862
Missing Authorization
CVE-2021-39347
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-4.3||MEDIUM
EPSS-0.14% / 32.81%
||
7 Day CHG~0.00%
Published-04 Oct, 2021 | 17:21
Updated-31 Mar, 2025 | 18:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Stripe for WooCommerce 3.0.0 - 3.3.9 Missing Authorization Controls to Financial Account Hijacking

The Stripe for WooCommerce WordPress plugin is missing a capability check on the save() function found in the ~/includes/admin/class-wc-stripe-admin-user-edit.php file that makes it possible for attackers to configure their account to use other site users unique STRIPE identifier and make purchases with their payment accounts. This affects versions 3.0.0 - 3.3.9.

Action-Not Available
Vendor-paymentpluginsStripe for WooCommerce
Product-stripe_for_woocommerceStripe for WooCommerce
CWE ID-CWE-862
Missing Authorization
CVE-2025-22304
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.11% / 29.57%
||
7 Day CHG~0.00%
Published-07 Jan, 2025 | 10:48
Updated-28 Apr, 2026 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Visitor Statistics plugin <= 7.5 - Broken Access Control vulnerability

Missing Authorization vulnerability in osama.esh WP Visitor Statistics (Real Time Traffic) wp-stats-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Visitor Statistics (Real Time Traffic): from n/a through <= 7.5.

Action-Not Available
Vendor-osama.esh
Product-WP Visitor Statistics (Real Time Traffic)
CWE ID-CWE-862
Missing Authorization
CVE-2025-22779
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.21% / 43.34%
||
7 Day CHG~0.00%
Published-15 Jan, 2025 | 15:23
Updated-28 Apr, 2026 | 16:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP News Sliders plugin <= 1.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in codeaffairs WP News Sliders wp-news-sliders allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP News Sliders: from n/a through <= 1.0.

Action-Not Available
Vendor-codeaffairs
Product-WP News Sliders
CWE ID-CWE-862
Missing Authorization
CVE-2023-52227
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.14% / 33.91%
||
7 Day CHG~0.00%
Published-11 Jun, 2024 | 16:25
Updated-28 Apr, 2026 | 16:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress MailerLite – WooCommerce integration plugin <= 2.0.8 - Broken Access Control vulnerability

Missing Authorization vulnerability in MailerLite MailerLite – WooCommerce integration.This issue affects MailerLite – WooCommerce integration: from n/a through 2.0.8.

Action-Not Available
Vendor-MailerLite
Product-MailerLite – WooCommerce integration
CWE ID-CWE-862
Missing Authorization
CVE-2023-52943
Matching Score-4
Assigner-Synology Inc.
ShareView Details
Matching Score-4
Assigner-Synology Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.12% / 29.95%
||
7 Day CHG~0.00%
Published-04 Dec, 2024 | 07:04
Updated-04 Dec, 2024 | 14:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Incorrect authorization vulnerability in Alert.Setting webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to to perform limited actions on the alerting function via unspecified vectors.

Action-Not Available
Vendor-Synology, Inc.
Product-Surveillance Station
CWE ID-CWE-863
Incorrect Authorization
CVE-2023-5314
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-4.3||MEDIUM
EPSS-0.07% / 19.86%
||
7 Day CHG-0.00%
Published-22 Nov, 2023 | 15:33
Updated-08 Apr, 2026 | 18:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WP EXtra <= 6.2 - Missing Authorization to Arbitrary Email Sending

The WP EXtra plugin for WordPress is vulnerable to unauthorized access to restricted functionality due to a missing capability check on the 'test-email' section of the register() function in versions up to, and including, 6.2. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to send emails with arbitrary content to arbitrary locations from the affected site's mail server.

Action-Not Available
Vendor-wpvnteamwpvncom
Product-wp_extraWP EXtra – One Click Optimize
CWE ID-CWE-862
Missing Authorization
CVE-2025-22298
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.11% / 29.57%
||
7 Day CHG~0.00%
Published-07 Jan, 2025 | 10:49
Updated-28 Apr, 2026 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Hive Support plugin <= 1.1.6 - Broken Access Control vulnerability

Missing Authorization vulnerability in Hive Support Hive Support hive-support allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Hive Support: from n/a through <= 1.1.6.

