Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2025-3417

Summary
Assigner-Wordfence
Assigner Org ID-b15e7b5b-3da4-40ae-a43c-f7aa60e62599
Published At-10 Apr, 2025 | 07:02
Updated At-10 Apr, 2025 | 14:00
Rejected At-
Credits

Embedder 1.3 - 1.3.5 - Authenticated (Subscriber+) Arbitrary Options Update

The Embedder plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the ajax_set_global_option() function in versions 1.3 to 1.3.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:Wordfence
Assigner Org ID:b15e7b5b-3da4-40ae-a43c-f7aa60e62599
Published At:10 Apr, 2025 | 07:02
Updated At:10 Apr, 2025 | 14:00
Rejected At:
▼CVE Numbering Authority (CNA)
Embedder 1.3 - 1.3.5 - Authenticated (Subscriber+) Arbitrary Options Update

The Embedder plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the ajax_set_global_option() function in versions 1.3 to 1.3.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site.

Affected Products
Vendor
stringfold
Product
Embedder
Default Status
unaffected
Versions
Affected
  • From 1.3 through 1.3.5 (semver)
Problem Types
TypeCWE IDDescription
CWECWE-862CWE-862 Missing Authorization
Type: CWE
CWE ID: CWE-862
Description: CWE-862 Missing Authorization
Metrics
VersionBase scoreBase severityVector
3.18.8HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Version: 3.1
Base score: 8.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
finder
Kenneth Dunn
Timeline
EventDate
Disclosed2025-04-09 18:12:44
Event: Disclosed
Date: 2025-04-09 18:12:44
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.wordfence.com/threat-intel/vulnerabilities/id/fa86bcb9-e558-4b60-9473-65cd6f9663fd?source=cve
N/A
https://plugins.trac.wordpress.org/browser/embedder/trunk/emb-admin-ajax.php#L41
N/A
Hyperlink: https://www.wordfence.com/threat-intel/vulnerabilities/id/fa86bcb9-e558-4b60-9473-65cd6f9663fd?source=cve
Resource: N/A
Hyperlink: https://plugins.trac.wordpress.org/browser/embedder/trunk/emb-admin-ajax.php#L41
Resource: N/A
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security@wordfence.com
Published At:10 Apr, 2025 | 07:15
Updated At:11 Apr, 2025 | 15:39

The Embedder plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the ajax_set_global_option() function in versions 1.3 to 1.3.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.18.8HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Type: Primary
Version: 3.1
Base score: 8.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-862Primarysecurity@wordfence.com
CWE ID: CWE-862
Type: Primary
Source: security@wordfence.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://plugins.trac.wordpress.org/browser/embedder/trunk/emb-admin-ajax.php#L41security@wordfence.com
N/A
https://www.wordfence.com/threat-intel/vulnerabilities/id/fa86bcb9-e558-4b60-9473-65cd6f9663fd?source=cvesecurity@wordfence.com
N/A
Hyperlink: https://plugins.trac.wordpress.org/browser/embedder/trunk/emb-admin-ajax.php#L41
Source: security@wordfence.com
Resource: N/A
Hyperlink: https://www.wordfence.com/threat-intel/vulnerabilities/id/fa86bcb9-e558-4b60-9473-65cd6f9663fd?source=cve
Source: security@wordfence.com
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

529Records found
CVE-2024-32705
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.40% / 60.26%
||
7 Day CHG~0.00%
Published-09 Jun, 2024 | 17:10
Updated-02 Aug, 2024 | 02:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress ARForms plugin <= 6.4 - Subscriber+ Arbitrary Plugin Activation/Deactivation Vulnerability

Missing Authorization vulnerability in reputeinfosystems ARForms.This issue affects ARForms: from n/a through 6.4.

Action-Not Available
Vendor-reputeinfosystemsreputeinfosystems
Product-arformsARForms
CWE ID-CWE-862
Missing Authorization
CVE-2024-31248
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.53% / 66.45%
||
7 Day CHG~0.00%
Published-09 Jun, 2024 | 11:10
Updated-02 Dec, 2024 | 14:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress All-in-One Video Gallery plugin <= 3.5.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in Team Plugins360 All-in-One Video Gallery.This issue affects All-in-One Video Gallery: from n/a through 3.5.2.

Action-Not Available
Vendor-plugins360Team Plugins360
Product-all-in-one_video_galleryAll-in-One Video Gallery
CWE ID-CWE-862
Missing Authorization
CVE-2024-30465
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.30% / 52.83%
||
7 Day CHG~0.00%
Published-09 Jun, 2024 | 10:42
Updated-10 Oct, 2024 | 20:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress PageLayer plugin <= 1.8.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in Pagelayer Team PageLayer.This issue affects PageLayer: from n/a through 1.8.1.

Action-Not Available
Vendor-pagelayerPagelayer Team
Product-pagelayerPageLayer
CWE ID-CWE-862
Missing Authorization
CVE-2024-30537
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.22% / 44.29%
||
7 Day CHG~0.00%
Published-09 Jun, 2024 | 09:01
Updated-02 Aug, 2024 | 01:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WPC Badge Management for WooCommerce plugin <= 2.4.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in WPClever WPC Badge Management for WooCommerce.This issue affects WPC Badge Management for WooCommerce: from n/a through 2.4.0.

Action-Not Available
Vendor-wpcleverWPClever
Product-wpc_badge_management_for_woocommerceWPC Badge Management for WooCommerce
CWE ID-CWE-862
Missing Authorization
CVE-2025-64349
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) U.S. Civilian Government
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) U.S. Civilian Government
CVSS Score-8.7||HIGH
EPSS-0.06% / 18.52%
||
7 Day CHG~0.00%
Published-31 Oct, 2025 | 18:31
Updated-02 Dec, 2025 | 14:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ELOG user profile missing authorization

ELOG allows an authenticated user to modify another user's profile. An attacker can edit a target user's email address, then request a password reset, and take control of the target account. By default, ELOG is not configured to allow self-registration.

Action-Not Available
Vendor-elog_projectELOG
Product-elogELOG
CWE ID-CWE-862
Missing Authorization
CVE-2024-31246
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.39% / 59.65%
||
7 Day CHG~0.00%
Published-09 Jun, 2024 | 08:55
Updated-05 Oct, 2024 | 01:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Post Grid Gutenberg Blocks and WordPress Blog Plugin – PostX plugin <= 3.2.3 - Author+ Post/Page Duplication vulnerability

Missing Authorization vulnerability in Post Grid Team by WPXPO PostX – Gutenberg Blocks for Post Grid.This issue affects PostX – Gutenberg Blocks for Post Grid: from n/a through 3.2.3.

Action-Not Available
Vendor-wpxpoPost Grid Team by WPXPO
Product-postxPostX – Gutenberg Blocks for Post Grid
CWE ID-CWE-862
Missing Authorization
CVE-2024-31261
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.38% / 58.72%
||
7 Day CHG~0.00%
Published-09 Jun, 2024 | 11:13
Updated-26 Nov, 2024 | 15:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Announcer – Notification & message bars plugin <= 6.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in Aakash Chakravarthy Announcer – Notification & message bars.This issue affects Announcer – Notification & message bars: from n/a through 6.0.

