Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2025-3876

Summary
Assigner-Wordfence
Assigner Org ID-b15e7b5b-3da4-40ae-a43c-f7aa60e62599
Published At-10 May, 2025 | 11:22
Updated At-08 Apr, 2026 | 16:40
Rejected At-
Credits

SMS Alert Order Notifications – WooCommerce <= 3.8.1 - Authenticated (Subscriber+) Privilege Escalation via handleWpLoginCreateUserAction Function

The SMS Alert Order Notifications – WooCommerce plugin for WordPress is vulnerable to Privilege Escalation due to insufficient user OTP validation in the handleWpLoginCreateUserAction() function in all versions up to, and including, 3.8.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to impersonate any account by supplying its username or email and elevate their privileges to that of an administrator.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:Wordfence
Assigner Org ID:b15e7b5b-3da4-40ae-a43c-f7aa60e62599
Published At:10 May, 2025 | 11:22
Updated At:08 Apr, 2026 | 16:40
Rejected At:
▼CVE Numbering Authority (CNA)
SMS Alert Order Notifications – WooCommerce <= 3.8.1 - Authenticated (Subscriber+) Privilege Escalation via handleWpLoginCreateUserAction Function

The SMS Alert Order Notifications – WooCommerce plugin for WordPress is vulnerable to Privilege Escalation due to insufficient user OTP validation in the handleWpLoginCreateUserAction() function in all versions up to, and including, 3.8.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to impersonate any account by supplying its username or email and elevate their privileges to that of an administrator.

Affected Products
Vendor
cozyvision1
Product
SMS Alert – SMS & OTP for WooCommerce, Order Notifications & Abandoned Cart Recovery
Default Status
unaffected
Versions
Affected
  • From 0 through 3.8.1 (semver)
Problem Types
TypeCWE IDDescription
CWECWE-862CWE-862 Missing Authorization
Type: CWE
CWE ID: CWE-862
Description: CWE-862 Missing Authorization
Metrics
VersionBase scoreBase severityVector
3.18.8HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Version: 3.1
Base score: 8.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

finder
wesley
Timeline
EventDate
Disclosed2025-05-09 21:58:31
Event: Disclosed
Date: 2025-05-09 21:58:31
Replaced By

Rejected Reason

References
HyperlinkResource
https://www.wordfence.com/threat-intel/vulnerabilities/id/1cf65f79-d386-4dd4-a360-b2f764dfaf19?source=cve
N/A
https://plugins.trac.wordpress.org/browser/sms-alert/tags/3.8.0/handler/forms/class-wplogin.php#L447
N/A
https://plugins.trac.wordpress.org/browser/sms-alert/tags/3.8.0/handler/forms/class-wplogin.php#L145
N/A
https://wordpress.org/plugins/sms-alert/#developers
N/A
https://plugins.trac.wordpress.org/changeset/3290478/
N/A
Hyperlink: https://www.wordfence.com/threat-intel/vulnerabilities/id/1cf65f79-d386-4dd4-a360-b2f764dfaf19?source=cve
Resource: N/A
Hyperlink: https://plugins.trac.wordpress.org/browser/sms-alert/tags/3.8.0/handler/forms/class-wplogin.php#L447
Resource: N/A
Hyperlink: https://plugins.trac.wordpress.org/browser/sms-alert/tags/3.8.0/handler/forms/class-wplogin.php#L145
Resource: N/A
Hyperlink: https://wordpress.org/plugins/sms-alert/#developers
Resource: N/A
Hyperlink: https://plugins.trac.wordpress.org/changeset/3290478/
Resource: N/A
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security@wordfence.com
Published At:10 May, 2025 | 12:15
Updated At:12 May, 2025 | 17:32

The SMS Alert Order Notifications – WooCommerce plugin for WordPress is vulnerable to Privilege Escalation due to insufficient user OTP validation in the handleWpLoginCreateUserAction() function in all versions up to, and including, 3.8.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to impersonate any account by supplying its username or email and elevate their privileges to that of an administrator.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.18.8HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Type: Primary
Version: 3.1
Base score: 8.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CPE Matches