Action-Not Available
Vendor-Hive Support
Product-Hive Support
CWE ID-CWE-862
Missing Authorization
CVE-2025-22729
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.20% / 42.09%
||
7 Day CHG~0.00%
Published-15 Jan, 2025 | 15:23
Updated-28 Apr, 2026 | 16:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress VOD Infomaniak plugin <= 1.5.9 - Broken Access Control vulnerability

Missing Authorization vulnerability in Infomaniak Network VOD Infomaniak vod-infomaniak allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects VOD Infomaniak: from n/a through <= 1.5.9.

Action-Not Available
Vendor-Infomaniak Network
Product-VOD Infomaniak
CWE ID-CWE-862
Missing Authorization
CVE-2023-51649
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-3.5||LOW
EPSS-0.10% / 27.62%
||
7 Day CHG~0.00%
Published-22 Dec, 2023 | 16:48
Updated-02 Aug, 2024 | 22:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Nautobot missing object-level permissions enforcement when running Job Buttons

Nautobot is a Network Source of Truth and Network Automation Platform built as a web application atop the Django Python framework with a PostgreSQL or MySQL database. When submitting a Job to run via a Job Button, only the model-level `extras.run_job` permission is checked (i.e., does the user have permission to run Jobs in general). Object-level permissions (i.e., does the user have permission to run this specific Job?) are not enforced by the URL/view used in this case. A user with permissions to run even a single Job can actually run all configured JobButton Jobs. Fix will be available in Nautobot 1.6.8 and 2.1.0

Action-Not Available
Vendor-networktocodenautobot
Product-nautobotnautobot
CWE ID-CWE-863
Incorrect Authorization
CVE-2023-51692
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.09% / 25.90%
||
7 Day CHG~0.00%
Published-28 Feb, 2024 | 18:49
Updated-28 Apr, 2026 | 16:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Customer Reviews for WooCommerce Plugin <= 5.38.1 is vulnerable to Broken Access Control

Missing Authorization vulnerability in CusRev Customer Reviews for WooCommerce.This issue affects Customer Reviews for WooCommerce: from n/a through 5.38.1.

Action-Not Available
Vendor-cusrevCusRev
Product-customer_reviews_for_woocommerceCustomer Reviews for WooCommerce
CWE ID-CWE-862
Missing Authorization
CVE-2023-5198
Matching Score-4
Assigner-GitLab Inc.
ShareView Details
Matching Score-4
Assigner-GitLab Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.06% / 18.75%
||
7 Day CHG~0.00%
Published-29 Sep, 2023 | 07:01
Updated-20 Nov, 2025 | 04:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Incorrect Authorization in GitLab

An issue has been discovered in GitLab affecting all versions prior to 16.2.7, all versions starting from 16.3 before 16.3.5, and all versions starting from 16.4 before 16.4.1. It was possible for a removed project member to write to protected branches using deploy keys.

Action-Not Available
Vendor-GitLab Inc.
Product-gitlabGitLab
CWE ID-CWE-863
Incorrect Authorization
CVE-2023-51680
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.12% / 30.92%
||
7 Day CHG~0.00%
Published-12 Jun, 2024 | 08:46
Updated-28 Apr, 2026 | 16:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Quotes for WooCommerce plugin <= 2.0.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in TechnoVama Quotes for WooCommerce.This issue affects Quotes for WooCommerce: from n/a through 2.0.1.

Action-Not Available
Vendor-technovamaTechnoVama
Product-quotes_for_woocommerceQuotes for WooCommerce
CWE ID-CWE-862
Missing Authorization
CVE-2023-50886
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.06% / 17.47%
||
7 Day CHG~0.00%
Published-15 Mar, 2024 | 14:14
Updated-28 Apr, 2026 | 16:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Legal Pages plugin <= 1.3.7 - CSRF + Broken Access Control vulnerability

Cross-Site Request Forgery (CSRF), Incorrect Authorization vulnerability in wpWax Legal Pages.This issue affects Legal Pages: from n/a through 1.3.7.

Action-Not Available
Vendor-wpwaxwpWax
Product-legal_pagesLegal Pages
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CWE ID-CWE-863
Incorrect Authorization
CVE-2023-51670
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.20% / 41.94%
||
7 Day CHG~0.00%
Published-12 Jun, 2024 | 08:54
Updated-28 Apr, 2026 | 16:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress FunnelKit Checkout plugin <= 3.10.3 - Authenticated Arbitrary Plugin Activation vulnerability

Missing Authorization vulnerability in FunnelKit FunnelKit Checkout.This issue affects FunnelKit Checkout: from n/a through 3.10.3.