Action-Not Available
Vendor-Aakash Web
Product-announcerAnnouncer – Notification & message bars
CWE ID-CWE-862
Missing Authorization
CVE-2024-31267
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.22% / 44.29%
||
7 Day CHG~0.00%
Published-09 Jun, 2024 | 11:14
Updated-01 Nov, 2024 | 14:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Flexible Checkout Fields for WooCommerce plugin <= 4.1.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in WP Desk Flexible Checkout Fields for WooCommerce.This issue affects Flexible Checkout Fields for WooCommerce: from n/a through 4.1.2.

Action-Not Available
Vendor-wpdeskWP Desk
Product-flexible_checkout_fieldsFlexible Checkout Fields for WooCommerce
CWE ID-CWE-862
Missing Authorization
CVE-2024-30517
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.22% / 44.29%
||
7 Day CHG~0.00%
Published-09 Jun, 2024 | 11:02
Updated-07 Oct, 2024 | 18:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Sliced Invoices plugin <= 3.9.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in Sliced Invoices.This issue affects Sliced Invoices: from n/a through 3.9.2.

Action-Not Available
Vendor-slicedinvoicesSliced Invoices
Product-sliced_invoicesSliced Invoices
CWE ID-CWE-862
Missing Authorization
CVE-2024-30484
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.22% / 44.29%
||
7 Day CHG~0.00%
Published-04 Jun, 2024 | 19:08
Updated-02 Aug, 2024 | 01:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress RT Easy Builder plugin <= 2.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in RT Easy Builder – Advanced addons for Elementor.This issue affects RT Easy Builder – Advanced addons for Elementor: from n/a through 2.0.

Action-Not Available
Vendor-risethemes
Product-rt_easy_builderRT Easy Builder – Advanced addons for Elementor
CWE ID-CWE-862
Missing Authorization
CVE-2025-8310
Matching Score-4
Assigner-Ivanti
ShareView Details
Matching Score-4
Assigner-Ivanti
CVSS Score-6.5||MEDIUM
EPSS-0.25% / 47.77%
||
7 Day CHG~0.00%
Published-12 Aug, 2025 | 14:42
Updated-12 Jan, 2026 | 18:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Missing authorization in the admin console of Ivanti Virtual Application Delivery Controller before version 22.9 allows a remote authenticated attacker to take over admin accounts by resetting the password

Action-Not Available
Vendor-Ivanti Software
Product-virtual_application_delivery_controllerVirtual Application Delivery ControllerCWE-862
CWE ID-CWE-862
Missing Authorization
CVE-2024-31099
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.4||MEDIUM
EPSS-0.16% / 36.92%
||
7 Day CHG~0.00%
Published-01 Apr, 2024 | 14:07
Updated-29 May, 2025 | 13:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Phlox Core Elements plugin <= 2.15.7 - Broken Access Control vulnerability

Missing Authorization vulnerability in Averta Shortcodes and extra features for Phlox theme auxin-elements.This issue affects Shortcodes and extra features for Phlox theme: from n/a through 2.15.7.

Action-Not Available
Vendor-Depicter (Averta)
Product-shortcodes_and_extra_features_for_phlox_themeShortcodes and extra features for Phlox theme
CWE ID-CWE-862
Missing Authorization
CVE-2024-31252
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.41% / 60.91%
||
7 Day CHG~0.00%
Published-09 Jun, 2024 | 11:12
Updated-26 Nov, 2024 | 16:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Responsive Lightbox & Gallery plugin <= 2.4.6 - Broken Access Control vulnerability

Missing Authorization vulnerability in dFactory Responsive Lightbox.This issue affects Responsive Lightbox: from n/a through 2.4.6.

Action-Not Available
Vendor-dfactorydFactory
Product-responsive_lightbox_\&_galleryResponsive Lightbox
CWE ID-CWE-862
Missing Authorization
CVE-2024-30466
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.16% / 36.69%
||
7 Day CHG~0.00%
Published-09 Jun, 2024 | 10:43
Updated-08 Oct, 2024 | 21:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WooCommerce Multilingual & Multicurrency plugin <= 5.3.4 - Broken Access Control vulnerability

Missing Authorization vulnerability in OnTheGoSystems WooCommerce Multilingual & Multicurrency.This issue affects WooCommerce Multilingual & Multicurrency: from n/a through 5.3.4.

Action-Not Available
Vendor-onthegosystemsOnTheGoSystems
Product-woocommerce_multilingual_\&_multicurrencyWooCommerce Multilingual & Multicurrency
CWE ID-CWE-862
Missing Authorization
CVE-2024-30464
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.16% / 36.69%
||
7 Day CHG~0.00%
Published-09 Jun, 2024 | 10:41
Updated-10 Oct, 2024 | 20:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Social Icons Widget & Block by WPZOOM plugin <= 4.2.15 - Broken Access Control vulnerability

Missing Authorization vulnerability in WPZOOM Social Icons Widget & Block by WPZOOM.This issue affects Social Icons Widget & Block by WPZOOM: from n/a through 4.2.15.

Action-Not Available
Vendor-wpzoomWPZOOM
Product-social_icons_widgetSocial Icons Widget & Block by WPZOOM
CWE ID-CWE-862
Missing Authorization
CVE-2024-31304
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.53% / 66.47%
||
7 Day CHG~0.00%
Published-09 Jun, 2024 | 18:09
Updated-02 Aug, 2024 | 01:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress MultiVendorX Marketplace <= 4.1.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in MultiVendorX WC Marketplace.This issue affects WC Marketplace: from n/a through 4.1.3.

Action-Not Available
Vendor-multivendorxMultiVendorX
Product-multivendorxWC Marketplace
CWE ID-CWE-862
Missing Authorization
CVE-2024-30515
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.22% / 44.29%
||
7 Day CHG~0.00%
Published-09 Jun, 2024 | 11:00
Updated-07 Oct, 2024 | 18:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Events Manager plugin <= 6.4.6.4 - Broken Access Control vulnerability

Missing Authorization vulnerability in Pixelite Events Manager.This issue affects Events Manager: from n/a through 6.4.6.4.

Action-Not Available
Vendor-pixelitePixelite
Product-events_managerEvents Manager
CWE ID-CWE-862
Missing Authorization
CVE-2024-30485
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-8.8||HIGH
EPSS-53.46% / 97.91%
||
7 Day CHG~0.00%
Published-09 Jun, 2024 | 10:58
Updated-07 Oct, 2024 | 16:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Finale Lite plugin <= 2.18.0 - Subscriber+ Arbitrary Plugin Installation/Activation vulnerability

Missing Authorization vulnerability in XLPlugins Finale Lite.This issue affects Finale Lite: from n/a through 2.18.0.