Weaknesses
CWE IDTypeSource
CWE-862Primarysecurity@wordfence.com
CWE ID: CWE-862
Type: Primary
Source: security@wordfence.com
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
https://plugins.trac.wordpress.org/browser/sms-alert/tags/3.8.0/handler/forms/class-wplogin.php#L145security@wordfence.com
N/A
https://plugins.trac.wordpress.org/browser/sms-alert/tags/3.8.0/handler/forms/class-wplogin.php#L447security@wordfence.com
N/A
https://plugins.trac.wordpress.org/changeset/3290478/security@wordfence.com
N/A
https://wordpress.org/plugins/sms-alert/#developerssecurity@wordfence.com
N/A
https://www.wordfence.com/threat-intel/vulnerabilities/id/1cf65f79-d386-4dd4-a360-b2f764dfaf19?source=cvesecurity@wordfence.com
N/A
Hyperlink: https://plugins.trac.wordpress.org/browser/sms-alert/tags/3.8.0/handler/forms/class-wplogin.php#L145
Source: security@wordfence.com
Resource: N/A
Hyperlink: https://plugins.trac.wordpress.org/browser/sms-alert/tags/3.8.0/handler/forms/class-wplogin.php#L447
Source: security@wordfence.com
Resource: N/A
Hyperlink: https://plugins.trac.wordpress.org/changeset/3290478/
Source: security@wordfence.com
Resource: N/A
Hyperlink: https://wordpress.org/plugins/sms-alert/#developers
Source: security@wordfence.com
Resource: N/A
Hyperlink: https://www.wordfence.com/threat-intel/vulnerabilities/id/1cf65f79-d386-4dd4-a360-b2f764dfaf19?source=cve
Source: security@wordfence.com
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

560Records found

CVE-2024-11725
Matching Score-10
Assigner-Wordfence
ShareView Details
Matching Score-10
Assigner-Wordfence
CVSS Score-8.8||HIGH
EPSS-0.50% / 38.84%
||
7 Day CHG~0.00%
Published-07 Jan, 2025 | 06:40
Updated-08 Apr, 2026 | 16:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SMS Alert Order Notifications – WooCommerce <= 3.7.6 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update

The SMS Alert Order Notifications – WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the updateWcWarrantySettings() function in all versions up to, and including, 3.7.6. This makes it possible for authenticated attackers, with subscriber-level access and above, to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site. Please note this requires the woocommerce-warranty plugin to be installed in order to be exploited.

Action-Not Available
Vendor-cozyvisioncozyvision1
Product-sms_alert_order_notificationsSMS Alert – SMS & OTP for WooCommerce, Order Notifications & Abandoned Cart Recovery
CWE ID-CWE-862
Missing Authorization
CVE-2025-26661
Matching Score-4
Assigner-SAP SE
ShareView Details
Matching Score-4
Assigner-SAP SE
CVSS Score-8.8||HIGH
EPSS-0.40% / 31.78%
||
7 Day CHG~0.00%
Published-11 Mar, 2025 | 00:37
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Missing Authorization check in SAP NetWeaver (ABAP Class Builder)

Due to missing authorization check, SAP NetWeaver (ABAP Class Builder) allows an attacker to gain higher access levels than they should have, resulting in escalation of privileges. On successful exploitation, this could result in disclosure of highly sensitive information. It could also have a high impact on the integrity and availability of the application.

Action-Not Available
Vendor-SAP SE
Product-SAP NetWeaver (ABAP Class Builder)
CWE ID-CWE-862
Missing Authorization
CVE-2023-47573
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.68% / 47.88%
||
7 Day CHG~0.00%
Published-13 Dec, 2023 | 00:00
Updated-26 Nov, 2024 | 16:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue discovered in Relyum RELY-PCIe 22.2.1 devices. The authorization mechanism is not enforced in the web interface, allowing a low-privileged user to execute administrative functions.