Action-Not Available
Vendor-FunnelKit
Product-FunnelKit Checkout
CWE ID-CWE-862
Missing Authorization
CVE-2025-3644
Matching Score-4
Assigner-Fedora Project
ShareView Details
Matching Score-4
Assigner-Fedora Project
CVSS Score-4.3||MEDIUM
EPSS-0.32% / 54.68%
||
7 Day CHG~0.00%
Published-25 Apr, 2025 | 14:43
Updated-29 Apr, 2025 | 13:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Moodle: ajax section delete does not respect course_can_delete_section()

A flaw was found in Moodle. Additional checks were required to prevent users from deleting course sections they did not have permission to modify.

Action-Not Available
Vendor-
Product-
CWE ID-CWE-863
Incorrect Authorization
CVE-2023-50779
Matching Score-4
Assigner-Jenkins Project
ShareView Details
Matching Score-4
Assigner-Jenkins Project
CVSS Score-4.3||MEDIUM
EPSS-0.05% / 15.07%
||
7 Day CHG~0.00%
Published-13 Dec, 2023 | 17:30
Updated-13 Feb, 2025 | 17:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Missing permission checks in Jenkins PaaSLane Estimate Plugin 1.0.4 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified URL using an attacker-specified token.

Action-Not Available
Vendor-Jenkins
Product-paaslane_estimateJenkins PaaSLane Estimate Plugin
CWE ID-CWE-862
Missing Authorization
CVE-2023-51376
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.17% / 38.31%
||
7 Day CHG~0.00%
Published-14 Jun, 2024 | 10:21
Updated-28 Apr, 2026 | 16:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress ProjectHuddle Client Site plugin <= 1.0.34 - Broken Access Control vulnerability

Missing Authorization vulnerability in Brainstorm Force ProjectHuddle Client Site.This issue affects ProjectHuddle Client Site: from n/a through 1.0.34.

Action-Not Available
Vendor-Brainstorm Force
Product-ProjectHuddle Client Site
CWE ID-CWE-862
Missing Authorization
CVE-2023-51375
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.22% / 44.31%
||
7 Day CHG~0.00%
Published-21 Jun, 2024 | 13:37
Updated-28 Apr, 2026 | 16:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress EmbedPress plugin <= 3.8.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in WPDeveloper EmbedPress.This issue affects EmbedPress: from n/a through 3.8.3.

Action-Not Available
Vendor-WPDeveloper
Product-embedpressEmbedPress
CWE ID-CWE-862
Missing Authorization
CVE-2025-22591
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.19% / 40.62%
||
7 Day CHG~0.00%
Published-07 Jan, 2025 | 14:57
Updated-28 Apr, 2026 | 16:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress 1003 Mortgage Application plugin <= 1.87 - Broken Access Control vulnerability

Missing Authorization vulnerability in 8blocks 1003 Mortgage Application 1003-mortgage-application allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects 1003 Mortgage Application: from n/a through <= 1.87.

Action-Not Available
Vendor-8blocks
Product-1003 Mortgage Application
CWE ID-CWE-862
Missing Authorization
CVE-2025-22561
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.11% / 29.57%
||
7 Day CHG~0.00%
Published-09 Jan, 2025 | 15:39
Updated-28 Apr, 2026 | 16:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Title Experiments Free plugin <= 9.0.4 - Broken Access Control vulnerability

Missing Authorization vulnerability in kbowson Title Experiments Free wp-experiments-free allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Title Experiments Free: from n/a through <= 9.0.4.

Action-Not Available
Vendor-kbowson
Product-Title Experiments Free
CWE ID-CWE-862
Missing Authorization
CVE-2023-51523
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.17% / 38.31%
||
7 Day CHG~0.00%
Published-14 Jun, 2024 | 00:56
Updated-28 Apr, 2026 | 16:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WooCommerce Easy Duplicate Product plugin <= 0.3.0.7 - Broken Access Control vulnerability

Missing Authorization vulnerability in WriterSystem WooCommerce Easy Duplicate Product.This issue affects WooCommerce Easy Duplicate Product: from n/a through 0.3.0.7.