Action-Not Available
Vendor-xlpluginsXLPluginsxlplugins
Product-finaleFinale Litefinale_lite
CWE ID-CWE-862
Missing Authorization
CVE-2024-31359
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.22% / 44.29%
||
7 Day CHG~0.00%
Published-09 Jun, 2024 | 17:20
Updated-26 Sep, 2024 | 13:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Premmerce Product Filter for WooCommerce plugin <= 3.7.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in Premmerce Premmerce Product Filter for WooCommerce.This issue affects Premmerce Product Filter for WooCommerce: from n/a through 3.7.2.

Action-Not Available
Vendor-premmercePremmerce
Product-premmerce_product_filter_for_woocommercePremmerce Product Filter for WooCommerce
CWE ID-CWE-862
Missing Authorization
CVE-2024-31294
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.22% / 44.29%
||
7 Day CHG~0.00%
Published-09 Jun, 2024 | 08:50
Updated-05 Oct, 2024 | 02:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Sort Order plugin <= 1.3.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in Fahad Mahmood WP Sort Order.This issue affects WP Sort Order: from n/a through 1.3.1.

Action-Not Available
Vendor-androidbubbleFahad Mahmood
Product-wp_sort_orderWP Sort Order
CWE ID-CWE-862
Missing Authorization
CVE-2024-31098
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-8.1||HIGH
EPSS-0.44% / 62.63%
||
7 Day CHG~0.00%
Published-09 Jun, 2024 | 08:58
Updated-09 Oct, 2024 | 17:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress New Order Notification for Woocommerce plugin <= 2.0.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in Mr.Ebabi New Order Notification for Woocommerce.This issue affects New Order Notification for Woocommerce: from n/a through 2.0.2.

Action-Not Available
Vendor-mrebabiMr.Ebabi
Product-new_order_notification_for_woocommerceNew Order Notification for Woocommerce
CWE ID-CWE-862
Missing Authorization
CVE-2024-30470
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.30% / 52.75%
||
7 Day CHG~0.00%
Published-09 Jun, 2024 | 10:51
Updated-08 Oct, 2024 | 20:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress YITH WooCommerce Account Funds Premium plugin <= 1.32.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in YITH YITH WooCommerce Account Funds Premium.This issue affects YITH WooCommerce Account Funds Premium: from n/a through 1.33.0.

Action-Not Available
Vendor-Your Inspiration Solutions S.L.U. (YITH) (YITHEMES)
Product-woocommerce_account_fundsYITH WooCommerce Account Funds Premiumyith_woocommerce_account_funds_premium
CWE ID-CWE-862
Missing Authorization
CVE-2022-43453
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-8.8||HIGH
EPSS-0.41% / 60.69%
||
7 Day CHG~0.00%
Published-21 Jun, 2024 | 13:33
Updated-03 Aug, 2024 | 13:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Tools plugin <= 3.41 - Auth. Broken Access Control vulnerability

Missing Authorization vulnerability in Bill Minozzi WP Tools.This issue affects WP Tools: from n/a through 3.41.

Action-Not Available
Vendor-billminozziBill Minozzibillminozzi
Product-wp_toolsWP Toolswp_tools
CWE ID-CWE-862
Missing Authorization
CVE-2020-26818
Matching Score-4
Assigner-SAP SE
ShareView Details
Matching Score-4
Assigner-SAP SE
CVSS Score-6.5||MEDIUM
EPSS-0.27% / 49.61%
||
7 Day CHG~0.00%
Published-10 Nov, 2020 | 16:17
Updated-04 Aug, 2024 | 16:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SAP NetWeaver AS ABAP (Web Dynpro), versions - 731, 740, 750, 751, 752, 753, 754, 755, 782, allows an authenticated user to access Web Dynpro components, which reveals sensitive system information that would otherwise be restricted to highly privileged users because of missing authorization, resulting in Information Disclosure.

Action-Not Available
Vendor-SAP SE
Product-netweaver_application_server_abapSAP NetWeaver AS ABAP (Web Dynpro)
CWE ID-CWE-862
Missing Authorization
CVE-2024-47317
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.50% / 65.59%
||
7 Day CHG~0.00%
Published-01 Nov, 2024 | 14:17
Updated-12 Nov, 2024 | 20:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Ads by WPQuads plugin <= 2.0.84 - Broken Access Control vulnerability

Missing Authorization vulnerability in WP Quads Ads by WPQuads – Adsense Ads, Banner Ads, Popup Ads allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ads by WPQuads – Adsense Ads, Banner Ads, Popup Ads: from n/a through 2.0.84.

Action-Not Available
Vendor-wpquadsWP Quads
Product-adsAds by WPQuads – Adsense Ads, Banner Ads, Popup Ads
CWE ID-CWE-862
Missing Authorization
CVE-2025-68976
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-8.8||HIGH
EPSS-0.05% / 15.41%
||
7 Day CHG~0.00%
Published-30 Dec, 2025 | 10:47
Updated-20 Jan, 2026 | 15:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Eagle Booking plugin <= 1.3.4.3 - Settings Change vulnerability

Missing Authorization vulnerability in Eagle-Themes Eagle Booking eagle-booking allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Eagle Booking: from n/a through <= 1.3.4.3.

Action-Not Available
Vendor-Eagle-Themes
Product-Eagle Booking
CWE ID-CWE-862
Missing Authorization
CVE-2025-6993
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-7.5||HIGH
EPSS-0.06% / 19.67%
||
7 Day CHG~0.00%
Published-16 Jul, 2025 | 09:22
Updated-02 Aug, 2025 | 01:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Ultimate WP Mail 1.0.17 - 1.3.6 - Missing Authorization to Authenticated (Contributor+) Privilege Escalation via get_email_log_details Function

The Ultimate WP Mail plugin for WordPress is vulnerable to Privilege Escalation due to improper authorization within the get_email_log_details() AJAX handler in versions 1.0.17 to 1.3.6. The handler reads the client-supplied post_id and retrieves the corresponding email log post content (including the password-reset link), relying only on the ‘edit_posts’ capability without restricting to administrators or validating ownership. This makes it possible for authenticated attackers, with Contributor-level access and above, to harvest an admin’s reset link and elevate their privileges to administrator.

Action-Not Available
Vendor-rustauriusrustaurius
Product-ultimate_wp_mailUltimate WP Mail
CWE ID-CWE-862
Missing Authorization
CVE-2024-38707
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.3||MEDIUM
EPSS-0.17% / 38.20%
||
7 Day CHG~0.00%
Published-01 Nov, 2024 | 14:18
Updated-24 Mar, 2025 | 15:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress EmbedPress plugin <= 4.0.4 - Broken Access Control vulnerability

Missing Authorization vulnerability in WPDeveloper EmbedPress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects EmbedPress: from n/a through 4.0.4.