Action-Not Available
Vendor-relyumn/a
Product-rely-pcie_firmwarerely-pcierely-rec_firmwarerely-recn/a
CWE ID-CWE-862
Missing Authorization
CVE-2021-24184
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-8.8||HIGH
EPSS-1.44% / 69.95%
||
7 Day CHG~0.00%
Published-05 Apr, 2021 | 18:27
Updated-03 Aug, 2024 | 19:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tutor LMS < 1.7.7 - Unprotected AJAX including Privilege Escalation

Several AJAX endpoints in the Tutor LMS – eLearning and online course solution WordPress plugin before 1.7.7 were unprotected, allowing students to modify course information and elevate their privileges among many other actions.

Action-Not Available
Vendor-UnknownThemeum
Product-tutor_lmsTutor LMS – eLearning and online course solution
CWE ID-CWE-862
Missing Authorization
CVE-2021-24354
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-8.8||HIGH
EPSS-1.48% / 70.77%
||
7 Day CHG~0.00%
Published-14 Jun, 2021 | 13:37
Updated-03 Aug, 2024 | 19:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Simple 301 Redirects by BetterLinks - 2.0.0-2.0.3 - Arbitrary Plugin Installation

A lack of capability checks and insufficient nonce check on the AJAX action in the Simple 301 Redirects by BetterLinks WordPress plugin before 2.0.4, made it possible for authenticated users to install arbitrary plugins on vulnerable sites.

Action-Not Available
Vendor-UnknownWPDeveloper
Product-simple_301_redirectsSimple 301 Redirects by BetterLinks
CWE ID-CWE-862
Missing Authorization
CVE-2021-23014
Matching Score-4
Assigner-F5, Inc.
ShareView Details
Matching Score-4
Assigner-F5, Inc.
CVSS Score-8.8||HIGH
EPSS-0.80% / 52.26%
||
7 Day CHG~0.00%
Published-10 May, 2021 | 14:35
Updated-03 Aug, 2024 | 18:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

On versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.3, and 14.1.x before 14.1.4, BIG-IP Advanced WAF and ASM are missing authorization checks for file uploads to a specific directory within the REST API which might allow Authenticated users with guest privileges to upload files. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Action-Not Available
Vendor-n/aF5, Inc.
Product-big-ip_advanced_web_application_firewallbig-ip_application_security_managerBIG-IP ASM/Advanced WAF
CWE ID-CWE-862
Missing Authorization
CVE-2021-21487
Matching Score-4
Assigner-SAP SE
ShareView Details
Matching Score-4
Assigner-SAP SE
CVSS Score-6.8||MEDIUM
EPSS-0.77% / 51.06%
||
7 Day CHG~0.00%
Published-09 Mar, 2021 | 14:11
Updated-03 Aug, 2024 | 18:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SAP Payment Engine version 500, does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.

Action-Not Available
Vendor-SAP SE
Product-payment_engineSAP Payment Engine
CWE ID-CWE-862
Missing Authorization
CVE-2023-25039
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.50% / 39.00%
||
7 Day CHG~0.00%
Published-25 Mar, 2024 | 11:46
Updated-28 Apr, 2026 | 19:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Google Maps CP plugin <= 1.0.43 - Missing Authorization Leading To Feedback Submission Vulnerability

Missing Authorization vulnerability in CodePeople Google Maps CP.This issue affects Google Maps CP: from n/a through 1.0.43.

Action-Not Available
Vendor-CodePeople
Product-google_maps_cpGoogle Maps CP
CWE ID-CWE-862
Missing Authorization
CVE-2021-22149
Matching Score-4
Assigner-Elastic
ShareView Details
Matching Score-4
Assigner-Elastic
CVSS Score-8.8||HIGH
EPSS-0.92% / 56.04%
||
7 Day CHG~0.00%
Published-15 Sep, 2021 | 11:44
Updated-03 Aug, 2024 | 18:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Elastic Enterprise Search App Search versions before 7.14.0 are vulnerable to an issue where API keys were missing authorization via an alternate route. Using this vulnerability, an authenticated attacker could utilize API keys belonging to higher privileged users.