Action-Not Available
Vendor-WriterSystem
Product-WooCommerce Easy Duplicate Product
CWE ID-CWE-862
Missing Authorization
CVE-2023-4948
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-4.3||MEDIUM
EPSS-0.07% / 20.19%
||
7 Day CHG~0.00%
Published-14 Sep, 2023 | 03:24
Updated-08 Apr, 2026 | 19:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WooCommerce CVR Payment Gateway < 6.1.0 - Missing Authorization to Authenticated (Contributor+) CVR Update

The WooCommerce CVR Payment Gateway plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the refresh_order_cvr_data AJAX action in versions up to 6.1.0. This makes it possible for authenticated attackers with contributor-level access and above, to update CVR numbers for orders.

Action-Not Available
Vendor-yancoYan&Co
Product-woocommerce_cvr_payment_gatewayWooCommerce CVR Payment Gateway
CWE ID-CWE-862
Missing Authorization
CVE-2023-4938
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-4.3||MEDIUM
EPSS-0.07% / 21.89%
||
7 Day CHG~0.00%
Published-18 Oct, 2023 | 07:31
Updated-08 Apr, 2026 | 19:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
BEAR <= 1.1.3.3 - Missing Authorization to Product Manipulation

The BEAR for WordPress is vulnerable to Missing Authorization in versions up to, and including, 1.1.3.3. This is due to a missing capability check on the woobe_bulkoperations_apply_default_combination function. This makes it possible for authenticated attackers (subscriber or higher) to manipulate products.

Action-Not Available
Vendor-PluginUs.Net (RealMag777)
Product-bear_-_woocommerce_bulk_editor_and_products_manager_professionalBEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net
CWE ID-CWE-862
Missing Authorization
CVE-2023-2561
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-4.3||MEDIUM
EPSS-0.08% / 22.53%
||
7 Day CHG~0.00%
Published-12 Jul, 2023 | 04:38
Updated-08 Apr, 2026 | 19:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Gallery Metabox <= 1.5 - Missing Authorization via gallery_remove

The Gallery Metabox for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the gallery_remove function in versions up to, and including, 1.5. This makes it possible for subscriber-level attackers to modify galleries attached to posts and pages with this plugin.

Action-Not Available
Vendor-gallery-metabox_projectbillerickson
Product-gallery-metaboxGallery Metabox
CWE ID-CWE-862
Missing Authorization
CVE-2023-49858
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.23% / 45.15%
||
7 Day CHG~0.00%
Published-09 Dec, 2024 | 11:30
Updated-29 Apr, 2026 | 10:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Custom Login plugin <= 4.1.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in Austin Custom Login custom-login allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Custom Login: from n/a through <= 4.1.0.

Action-Not Available
Vendor-Austin
Product-Custom Login
CWE ID-CWE-862
Missing Authorization
CVE-2023-4947
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-4.3||MEDIUM
EPSS-0.15% / 34.57%
||
7 Day CHG~0.00%
Published-20 Oct, 2023 | 06:35
Updated-08 Apr, 2026 | 17:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WooCommerce EAN Payment Gateway < 6.1.0 - Missing Authorization to Authenticated (Contributor+) EAN Update

The WooCommerce EAN Payment Gateway plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the refresh_order_ean_data AJAX action in versions up to 6.1.0. This makes it possible for authenticated attackers with contributor-level access and above, to update EAN numbers for orders.

Action-Not Available
Vendor-yancoYan&Co
Product-woocommerce_ean_payment_gatewayWooCommerce EAN Payment Gateway
CWE ID-CWE-862
Missing Authorization
CVE-2023-49758
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.17% / 38.25%
||
7 Day CHG~0.00%
Published-09 Dec, 2024 | 11:30
Updated-29 Apr, 2026 | 10:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Booking System plugin <= 2.0.19.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in Roland Murg WP Booking System wp-booking-system allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Booking System: from n/a through <= 2.0.19.2.