Action-Not Available
Vendor-WPDeveloper
Product-embedpressEmbedPress
CWE ID-CWE-862
Missing Authorization
CVE-2025-68981
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-8.8||HIGH
EPSS-0.05% / 15.41%
||
7 Day CHG~0.00%
Published-30 Dec, 2025 | 10:47
Updated-20 Jan, 2026 | 15:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress HomeFix Elementor Portfolio plugin <= 1.0.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in designthemes HomeFix Elementor Portfolio homefix-ele-portfolio allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects HomeFix Elementor Portfolio: from n/a through <= 1.0.1.

Action-Not Available
Vendor-designthemes
Product-HomeFix Elementor Portfolio
CWE ID-CWE-862
Missing Authorization
CVE-2022-31765
Matching Score-4
Assigner-Siemens
ShareView Details
Matching Score-4
Assigner-Siemens
CVSS Score-8.8||HIGH
EPSS-0.38% / 58.96%
||
7 Day CHG-0.01%
Published-11 Oct, 2022 | 00:00
Updated-21 Apr, 2025 | 13:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Affected devices do not properly authorize the change password function of the web interface. This could allow low privileged users to escalate their privileges.

Action-Not Available
Vendor-Siemens AG
Product-6gk5788-1gd00-0aa06gk5328-4ss00-2ar3_firmware6gk5876-4aa00-2da26gk5774-1fx00-0aa06gk5748-1gy01-0aa06gk5748-1gd00-0ab0_firmware6gk5766-1ge00-7da0_firmware6gk5763-1al00-3aa06gk5826-2ab00-2ab26gk5788-2gd00-0ta0_firmware6gk5786-2fc00-0ac06gk5766-1ge00-7da06gk5788-1gy01-0aa0_firmware6gk5774-1fy00-0ta06gk5552-0aa00-2ar26gk5778-1gy00-0tb06gk5622-2gs00-2ac2_firmware6gk5722-1fc00-0ac0_firmware6gk5528-0ar00-2hr26gk5208-0ga00-2ac2_firmware6gk5552-0ar00-2hr2_firmware6gk5526-8gs00-4ar26gk5526-8gr00-4ar2_firmware6gk5204-0ba00-2gf2_firmware6gk5408-4gq00-2am26gk5208-0ha00-2ts6_firmware6gk5524-8gr00-3ar2_firmware6gk5788-1gd00-0aa0_firmware6ag1216-4bs00-7ac26gk5856-2ea00-3da16gk5722-1fc00-0aa0_firmware6gk5722-1fc00-0ac06gk5324-0ba00-3ar36gk5205-3bf00-2tb2_firmware6gk5524-8gs00-2ar2_firmware6gk5786-2fc00-0ac0_firmware6gk5761-1fc00-0aa0_firmware6gk5216-3rs00-2ac26gk5788-2gy01-0ta0_firmware6gk5552-0ar00-2ar2_firmware6gk5208-0ga00-2ac26gk5213-3bb00-2tb2_firmware6gk5524-8gr00-4ar2_firmware6gk5216-0ha00-2es6_firmware6gk5552-0aa00-2hr26gk5788-1gd00-0ab0_firmware6gk5734-1fx00-0ab6_firmware6gk5204-0ba00-2gf26gk5786-1fc00-0ab0_firmware6gk5786-2fc00-0aa0_firmware6gk5328-4fs00-3ar36gk5206-2rs00-2ac2_firmware6gk5722-1fc00-0aa06gk5213-3bd00-2ab2_firmware6gk5876-4aa00-2da2_firmware6gk5856-2ea00-3aa16gk5213-3bd00-2tb26gk5876-3aa02-2ba2_firmware6gk5766-1je00-3da0_firmware6gk5206-2rs00-5ac2_firmware6gk5876-4aa00-2ba26gk5408-8gs00-2am26gk5788-2gd00-0aa0_firmware6gk5205-3bb00-2tb26gk5208-0ua00-5es66gk6108-4am00-2da2_firmware6ag1208-0ba00-7ac26gk5786-2hc00-0ab06gk5526-8gr00-2ar2_firmware6gk5748-1gd00-0ab06gk5208-0ra00-2ac2_firmware6gk5748-1fc00-0ab0_firmware6gk5734-1fx00-0aa66gk5761-1fc00-0ab06gk5224-4gs00-2tc26gk5216-0ba00-2ac26gk5788-2gd00-0tb06gk5216-4bs00-2ac26gk5734-1fx00-0ab06gk5766-1je00-7da06gk5876-3aa02-2ea26gk5766-1ge00-7db06gk5216-0ha00-2as66gk5216-0ha00-2es66gk5224-0ba00-2ac26gk5328-4fs00-2rr3_firmware6gk5206-2bd00-2ac26gk5853-2ea00-2da1_firmware6gk5206-2gs00-2tc2_firmware6gk5766-1ge00-7tb0_firmware6gk5213-3bf00-2ab2_firmware6ag1206-2bb00-7ac2_firmware6gk5524-8gs00-2ar26gk5788-2gd00-0ta06gk5524-8gr00-2ar26gk5528-0aa00-2hr2_firmware6gk5812-1ba00-2aa26gk5208-0ga00-2fc26gk5208-0ga00-2fc2_firmware6gk5213-3bf00-2tb26gk5216-0ba00-2ab26gk5216-0ba00-2fc2_firmware6gk5416-4gs00-2am2_firmware6gk5213-3bd00-2ab26gk5206-2gs00-2fc26gk5206-2gs00-2ac26gk5205-3bb00-2ab2_firmware6gk5208-0ba00-2fc2_firmware6gk5774-1fx00-0aa66gk5208-0ba00-2ac2_firmware6gk5206-2rs00-5fc2_firmware6gk5766-1ge00-3da06gk5826-2ab00-2ab2_firmware6gk5206-2bs00-2ac26gk5786-2hc00-0aa0_firmware6gk5528-0aa00-2hr26gk5778-1gy00-0ta0_firmware6gk5224-4gs00-2tc2_firmware6gk5788-2gy01-0aa0_firmware6gk5788-2gd00-0tc06gk5206-2bs00-2fc26gk5208-0ba00-2ac26gk5788-2fc00-0aa0_firmware6gk5748-1fc00-0aa0_firmware6gk5738-1gy00-0aa0_firmware6gk5788-2gd00-0ab06gk5786-2fc00-0aa06gk5788-2hy01-0aa06gk5208-0ha00-2as66gk5774-1fy00-0ta0_firmware6gk5721-1fc00-0ab06gk6108-4am00-2ba2_firmware6gk5205-3bd00-2tb26gk5788-1fc00-0aa06gk5524-8gr00-3ar26gk5774-1fx00-0ac0_firmware6gk5208-0ra00-5ac26gk5786-2hc00-0aa06gk5213-3bb00-2ab26gk5734-1fx00-0ab66gk5766-1ge00-7ta0_firmware6gk5216-0ha00-2ts66gk5786-2fe00-0ab06gk5816-1aa00-2aa2_firmware6gk5206-2gs00-2ac2_firmware6gk5326-2qs00-3rr36ag1216-4bs00-7ac2_firmware6gk5774-1fx00-0aa6_firmware6gk5721-1fc00-0aa0_firmware6gk5216-3rs00-2ac2_firmware6gk5204-2aa00-2gf2_firmware6gk5788-1fc00-0ab06gk5208-0ha00-2es66gk5328-4ss00-3ar3_firmware6gk5216-3rs00-5ac2_firmware6gk5788-1fc00-0ab0_firmware6gk5552-0aa00-2hr2_firmware6gk5216-4gs00-2fc26gk5876-3aa02-2ba26gk5766-1ge00-7ta06gk5788-2gd00-0tc0_firmware6gk5328-4fs00-3ar3_firmware6gk5205-3bd00-2tb2_firmware6gk5786-2fe00-0aa06gk5326-2qs00-3ar36gk5748-1gy01-0ta06gk5206-2rs00-2ac26gk5206-2bb00-2ac2_firmware6gk5213-3bb00-2ab2_firmware6gk5216-0ba00-2tb26gk5748-1fc00-0aa06gk5786-1fc00-0aa06gk5526-8gr00-4ar26gk5206-2bb00-2ac26gk5524-8gs00-4ar26gk5734-1fx00-0aa0_firmware6gk5786-2fe00-0aa0_firmware6gk5748-1gy01-0ta0_firmware6gk5876-4aa00-2ba2_firmware6ag1206-2bs00-7ac2_firmware6gk5812-1aa00-2aa26gk5524-8gs00-3ar2_firmware6gk5763-1al00-7da0_firmware6gk5524-8gr00-2ar2_firmware6gk5856-2ea00-3da1_firmware6gk5788-2gd00-0tb0_firmware6gk5416-4gr00-2am26gk5812-1aa00-2aa2_firmware6gk5788-2gd00-0aa06gk5722-1fc00-0ab06gk5528-0aa00-2ar2_firmware6gk5816-1ba00-2aa26gk5526-8gs00-2ar2_firmware6gk5778-1gy00-0aa0_firmware6gk5874-2aa00-2aa26gk5734-1fx00-0aa06gk5788-2gd00-0ab0_firmware6gk5524-8gr00-4ar26gk5524-8gs00-4ar2_firmware6gk5748-1gd00-0aa0_firmware6gk5816-1ba00-2aa2_firmware6gk5874-3aa00-2aa2_firmware6gk5804-0ap00-2aa26gk5208-0ba00-2tb2_firmware6gk5636-2gs00-2ac2_firmware6gk5528-0aa00-2ar26gk5774-1fx00-0ab0_firmware6gk5774-1fx00-0ab6_firmware6gk5206-2rs00-5ac26gk5224-4gs00-2ac26gk5328-4fs00-3rr3_firmware6gk5788-1fc00-0aa0_firmware6gk5526-8gr00-3ar26gk5816-1aa00-2aa26gk5552-0ar00-2hr26gk5408-4gp00-2am26gk5326-2qs00-3rr3_firmware6gk5328-4fs00-2ar3_firmware6gk5216-0ha00-2ts6_firmware6gk5761-1fc00-0ab0_firmware6gk5774-1fx00-0ab66gk5748-1fc00-0ab06gk5774-1fy00-0tb06gk5205-3bb00-2ab26gk5208-0ga00-2tc2_firmware6gk5876-3aa02-2ea2_firmware6gk5734-1fx00-0aa6_firmware6gk5774-1fx00-0ac06gk5204-0ba00-2yf2_firmware6gk5206-2gs00-2fc2_firmware6gk5646-2gs00-2ac26gk5856-2ea00-3aa1_firmware6gk5224-0ba00-2ac2_firmware6gk5216-0ba00-2ac2_firmware6gk5786-1fc00-0ab06gk5324-0ba00-2ar3_firmware6gk5738-1gy00-0aa06gk5763-1al00-3aa0_firmware6gk5216-4gs00-2fc2_firmware6gk5416-4gr00-2am2_firmware6gk5224-4gs00-2fc2_firmware6gk5328-4fs00-2ar36gk5213-3bf00-2tb2_firmware6gk5205-3bb00-2tb2_firmware6gk5766-1ge00-3db0_firmware6gk5526-8gs00-2ar26gk5738-1gy00-0ab06gk5324-0ba00-3ar3_firmware6gk5788-1gy01-0aa06gk5788-2fc00-0aa06gk5788-2fc00-0ac0_firmware6gk5524-8gs00-3ar26gk5326-2qs00-3ar3_firmware6gk5224-4gs00-2ac2_firmware6gk5324-0ba00-2ar36gk5208-0ga00-2tc26gk5213-3bf00-2ab26gk5552-0aa00-2ar2_firmware6gk5216-4gs00-2tc26gk5206-2rs00-5fc26gk5642-2gs00-2ac2_firmware6gk5763-1al00-3da0_firmware6gk5208-0ua00-5es6_firmware6gk5206-2gs00-2tc26gk5774-1fx00-0aa0_firmware6gk5216-0ua00-5es66gk5646-2gs00-2ac2_firmware6gk5766-1ge00-7db0_firmware6gk5788-2hy01-0aa0_firmware6gk5788-2fc00-0ac06gk5205-3bf00-2ab26gk5778-1gy00-0tb0_firmware6gk5788-2gy01-0aa06gk5552-0ar00-2ar26gk5786-2fc00-0ab0_firmware6gk5778-1gy00-0ta06gk5213-3bd00-2tb2_firmware6gk5766-1je00-3da06gk5528-0ar00-2ar2_firmware6gk5328-4fs00-2rr36gk5766-1je00-7da0_firmware6gk5622-2gs00-2ac26gk5213-3bb00-2tb26gk5204-2aa00-2yf26gk5786-2fc00-0ab06gk5208-0ba00-2ab26gk5204-2aa00-2gf26gk5738-1gy00-0ab0_firmware6gk5778-1gy00-0aa06gk5778-1gy00-0ab0_firmware6gk5216-0ba00-2fc26gk5804-0ap00-2aa2_firmware6gk5328-4ss00-3ar36gk5874-2aa00-2aa2_firmware6gk5763-1al00-7da06gk5216-3rs00-5ac26gk5208-0ba00-2tb26gk5874-3aa00-2aa26gk5721-1fc00-0aa06gk5632-2gs00-2ac26gk5328-4fs00-3rr36gk5205-3bd00-2ab26gk5778-1gy00-0ab06gk5766-1ge00-3db06gk5734-1fx00-0ab0_firmware6gk6108-4am00-2ba26gk5528-0ar00-2hr2_firmware6gk5721-1fc00-0ab0_firmware6gk5208-0ha00-2as6_firmware6gk5224-4gs00-2fc26gk5526-8gr00-2ar26gk5748-1gd00-0aa06gk5208-0ra00-2ac26gk5206-2bs00-2ac2_firmware6gk5528-0ar00-2ar26gk5761-1fc00-0aa06gk5774-1fx00-0ab06gk5205-3bf00-2tb26gk5763-1al00-3da06gk5216-0ua00-5es6_firmware6gk5632-2gs00-2ac2_firmware6gk5216-4gs00-2ac26gk5766-1je00-7ta0_firmware6gk5408-8gr00-2am2_firmware6gk5812-1ba00-2aa2_firmware6gk5722-1fc00-0ab0_firmware6gk5636-2gs00-2ac26ag1206-2bs00-7ac26gk5786-2hc00-0ab0_firmware6gk5786-1fc00-0aa0_firmware6gk5204-0ba00-2yf26gk5788-2fc00-0ab0_firmware6gk5208-0ha00-2ts66gk5642-2gs00-2ac26gk5216-0ba00-2ab2_firmware6gk5526-8gs00-3ar2_firmware6gk5408-4gp00-2am2_firmware6gk5526-8gs00-4ar2_firmware6gk5788-2gy01-0ta06gk5208-0ba00-2fc26gk5526-8gr00-3ar2_firmware6gk6108-4am00-2da26gk5408-4gq00-2am2_firmware6gk5216-0ba00-2tb2_firmware6gk5774-1fy00-0tb0_firmware6gk5786-2fe00-0ab0_firmware6gk5216-4bs00-2ac2_firmware6gk5408-8gr00-2am26gk5766-1ge00-7tb06gk5206-2bs00-2fc2_firmware6gk5216-4gs00-2ac2_firmware6gk5205-3bd00-2ab2_firmware6gk5328-4ss00-2ar36gk5208-0ha00-2es6_firmware6gk5408-8gs00-2am2_firmware6gk5205-3bf00-2ab2_firmware6gk5416-4gs00-2am26gk5766-1ge00-3da0_firmware6ag1206-2bb00-7ac26gk5208-0ra00-5ac2_firmware6gk5788-2fc00-0ab06gk5216-4gs00-2tc2_firmware6gk5766-1je00-7ta06gk5204-2aa00-2yf2_firmware6gk5526-8gs00-3ar26gk5216-0ha00-2as6_firmware6gk5748-1gy01-0aa0_firmware6gk5853-2ea00-2da16gk5788-1gd00-0ab06gk5206-2bd00-2ac2_firmware6gk5208-0ba00-2ab2_firmware6ag1208-0ba00-7ac2_firmwareSCALANCE