Action-Not Available
Vendor-Elasticsearch BV
Product-enterprise_searchElastic Enterprise Search
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CWE ID-CWE-862
Missing Authorization
CVE-2021-21486
Matching Score-4
Assigner-SAP SE
ShareView Details
Matching Score-4
Assigner-SAP SE
CVSS Score-6.8||MEDIUM
EPSS-0.75% / 50.52%
||
7 Day CHG~0.00%
Published-09 Mar, 2021 | 14:07
Updated-03 Aug, 2024 | 18:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SAP Enterprise Financial Services versions, 101, 102, 103, 104, 105, 600, 603, 604, 605, 606, 616, 617, 618, 800, does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.

Action-Not Available
Vendor-SAP SE
Product-enterprise_financial_servicesSAP Enterprise Financial Services (Bank Customer Accounts)
CWE ID-CWE-862
Missing Authorization
CVE-2025-26371
Matching Score-4
Assigner-Nozomi Networks Inc.
ShareView Details
Matching Score-4
Assigner-Nozomi Networks Inc.
CVSS Score-8.8||HIGH
EPSS-0.53% / 40.89%
||
7 Day CHG~0.00%
Published-12 Feb, 2025 | 13:30
Updated-10 Apr, 2025 | 19:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A CWE-862 "Missing Authorization" in maxprofile/user-groups/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated (low-privileged) attacker to add users to groups via crafted HTTP requests.

Action-Not Available
Vendor-Q-Free
Product-maxtimeMaxTime
CWE ID-CWE-862
Missing Authorization
CVE-2023-47870
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.27% / 18.30%
||
7 Day CHG~0.00%
Published-30 Nov, 2023 | 17:26
Updated-28 Apr, 2026 | 16:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress wpForo Forum Plugin <= 2.2.6 is vulnerable to Broken Access Control and Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF), Missing Authorization vulnerability in gVectors Team wpForo Forum wpforo allows Cross Site Request Forgery, Accessing Functionality Not Properly Constrained by ACLs leading to forced all users log out.This issue affects wpForo Forum: from n/a through 2.2.6.

Action-Not Available
Vendor-gvectorsgVectors Team
Product-wpforo_forumwpForo Forum
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CWE ID-CWE-862
Missing Authorization
CVE-2025-60116
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.28% / 19.64%
||
7 Day CHG~0.00%
Published-26 Sep, 2025 | 08:31
Updated-28 Apr, 2026 | 16:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Grand Conference Theme Custom Post Type plugin < 2.6.4 - Broken Access Control vulnerability

Missing Authorization vulnerability in ThemeGoods Grand Conference Theme Custom Post Type grandconference-custom-post allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Grand Conference Theme Custom Post Type: from n/a through < 2.6.4.

Action-Not Available
Vendor-themegoodsThemeGoods
Product-grand_conferenceGrand Conference Theme Custom Post Type
CWE ID-CWE-862
Missing Authorization
CVE-2026-7802
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-8.8||HIGH
EPSS-0.40% / 32.16%
||
7 Day CHG~0.00%
Published-28 May, 2026 | 03:27
Updated-28 May, 2026 | 13:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Frontend Admin by DynamiApps <= 3.29.2 - Missing Authorization to Authenticated (Subscriber+) Account Takeover via 'user_id' URL Query Parameter

The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.29.2. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with subscriber-level access and above, to overwrite an administrator's user_pass, user_email, first_name, last_name, and other profile fields by supplying an arbitrary ?user_id= value, enabling full administrator account takeover via direct password replacement or email-redirect password reset. Exploitation requires the targeted Edit-User form to have its 'Roles' configuration setting left empty; when a non-empty roles list is configured, load_data() sets the user ID to 'none' for users whose roles fall outside the allowed list, preventing administrators from being targeted through that form.

Action-Not Available
Vendor-shabti
Product-Frontend Admin by DynamiApps
CWE ID-CWE-862
Missing Authorization
CVE-2020-25629
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-8.8||HIGH
EPSS-1.30% / 67.03%
||
7 Day CHG~0.00%
Published-08 Dec, 2020 | 00:16
Updated-04 Aug, 2024 | 15:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability was found in Moodle where users with "Log in as" capability in a course context (typically, course managers) may gain access to some site administration capabilities by "logging in as" a System manager. This affects 3.9 to 3.9.1, 3.8 to 3.8.4, 3.7 to 3.7.7, 3.5 to 3.5.13 and earlier unsupported versions. This is fixed in 3.9.2, 3.8.5, 3.7.8 and 3.5.14.