Action-Not Available
Vendor-Roland Murg
Product-WP Booking System
CWE ID-CWE-862
Missing Authorization
CVE-2023-4943
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-4.3||MEDIUM
EPSS-0.13% / 31.47%
||
7 Day CHG-0.00%
Published-20 Oct, 2023 | 06:35
Updated-08 Apr, 2026 | 17:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
BEAR <= 1.1.3.3 - Missing Authorization to Product Manipulation

The BEAR for WordPress is vulnerable to Missing Authorization in versions up to, and including, 1.1.3.3. This is due to a missing capability check on the woobe_bulkoperations_visibility function. This makes it possible for authenticated attackers (subscriber or higher) to manipulate products.

Action-Not Available
Vendor-PluginUs.Net (RealMag777)
Product-bear_-_woocommerce_bulk_editor_and_products_manager_professionalBEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net
CWE ID-CWE-862
Missing Authorization
CVE-2025-22299
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.11% / 29.57%
||
7 Day CHG~0.00%
Published-07 Jan, 2025 | 10:49
Updated-28 Apr, 2026 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress AI for SEO plugin <= 1.2.9 - Broken Access Control vulnerability

Missing Authorization vulnerability in Space Codes AI for SEO ai-for-seo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AI for SEO: from n/a through <= 1.2.9.

Action-Not Available
Vendor-Space Codes
Product-AI for SEO
CWE ID-CWE-862
Missing Authorization
CVE-2023-49835
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.17% / 38.25%
||
7 Day CHG~0.00%
Published-09 Dec, 2024 | 11:30
Updated-28 Apr, 2026 | 16:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Post Duplicator plugin <= 2.31 - Broken Access Control vulnerability

Missing Authorization vulnerability in Metaphor Creations Post Duplicator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Post Duplicator: from n/a through 2.31.

Action-Not Available
Vendor-metaphorcreationsMetaphor Creations
Product-post_duplicatorPost Duplicator
CWE ID-CWE-862
Missing Authorization
CVE-2025-3227
Matching Score-4
Assigner-Mattermost, Inc.
ShareView Details
Matching Score-4
Assigner-Mattermost, Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.17% / 37.79%
||
7 Day CHG~0.00%
Published-20 Jun, 2025 | 14:31
Updated-08 Jul, 2025 | 14:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Unauthorized channel member management through playbook runs

Mattermost versions 10.5.x <= 10.5.5, 9.11.x <= 9.11.15, 10.8.x <= 10.8.0, 10.7.x <= 10.7.2, 10.6.x <= 10.6.5 fail to properly enforce channel member management permissions in playbook runs, allowing authenticated users without the 'Manage Channel Members' permission to add or remove users from public and private channels by manipulating playbook run participants when the run is linked to a channel.

Action-Not Available
Vendor-Mattermost, Inc.
Product-mattermost_serverMattermost
CWE ID-CWE-863
Incorrect Authorization
CVE-2023-49849
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.13% / 31.61%
||
7 Day CHG~0.00%
Published-09 Dec, 2024 | 11:30
Updated-29 Apr, 2026 | 10:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Shortcoder plugin <= 6.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in vaakash Shortcoder shortcoder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Shortcoder: from n/a through <= 6.3.

Action-Not Available
Vendor-vaakashAakash Web
Product-Shortcoder
CWE ID-CWE-862
Missing Authorization
CVE-2023-49196
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.17% / 38.25%
||
7 Day CHG~0.00%
Published-09 Dec, 2024 | 11:30
Updated-28 Apr, 2026 | 16:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Pagelayer plugin <= 1.7.7 - Broken Access Control vulnerability

Missing Authorization vulnerability in Pagelayer Team PageLayer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PageLayer: from n/a through 1.7.7.

Action-Not Available
Vendor-Pagelayer Team
Product-PageLayer
CWE ID-CWE-862
Missing Authorization
CVE-2023-49674
Matching Score-4
Assigner-Jenkins Project
ShareView Details
Matching Score-4
Assigner-Jenkins Project
CVSS Score-4.3||MEDIUM
EPSS-0.05% / 15.07%
||
7 Day CHG~0.00%
Published-29 Nov, 2023 | 13:45
Updated-13 Feb, 2025 | 17:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A missing permission check in Jenkins NeuVector Vulnerability Scanner Plugin 1.22 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified hostname and port using attacker-specified username and password.