W774-1 RJ45SCALANCE M876-4 (NAM)SCALANCE W1788-2IA M12SCALANCE XB213-3 (ST, E/IP)SCALANCE XR524-8C, 24VSCALANCE XB213-3 (ST, PN)SCALANCE XC216EECRUGGEDCOM RM1224 LTE(4G) NAMSCALANCE XB205-3 (ST, PN)SCALANCE XC208SCALANCE XB213-3LD (SC, PN)SCALANCE XC206-2G PoESCALANCE XR328-4C WG (28xGE, DC 24V)SCALANCE XB205-3LD (SC, PN)SCALANCE W734-1 RJ45 (USA)SCALANCE S615 EECSCALANCE MUM856-1 (RoW)SCALANCE XR324WG (24 X FE, DC 24V)SCALANCE XR528-6M (2HR2)SCALANCE XR528-6M (L3 int.)SCALANCE XB216 (E/IP)SCALANCE XC216-4CSCALANCE XB208 (E/IP)SCALANCE XR324WG (24 x FE, AC 230V)SCALANCE XC206-2 (SC)SCALANCE W778-1 M12 EECSCALANCE XR524-8C, 1x230VSCALANCE W788-1 M12SCALANCE M876-3 (EVDO)SCALANCE XP208SCALANCE XR552-12M (2HR2)SCALANCE XF204-2BA DNASCALANCE WAM766-1 EEC (EU)SCALANCE XB205-3LD (SC, E/IP)SCALANCE XF204-2BASCALANCE WUM763-1SIPLUS NET SCALANCE XC216-4CSCALANCE W788-2 M12 EECSCALANCE W786-2 RJ45SCALANCE XB213-3 (SC, PN)SCALANCE W1788-2 EEC M12SCALANCE XC206-2SFPSCALANCE XP216POE EECSCALANCE XM408-4C (L3 int.)SCALANCE W1788-2 M12SCALANCE W786-1 RJ45SCALANCE XP208EECSCALANCE MUM856-1 (EU)SCALANCE S615SCALANCE WAM766-1 (US)SCALANCE SC646-2CSCALANCE M826-2 SHDSL-RouterSCALANCE W786-2 SFPSCALANCE XR524-8C, 24V (L3 int.)SCALANCE XR552-12M (2HR2, L3 int.)SCALANCE XC206-2 (ST/BFOC)SCALANCE W722-1 RJ45SCALANCE XM416-4CSCALANCE W788-1 RJ45SCALANCE XR526-8C, 24V (L3 int.)SCALANCE XR528-6MSCALANCE XR528-6M (2HR2, L3 int.)SCALANCE XC216-4C GSCALANCE M874-2SCALANCE XR526-8C, 2x230VSCALANCE W1748-1 M12SCALANCE XP216 (Ethernet/IP)SCALANCE W774-1 M12 EECSCALANCE XR328-4C WG (24xFE,4xGE,AC230V)SCALANCE XC224-4C GSCALANCE XC208G PoE (54 V DC)SCALANCE M816-1 ADSL-Router (Annex B)SCALANCE XC206-2G PoE EEC (54 V DC)SCALANCE XP208 (Ethernet/IP)SCALANCE M876-3 (ROK)SCALANCE XB216 (PN)SCALANCE XC216-4C G (EIP Def.)SCALANCE M876-4SCALANCE XR526-8C, 24VSCALANCE W734-1 RJ45SCALANCE SC636-2CSCALANCE W788-2 RJ45SCALANCE XM408-4CSCALANCE XC208G PoESCALANCE XR524-8C, 1x230V (L3 int.)SCALANCE WUM766-1 (US)SCALANCE W778-1 M12SCALANCE W748-1 RJ45SCALANCE XM408-8C (L3 int.)SCALANCE XB213-3LD (SC, E/IP)SCALANCE XC216SCALANCE XC208G EECSCALANCE XC208G (EIP def.)SCALANCE XC208GSCALANCE XR526-8C, 2x230V (L3 int.)SCALANCE XP216EECSCALANCE M816-1 ADSL-Router (Annex A)SCALANCE XC206-2G PoE (54 V DC)SCALANCE XM416-4C (L3 int.)RUGGEDCOM RM1224 LTE(4G) EUSCALANCE XC206-2SFP GSCALANCE W774-1 RJ45 (USA)SCALANCE MUM853-1 (EU)SCALANCE XR328-4C WG (24xFE, 4xGE,DC24V)SCALANCE W778-1 M12 EEC (USA)SCALANCE W1788-1 M12SCALANCE W738-1 M12SCALANCE M876-4 (EU)SCALANCE XR524-8C, 2x230VSCALANCE XR526-8C, 1x230V (L3 int.)SCALANCE M804PBSCALANCE XC216-3G PoE (54 V DC)SCALANCE XR326-2C PoE WG (without UL)SCALANCE XB205-3 (SC, PN)SCALANCE XC206-2SFP EECSCALANCE W721-1 RJ45SCALANCE XC206-2SFP G (EIP DEF.)SCALANCE WAM766-1 (EU)SCALANCE M812-1 ADSL-Router (Annex B)SCALANCE SC632-2CSCALANCE XP208PoE EECSCALANCE W786-2IA RJ45SCALANCE XF204SCALANCE XF204 DNASCALANCE M812-1 ADSL-Router (Annex A)SCALANCE XB213-3 (SC, E/IP)SCALANCE XR524-8C, 2x230V (L3 int.)SCALANCE XB208 (PN)SCALANCE XC224SCALANCE XR326-2C PoE WGSCALANCE M874-3SCALANCE WUM766-1 (EU)SCALANCE XB205-3 (ST, E/IP)SCALANCE XC208EECSCALANCE WAM763-1SCALANCE XR328-4C WG (24XFE, 4XGE, 24V)SIPLUS NET SCALANCE XC206-2SCALANCE XM408-8CSCALANCE W748-1 M12SCALANCE SC642-2CSCALANCE XR552-12MSCALANCE XR526-8C, 1x230VSCALANCE XR328-4C WG (28xGE, AC 230V)SIPLUS NET SCALANCE XC208SCALANCE XC206-2SFP G EECSCALANCE XC224-4C G EECSCALANCE WAM766-1 EEC (US)SCALANCE W761-1 RJ45SCALANCE XC216-3G PoESCALANCE XC216-4C G EECSIPLUS NET SCALANCE XC206-2SFPSCALANCE XP216SCALANCE XC224-4C G (EIP Def.)SCALANCE SC622-2CSCALANCE W788-2 M12
CWE ID-CWE-862
Missing Authorization
CVE-2022-31595
Matching Score-4
Assigner-SAP SE
ShareView Details
Matching Score-4
Assigner-SAP SE
CVSS Score-8.8||HIGH
EPSS-0.40% / 60.42%
||
7 Day CHG~0.00%
Published-14 Jun, 2022 | 18:45
Updated-03 Aug, 2024 | 07:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SAP Financial Consolidation - version 1010,�does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.