Action-Not Available
Vendor-n/aMoodle Pty Ltd
Product-moodleMoodle
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-862
Missing Authorization
CVE-2020-9456
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-2.51% / 82.84%
||
7 Day CHG~0.00%
Published-06 Mar, 2020 | 18:54
Updated-04 Aug, 2024 | 10:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In the RegistrationMagic plugin through 4.6.0.3 for WordPress, the user controller allows remote authenticated users (with minimal privileges) to elevate their privileges to administrator via class_rm_user_controller.php rm_user_edit.

Action-Not Available
Vendor-n/aMetagauss Inc.
Product-registrationmagicn/a
CWE ID-CWE-862
Missing Authorization
CVE-2020-9457
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-2.53% / 83.00%
||
7 Day CHG~0.00%
Published-06 Mar, 2020 | 18:56
Updated-04 Aug, 2024 | 10:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The RegistrationMagic plugin through 4.6.0.3 for WordPress allows remote authenticated users (with minimal privileges) to import custom vulnerable forms and change form settings via class_rm_form_settings_controller.php, resulting in privilege escalation.

Action-Not Available
Vendor-n/aMetagauss Inc.
Product-registrationmagicn/a
CWE ID-CWE-862
Missing Authorization
CVE-2023-47822
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.41% / 33.07%
||
7 Day CHG~0.00%
Published-09 Dec, 2024 | 11:30
Updated-28 Apr, 2026 | 16:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress MP3 Audio Player for Music, Radio & Podcast by Sonaar plugin <= 4.10 - Broken Access Control vulnerability

Missing Authorization vulnerability in Sonaar Music MP3 Audio Player for Music, Radio & Podcast by Sonaar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MP3 Audio Player for Music, Radio & Podcast by Sonaar: from n/a through 4.10.

Action-Not Available
Vendor-sonaarSonaar Music
Product-mp3_audio_player_for_music\,_radio_\&_podcastMP3 Audio Player for Music, Radio & Podcast by Sonaar
CWE ID-CWE-862
Missing Authorization
CVE-2020-9458
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-2.51% / 82.84%
||
7 Day CHG~0.00%
Published-06 Mar, 2020 | 18:58
Updated-04 Aug, 2024 | 10:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In the RegistrationMagic plugin through 4.6.0.3 for WordPress, the export function allows remote authenticated users (with minimal privileges) to export submitted form data and settings via class_rm_form_controller.php rm_form_export.

Action-Not Available
Vendor-n/aMetagauss Inc.
Product-registrationmagicn/a
CWE ID-CWE-862
Missing Authorization
CVE-2026-6963
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-8.8||HIGH
EPSS-0.40% / 31.61%
||
7 Day CHG~0.00%
Published-02 May, 2026 | 04:27
Updated-05 May, 2026 | 19:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WP Mail Gateway <= 1.8 - Missing Authorization to Authenticated (Subscriber+) SMTP Configuration Modification via 'wmg_save_provider_config' AJAX Action

The WP Mail Gateway plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the wmg_save_provider_config AJAX action in all versions up to, and including, 1.8. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update SMTP settings and redirect mail which can be used for privilege escalation by triggering a password reset email and using that to access and administrator's account.

Action-Not Available
Vendor-shahariaazam
Product-WP Mail Gateway
CWE ID-CWE-862
Missing Authorization
CVE-2026-6506
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-8.8||HIGH
EPSS-0.29% / 20.75%
||
7 Day CHG~0.00%
Published-14 May, 2026 | 06:44
Updated-14 May, 2026 | 14:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
InfusedWoo Pro <= 5.1.2 - Authenticated (Subscriber+) Missing Authorization to Privilege Escalation via Arbitrary User Meta Update

The InfusedWoo Pro plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 5.1.2. This is due to the infusedwoo_gdpr_upddata() function missing authorization and capability checks, as well as lacking restrictions on which user meta keys can be updated. This makes it possible for authenticated attackers, with subscriber-level access and above, to update their own wp_capabilities user meta to grant themselves Administrator role privileges.