Action-Not Available
Vendor-Jenkins
Product-neuvector_vulnerability_scannerJenkins NeuVector Vulnerability Scanner Plugin
CWE ID-CWE-862
Missing Authorization
CVE-2023-5061
Matching Score-4
Assigner-GitLab Inc.
ShareView Details
Matching Score-4
Assigner-GitLab Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.02% / 6.02%
||
7 Day CHG~0.00%
Published-15 Dec, 2023 | 16:03
Updated-02 May, 2026 | 04:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Missing Authorization in GitLab

An issue has been discovered in GitLab affecting all versions starting from 9.3 before 16.4.4, all versions starting from 16.5 before 16.5.4, all versions starting from 16.6 before 16.6.2. In certain situations, it may have been possible for developers to override predefined CI variables via the REST API.

Action-Not Available
Vendor-GitLab Inc.
Product-gitlabGitLab
CWE ID-CWE-862
Missing Authorization
CVE-2023-4941
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-4.3||MEDIUM
EPSS-0.10% / 27.68%
||
7 Day CHG~0.00%
Published-20 Oct, 2023 | 07:29
Updated-08 Apr, 2026 | 19:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
BEAR <= 1.1.3.3 - Missing Authorization to Product Manipulation

The BEAR for WordPress is vulnerable to Missing Authorization in versions up to, and including, 1.1.3.3. This is due to a missing capability check on the woobe_bulkoperations_swap function. This makes it possible for authenticated attackers (subscriber or higher) to manipulate products.

Action-Not Available
Vendor-PluginUs.Net (RealMag777)
Product-bear_-_woocommerce_bulk_editor_and_products_manager_professionalBEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net
CWE ID-CWE-862
Missing Authorization
CVE-2023-49783
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.15% / 34.45%
||
7 Day CHG~0.00%
Published-23 Jan, 2024 | 13:54
Updated-17 Jun, 2025 | 21:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
No permission checks for editing/deleting records with CSV import form

Silverstripe Admin provides a basic management interface for the Silverstripe Framework. In versions on the 1.x branch prior to 1.13.19 and on the 2.x branch prior to 2.1.8, users who don't have edit or delete permissions for records exposed in a `ModelAdmin` can still edit or delete records using the CSV import form, provided they have create permissions. The likelihood of a user having create permissions but not having edit or delete permissions is low, but it is possible. Note that this doesn't affect any `ModelAdmin` which has had the import form disabled via the `showImportForm` public property. Versions 1.13.19 and 2.1.8 contain a patch for the issue. Those who have a custom implementation of `BulkLoader` should update their implementations to respect permissions when the return value of `getCheckPermissions()` is true. Those who use any `BulkLoader` in their own project logic, or maintain a module which uses it, should consider passing `true` to `setCheckPermissions()` if the data is provided by users.

Action-Not Available
Vendor-Silverstripe
Product-adminsilverstripe-admin
CWE ID-CWE-863
Incorrect Authorization
CVE-2023-4792
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-4.3||MEDIUM
EPSS-0.07% / 21.89%
||
7 Day CHG~0.00%
Published-07 Sep, 2023 | 01:52
Updated-08 Apr, 2026 | 19:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Duplicate Post Page Menu & Custom Post Type <= 2.3.1 - Missing Authorization to Post Duplication

The Duplicate Post Page Menu & Custom Post Type plugin for WordPress is vulnerable to unauthorized page and post duplication due to a missing capability check on the duplicate_ppmc_post_as_draft function in versions up to, and including, 2.3.1. This makes it possible for authenticated attackers with subscriber access or higher to duplicate posts and pages.

Action-Not Available
Vendor-inqsysinqsys
Product-duplicate_post_page_menu_\&_custom_post_typeDuplicate Post Page Menu & Custom Post Type
CWE ID-CWE-862
Missing Authorization
CVE-2023-47820
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.17% / 38.25%
||
7 Day CHG~0.00%
Published-09 Dec, 2024 | 11:30
Updated-28 Apr, 2026 | 16:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Like Button plugin <= 1.7.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in CRUDLab WP Like Button allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Like Button: from n/a through 1.7.0.

Action-Not Available
Vendor-CRUDLab
Product-WP Like Button
CWE ID-CWE-862
Missing Authorization
CVE-2025-22722
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.18% / 39.46%
||
7 Day CHG~0.00%
Published-21 Jan, 2025 | 17:21
Updated-28 Apr, 2026 | 16:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Widget Options plugin <= 4.0.8 - Broken Access Control to Notice Dimissal vulnerability

Missing Authorization vulnerability in Marketing Fire Widget Options widget-options allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Widget Options: from n/a through <= 4.0.8.