Action-Not Available
Vendor-SAP SE
Product-adaptive_server_enterpriseSAP Financial Consolidation
CWE ID-CWE-862
Missing Authorization
CVE-2025-68585
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-8.8||HIGH
EPSS-0.05% / 15.41%
||
7 Day CHG~0.00%
Published-24 Dec, 2025 | 13:10
Updated-20 Jan, 2026 | 15:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Document Revisions plugin <= 3.7.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in Ben Balter WP Document Revisions wp-document-revisions allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Document Revisions: from n/a through <= 3.7.2.

Action-Not Available
Vendor-Ben Balter
Product-WP Document Revisions
CWE ID-CWE-862
Missing Authorization
CVE-2025-68521
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-8.8||HIGH
EPSS-0.05% / 15.41%
||
7 Day CHG~0.00%
Published-24 Dec, 2025 | 12:31
Updated-20 Jan, 2026 | 15:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WpStream plugin <= 4.9.5 - Broken Access Control vulnerability

Missing Authorization vulnerability in wpstream WpStream wpstream allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WpStream: from n/a through <= 4.9.5.

Action-Not Available
Vendor-wpstream
Product-WpStream
CWE ID-CWE-862
Missing Authorization
CVE-2024-30234
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.37% / 58.19%
||
7 Day CHG~0.00%
Published-26 Mar, 2024 | 12:16
Updated-27 Mar, 2025 | 19:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WholesaleX plugin <= 1.3.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in Wholesale Team WholesaleX.This issue affects WholesaleX: from n/a through 1.3.1.

Action-Not Available
Vendor-wpxpoWholesale Team
Product-wholesalexWholesaleX
CWE ID-CWE-862
Missing Authorization
CVE-2025-68582
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-8.8||HIGH
EPSS-0.05% / 15.41%
||
7 Day CHG~0.00%
Published-24 Dec, 2025 | 13:10
Updated-20 Jan, 2026 | 15:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Funnelforms Free plugin <= 3.8 - Broken Access Control vulnerability

Missing Authorization vulnerability in Funnelforms Funnelforms Free funnelforms-free allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Funnelforms Free: from n/a through <= 3.8.

Action-Not Available
Vendor-Funnelforms
Product-Funnelforms Free
CWE ID-CWE-862
Missing Authorization
CVE-2025-6754
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-8.8||HIGH
EPSS-0.08% / 24.53%
||
7 Day CHG~0.00%
Published-02 Aug, 2025 | 07:24
Updated-04 Aug, 2025 | 15:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SEO Metrics <= 1.0.5 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation

The SEO Metrics plugin for WordPress is vulnerable to Privilege Escalation due to missing authorization checks in both the seo_metrics_handle_connect_button_click() AJAX handler and the seo_metrics_handle_custom_endpoint() function in versions 1.0.5 through 1.0.15. Because the AJAX action only verifies a nonce, without checking the caller’s capabilities, a subscriber-level user can retrieve the token and then access the custom endpoint to obtain full administrator cookies.

Action-Not Available
Vendor-seometricsplugin
Product-SEO Metrics
CWE ID-CWE-862
Missing Authorization
CVE-2020-25917
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.29% / 52.34%
||
7 Day CHG~0.00%
Published-26 Dec, 2020 | 01:50
Updated-04 Aug, 2024 | 15:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Stratodesk NoTouch Center before 4.4.68 is affected by: Incorrect Access Control. A low privileged user on the platform, for example a user with "helpdesk" privileges, can perform privileged operations including adding a new administrator to the platform via the easyadmin/user/submitCreateTCUser.do page.

Action-Not Available
Vendor-stratodeskn/a
Product-notouch_centern/a
CWE ID-CWE-862
Missing Authorization
CWE ID-CWE-669
Incorrect Resource Transfer Between Spheres
CVE-2025-68593
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-8.8||HIGH
EPSS-0.05% / 15.41%
||
7 Day CHG~0.00%
Published-24 Dec, 2025 | 13:10
Updated-20 Jan, 2026 | 15:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Adminify plugin <= 4.0.6.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in Liton Arefin WP Adminify adminify allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Adminify: from n/a through <= 4.0.6.1.

Action-Not Available
Vendor-Liton Arefin
Product-WP Adminify
CWE ID-CWE-862
Missing Authorization
CVE-2025-68505
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-8.8||HIGH
EPSS-0.05% / 15.41%
||
7 Day CHG~0.00%
Published-24 Dec, 2025 | 12:31
Updated-20 Jan, 2026 | 15:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress H5P plugin <= 1.16.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in icc0rz H5P h5p allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects H5P: from n/a through <= 1.16.1.