Action-Not Available
Vendor-Infused Addons
Product-InfusedWoo Pro
CWE ID-CWE-862
Missing Authorization
CVE-2025-5953
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-8.8||HIGH
EPSS-0.36% / 28.41%
||
7 Day CHG~0.00%
Published-04 Jul, 2025 | 01:44
Updated-13 Aug, 2025 | 19:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WP Human Resource Management 2.0.0 - 2.2.17 - Missing Authorization to Authenticated (Employee+) Privilege Escalation via wp_ajax_hrm_insert_employee AJAX Action

The WP Human Resource Management plugin for WordPress is vulnerable to Privilege Escalation due to missing authorization in the ajax_insert_employee() and update_empoyee() functions in versions 2.0.0 through 2.2.17. The AJAX handler reads the client-supplied $_POST['role'] and, after basic cleaning via hrm_clean(), passes it directly to wp_insert_user() and later to $user->set_role() without verifying that the current user is allowed to assign that role. This makes it possible for authenticated attackers, with Employee-level access and above, to elevate their privileges to administrator.

Action-Not Available
Vendor-mishubdasaquzzaman
Product-wp_human_resource_managementWP Human Resource Management
CWE ID-CWE-862
Missing Authorization
CVE-2025-5835
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-8.8||HIGH
EPSS-0.35% / 27.35%
||
7 Day CHG~0.00%
Published-25 Jul, 2025 | 06:43
Updated-08 Apr, 2026 | 19:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Droip <= 2.2.6 - Missing Authorization to Authenticated (Subscriber+) Many Actions

The Droip plugin for WordPress is vulnerable to unauthorized modification and access of data due to a missing capability check on the droip_post_apis() function in all versions up to, and including, 2.2.6. This makes it possible for authenticated attackers, with Subscriber-level access and above, to perform many actions as the AJAX hooks to several functions. Some potential impacts include arbitrary post deletion, arbitrary post creation, post duplication, settings update, user manipulation, and much more.

Action-Not Available
Vendor-DroipThemeum
Product-droipDroip
CWE ID-CWE-862
Missing Authorization
CVE-2020-6188
Matching Score-4
Assigner-SAP SE
ShareView Details
Matching Score-4
Assigner-SAP SE
CVSS Score-6.3||MEDIUM
EPSS-0.68% / 47.74%
||
7 Day CHG~0.00%
Published-12 Feb, 2020 | 19:46
Updated-04 Aug, 2024 | 08:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

VAT Pro-Rata reports in SAP ERP (SAP_APPL versions 600, 602, 603, 604, 605, 606, 616 and SAP_FIN versions 617, 618, 700, 720, 730) and SAP S/4 HANA (versions 100, 101, 102, 103, 104) do not perform necessary authorization checks for an authenticated user leading to Missing Authorization Check.

Action-Not Available
Vendor-SAP SE
Product-s\/4_hanaerpSAP S/4 HANA (S4CORE)SAP ERP (SAP_APPL)SAP ERP (SAP_FIN)
CWE ID-CWE-862
Missing Authorization
CVE-2025-59017
Matching Score-4
Assigner-f4fb688c-4412-4426-b4b8-421ecf27b14a
ShareView Details
Matching Score-4
Assigner-f4fb688c-4412-4426-b4b8-421ecf27b14a
CVSS Score-5.3||MEDIUM
EPSS-0.28% / 19.38%
||
7 Day CHG~0.00%
Published-09 Sep, 2025 | 09:01
Updated-10 Sep, 2025 | 13:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Broken Access Control in Backend AJAX Routes

Missing authorization checks in the Backend Routing of TYPO3 CMS versions 9.0.0‑9.5.54, 10.0.0‑10.4.53, 11.0.0‑11.5.47, 12.0.0‑12.4.36, and 13.0.0‑13.4.17 allow backend users to directly invoke AJAX backend routes without having access to the corresponding backend modules.