Action-Not Available
Vendor-Marketing Fire
Product-Widget Options
CWE ID-CWE-862
Missing Authorization
CVE-2025-23188
Matching Score-4
Assigner-SAP SE
ShareView Details
Matching Score-4
Assigner-SAP SE
CVSS Score-4.3||MEDIUM
EPSS-0.06% / 19.51%
||
7 Day CHG~0.00%
Published-11 Mar, 2025 | 00:32
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Missing Authorization check in SAP S/4HANA (RBD)

An authenticated user with low privileges can exploit a missing authorization check in an IBS module of FS-RBD, allowing unauthorized access to perform actions beyond their intended permissions. This causes a low impact on integrity with no impact on confidentiality and availability.

Action-Not Available
Vendor-SAP SE
Product-SAP S/4HANA (RBD)
CWE ID-CWE-862
Missing Authorization
CVE-2023-48227
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.11% / 29.57%
||
7 Day CHG~0.00%
Published-12 Dec, 2023 | 17:12
Updated-28 Aug, 2024 | 14:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Umbraco CMS Backoffice User can bypass "Publish" restriction

Umbraco is an ASP.NET content management system (CMS). Starting in version 8.0.0 and prior to versions 8.18.10, 10.7.0, and 12.3.0, Backoffice users with send for approval permission but not publish permission are able to publish in some scenarios. Versions 8.18.10, 10.7.0, and 12.3.0 contains a patch for this issue. No known workarounds are available.

Action-Not Available
Vendor-Umbraco A/S (Umbraco)
Product-umbraco_cmsUmbraco-CMS
CWE ID-CWE-863
Incorrect Authorization
CVE-2025-22665
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.22% / 44.36%
||
7 Day CHG+0.14%
Published-27 Mar, 2025 | 14:25
Updated-28 Apr, 2026 | 16:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress RapidLoad plugin <= 2.4.4 - Broken Access Control vulnerability

Missing Authorization vulnerability in Shakeeb Sadikeen RapidLoad unusedcss allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects RapidLoad: from n/a through <= 2.4.4.

Action-Not Available
Vendor-Shakeeb Sadikeen
Product-RapidLoad
CWE ID-CWE-862
Missing Authorization
CVE-2023-48751
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.06% / 19.20%
||
7 Day CHG~0.00%
Published-18 Dec, 2023 | 23:44
Updated-28 Apr, 2026 | 16:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Participants Database Plugin <= 2.5.5 is vulnerable to Broken Access Control

Missing Authorization, Cross-Site Request Forgery (CSRF) vulnerability in Roland Barker, xnau webdesign Participants Database allows Accessing Functionality Not Properly Constrained by ACLs, Cross Site Request Forgery.This issue affects Participants Database: from n/a through 2.5.5.

Action-Not Available
Vendor-xnauRoland Barker, xnau webdesign
Product-participants_databaseParticipants Database
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CWE ID-CWE-862
Missing Authorization
CVE-2023-47761
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.17% / 38.25%
||
7 Day CHG~0.00%
Published-09 Dec, 2024 | 11:30
Updated-29 Apr, 2026 | 10:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Simple 301 Redirects by BetterLinks plugin <= 2.0.7 - Broken Access Control vulnerability

Missing Authorization vulnerability in WPDeveloper Simple 301 Redirects by BetterLinks simple-301-redirects allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simple 301 Redirects by BetterLinks: from n/a through <= 2.0.7.

Action-Not Available
Vendor-WPDeveloper
Product-Simple 301 Redirects by BetterLinks
CWE ID-CWE-862
Missing Authorization
CVE-2023-47776
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.23% / 45.15%
||
7 Day CHG~0.00%
Published-09 Dec, 2024 | 11:30
Updated-29 Apr, 2026 | 10:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress miniorange otp verification plugin <= 4.2.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in miniOrange miniorange otp verification miniorange-otp-verification allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects miniorange otp verification: from n/a through <= 4.2.1.

Action-Not Available
Vendor-miniOrange
Product-miniorange otp verification
CWE ID-CWE-862
Missing Authorization
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 28
  • 29
  • Next
Details not found