Action-Not Available
Vendor-icc0rz
Product-H5P
CWE ID-CWE-862
Missing Authorization
CVE-2020-25718
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-8.8||HIGH
EPSS-0.20% / 41.74%
||
7 Day CHG~0.00%
Published-18 Feb, 2022 | 00:00
Updated-04 Aug, 2024 | 15:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A flaw was found in the way samba, as an Active Directory Domain Controller, is able to support an RODC (read-only domain controller). This would allow an RODC to print administrator tickets.

Action-Not Available
Vendor-n/aSambaFedora Project
Product-fedorasambasamba
CWE ID-CWE-862
Missing Authorization
CVE-2025-68608
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-8.8||HIGH
EPSS-0.05% / 15.41%
||
7 Day CHG~0.00%
Published-24 Dec, 2025 | 12:31
Updated-20 Jan, 2026 | 15:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Userpro plugin <= 5.1.9 - Broken Access Control vulnerability

Missing Authorization vulnerability in DeluxeThemes Userpro userpro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Userpro: from n/a through <= 5.1.9.

Action-Not Available
Vendor-DeluxeThemes
Product-Userpro
CWE ID-CWE-862
Missing Authorization
CVE-2022-30951
Matching Score-4
Assigner-Jenkins Project
ShareView Details
Matching Score-4
Assigner-Jenkins Project
CVSS Score-8.8||HIGH
EPSS-0.91% / 75.40%
||
7 Day CHG~0.00%
Published-17 May, 2022 | 14:06
Updated-03 Aug, 2024 | 07:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Jenkins WMI Windows Agents Plugin 1.8 and earlier includes the Windows Remote Command library does not implement access control, potentially allowing users to start processes even if they're not allowed to log in.

Action-Not Available
Vendor-Jenkins
Product-wmi_windows_agentsJenkins WMI Windows Agents Plugin
CWE ID-CWE-862
Missing Authorization
CVE-2024-43343
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.29% / 51.92%
||
7 Day CHG~0.00%
Published-01 Nov, 2024 | 14:17
Updated-13 Nov, 2024 | 01:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Order Tracking – WordPress Status Tracking Plugin plugin < 3.3.13 - Broken Access Control vulnerability

Missing Authorization vulnerability in Etoile Web Design Order Tracking allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Order Tracking: from n/a through 3.3.12.

Action-Not Available
Vendor-etoilewebdesignEtoile Web Design
Product-order_trackingOrder Tracking
CWE ID-CWE-862
Missing Authorization
CVE-2025-68586
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-8.8||HIGH
EPSS-0.05% / 15.41%
||
7 Day CHG~0.00%
Published-24 Dec, 2025 | 13:10
Updated-20 Jan, 2026 | 15:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Cooked plugin <= 1.11.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in Gora Tech Cooked cooked allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Cooked: from n/a through <= 1.11.2.

Action-Not Available
Vendor-Gora Tech
Product-Cooked
CWE ID-CWE-862
Missing Authorization
CVE-2022-28866
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.26% / 49.01%
||
7 Day CHG~0.00%
Published-11 Oct, 2022 | 00:00
Updated-03 Aug, 2024 | 06:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple Improper Access Control was discovered in Nokia AirFrame BMC Web GUI < R18 Firmware v4.13.00. It does not properly validate requests for access to (or editing of) data and functionality in all endpoints under /#settings/* and /api/settings/*. By not verifying the permissions for access to resources, it allows a potential attacker to view pages, with sensitive data, that are not allowed, and modify system configurations also causing DoS, which should be accessed only by user with administration profile, bypassing all controls (without checking for user identity).

Action-Not Available
Vendor-n/aNokia Corporation
Product-airframe_bmc_web_gui_r18_firmwaren/a
CWE ID-CWE-862
Missing Authorization
CVE-2024-44052
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.36% / 57.33%
||
7 Day CHG~0.00%
Published-01 Nov, 2024 | 14:17
Updated-08 Nov, 2024 | 21:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress HelloAsso plugin <= 1.1.10 - Broken Access Control vulnerability

Missing Authorization vulnerability in HelloAsso allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects HelloAsso: from n/a through 1.1.10.

Action-Not Available
Vendor-helloassoHelloAsso
Product-helloassoHelloAsso
CWE ID-CWE-862
Missing Authorization
CVE-2022-29611
Matching Score-4
Assigner-SAP SE
ShareView Details
Matching Score-4
Assigner-SAP SE
CVSS Score-8.8||HIGH
EPSS-0.40% / 60.42%
||
7 Day CHG~0.00%
Published-11 May, 2022 | 14:57
Updated-03 Aug, 2024 | 06:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SAP NetWeaver Application Server for ABAP and ABAP Platform do not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.

Action-Not Available
Vendor-SAP SE
Product-netweaver_application_server_abapSAP NetWeaver Application Server for ABAP and ABAP Platform
CWE ID-CWE-862
Missing Authorization
CVE-2025-68595
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-8.8||HIGH
EPSS-0.05% / 15.41%
||
7 Day CHG~0.00%
Published-24 Dec, 2025 | 13:10
Updated-20 Jan, 2026 | 15:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Widgets for Social Photo Feed plugin <= 1.7.7 - Broken Access Control vulnerability

Missing Authorization vulnerability in Trustindex Widgets for Social Photo Feed social-photo-feed-widget allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Widgets for Social Photo Feed: from n/a through <= 1.7.7.

Action-Not Available
Vendor-Trustindex
Product-Widgets for Social Photo Feed
CWE ID-CWE-862
Missing Authorization
CVE-2025-6718
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-8.8||HIGH
EPSS-0.04% / 13.26%
||
7 Day CHG+0.01%
Published-18 Jul, 2025 | 05:23
Updated-22 Jul, 2025 | 13:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
B1.lt for WooCommerce <= 2.2.56 - Missing Authorization to Authenticated (Subscriber+) Arbitrary SQL Injection

The B1.lt plugin for WordPress is vulnerable to SQL Injection due to a missing capability check on the b1_run_query AJAX action in all versions up to, and including, 2.2.56. This makes it possible for authenticated attackers, with Subscriber-level access and above, to execute and run arbitrary SQL commands.

Action-Not Available
Vendor-b1accounting
Product-B1.lt
CWE ID-CWE-862
Missing Authorization
CVE-2024-43332
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.28% / 51.29%
||
7 Day CHG~0.00%
Published-01 Nov, 2024 | 14:17
Updated-13 Nov, 2024 | 01:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Photo Engine plugin <= 6.4.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in Jordy Meow Photo Engine allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Photo Engine: from n/a through 6.4.0.

Action-Not Available
Vendor-meowappsJordy Meow
Product-photo_enginePhoto Engine
CWE ID-CWE-862
Missing Authorization
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • ...
  • 10
  • 11
  • Next
Details not found