Action-Not Available
Vendor-TYPO3 Association
Product-typo3TYPO3 CMS
CWE ID-CWE-862
Missing Authorization
CVE-2025-5894
Matching Score-4
Assigner-TWCERT/CC
ShareView Details
Matching Score-4
Assigner-TWCERT/CC
CVSS Score-8.7||HIGH
EPSS-0.55% / 41.86%
||
7 Day CHG+0.01%
Published-09 Jun, 2025 | 07:33
Updated-09 Jun, 2025 | 18:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Honding Technology Smart Parking Management System - Missing Authorization

Smart Parking Management System from Honding Technology has a Missing Authorization vulnerability, allowing remote attackers with regular privileges to access a specific functionality to create administrator accounts, and subsequently log into the system using those accounts.

Action-Not Available
Vendor-Honding Technology
Product-Smart Parking Management System
CWE ID-CWE-862
Missing Authorization
CVE-2023-47760
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.39% / 30.51%
||
7 Day CHG~0.00%
Published-09 Dec, 2024 | 11:30
Updated-29 Apr, 2026 | 10:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Essential Blocks plugin <= 4.2.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in WPDeveloper Essential Blocks for Gutenberg essential-blocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Essential Blocks for Gutenberg: from n/a through <= 4.2.0.

Action-Not Available
Vendor-WPDeveloper
Product-essential_blocksEssential Blocks for Gutenberg
CWE ID-CWE-862
Missing Authorization
CVE-2023-47874
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.41% / 32.70%
||
7 Day CHG~0.00%
Published-29 Feb, 2024 | 05:31
Updated-28 Apr, 2026 | 16:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Perfmatters Plugin <= 2.1.6 is vulnerable to Broken Access Control

Missing Authorization vulnerability in Perfmatters.This issue affects Perfmatters: from n/a through 2.1.6.

Action-Not Available
Vendor-perfmattersPerfmattersperfmatters
Product-perfmattersPerfmattersperfmatters
CWE ID-CWE-862
Missing Authorization
CVE-2026-57518
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.7||HIGH
EPSS-0.48% / 37.92%
||
7 Day CHG~0.00%
Published-26 Jun, 2026 | 15:58
Updated-26 Jun, 2026 | 19:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Pagekit CMS 1.0.18 Privilege Escalation via UserApiController

Pagekit CMS 1.0.18 contains a privilege escalation vulnerability that allows authenticated users with the 'user: manage users' permission to escalate privileges by assigning arbitrary custom roles to themselves due to missing authorization checks in UserApiController::saveAction(). Attackers can assign themselves a custom role with the 'system: manage packages' permission and then upload and install a malicious PHP package through the admin package installer to achieve remote code execution.

Action-Not Available
Vendor-pagekit
Product-pagekit
CWE ID-CWE-862
Missing Authorization
CVE-2026-56115
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.7||HIGH
EPSS-0.31% / 22.41%
||
7 Day CHG~0.00%
Published-23 Jun, 2026 | 16:08
Updated-29 Jun, 2026 | 12:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Bootimus 0.1.70 Broken Access Control via JWTMiddleware Authorization Bypass

Bootimus through 0.1.70 contains a broken access control vulnerability that allows authenticated low-privileged users to perform administrative actions by exploiting missing role enforcement in the JWTMiddleware function in internal/auth/auth.go, which validates JWT tokens and account status but fails to inspect the is_admin flag. Attackers can send requests to any endpoint under the /api/users path to create new administrator accounts or reset administrator passwords, thereby gaining full control of the server and the ability to modify boot menus and installation scripts served to PXE clients.

Action-Not Available
Vendor-bootimusgarybowers
Product-bootimusbootimus
CWE ID-CWE-862
Missing Authorization
CVE-2020-5396
Matching Score-4
Assigner-VMware by Broadcom
ShareView Details
Matching Score-4
Assigner-VMware by Broadcom
CVSS Score-8.8||HIGH
EPSS-1.89% / 77.06%
||
7 Day CHG~0.00%
Published-31 Jul, 2020 | 19:40
Updated-16 Sep, 2024 | 16:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
JMX Insecure Default Configuration in GemFire

VMware GemFire versions prior to 9.10.0, 9.9.2, 9.8.7, and 9.7.6, and VMware Tanzu GemFire for VMs versions prior to 1.11.1 and 1.10.2, when deployed without a SecurityManager, contain a JMX service available which contains an insecure default configuration. This allows a malicious user to create an MLet mbean leading to remote code execution.

Action-Not Available
Vendor-VMware (Broadcom Inc.)
Product-tanzu_gemfire_for_virtual_machinesgemfireVMware Tanzu GemFire for VMsVMware GemFire
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-862
Missing Authorization
CVE-2023-45760
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.39% / 31.29%
||
7 Day CHG~0.00%
Published-02 Jan, 2025 | 11:59
Updated-29 Apr, 2026 | 10:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress wpDiscuz plugin <= 7.6.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in AdvancedCoding wpDiscuz wpdiscuz allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects wpDiscuz: from n/a through <= 7.6.3.

Action-Not Available
Vendor-gvectorsAdvancedCoding
Product-wpdiscuzwpDiscuz
CWE ID-CWE-862
Missing Authorization
CVE-2023-46212
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.3||MEDIUM
EPSS-0.21% / 11.82%
||
7 Day CHG~0.00%
Published-18 Dec, 2023 | 23:57
Updated-28 Apr, 2026 | 16:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP EXtra Plugin <= 6.2 is vulnerable to Broken Access Control

Missing Authorization, Cross-Site Request Forgery (CSRF) vulnerability in TienCOP WP EXtra allows Accessing Functionality Not Properly Constrained by ACLs, Cross Site Request Forgery.This issue affects WP EXtra: from n/a through 6.2.

Action-Not Available
Vendor-wpvnteamTienCOP
Product-wp_extraWP EXtra
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CWE ID-CWE-862
Missing Authorization
CVE-2025-58334
Matching Score-4
Assigner-JetBrains s.r.o.
ShareView Details
Matching Score-4
Assigner-JetBrains s.r.o.
CVSS Score-8.1||HIGH
EPSS-0.26% / 17.40%
||
7 Day CHG~0.00%
Published-28 Aug, 2025 | 16:48
Updated-26 Feb, 2026 | 17:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In JetBrains IDE Services before 2025.5.0.1086, 2025.4.2.2164 users without appropriate permissions could assign high-privileged role for themselves

Action-Not Available
Vendor-JetBrains s.r.o.
Product-ide_servicesIDE Services
CWE ID-CWE-862
Missing Authorization
CVE-2023-46146
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-8.3||HIGH
EPSS-0.36% / 28.47%
||
7 Day CHG~0.00%
Published-19 Jun, 2024 | 11:15
Updated-28 Apr, 2026 | 16:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Themify Ultra theme <= 7.3.5 - Multiple Broken Access Control vulnerability

Missing Authorization vulnerability in Themify Themify Ultra.This issue affects Themify Ultra: from n/a through 7.3.5.

Action-Not Available
Vendor-themifyThemify
Product-ultraThemify Ultra
CWE ID-CWE-862
Missing Authorization
CVE-2026-56768
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.7||HIGH
EPSS-0.38% / 30.06%
||
7 Day CHG~0.00%
Published-25 Jun, 2026 | 18:05
Updated-30 Jun, 2026 | 05:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Seahub < 13.0.23 - Authentication Bypass in ShareLinkZipTaskView GET Method

Seahub before 13.0.23 does not enforce SHARE_LINK_LOGIN_REQUIRED on GET /api/v2.1/share-link-zip-task/, allowing unauthenticated users to bypass authentication. Attackers with a folder share-link token can call the GET endpoint to obtain a fileserver zip token and download entire shared directory trees.

Action-Not Available
Vendor-haiwen
Product-seahub
CWE ID-CWE-862
Missing Authorization
CVE-2023-46148
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-8.8||HIGH
EPSS-0.44% / 35.58%
||
7 Day CHG~0.00%
Published-19 Jun, 2024 | 11:13
Updated-28 Apr, 2026 | 16:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Themify Ultra theme <= 7.3.5 - Authenticated Arbitrary Settings Change vulnerability

Missing Authorization vulnerability in Themify Themify Ultra.This issue affects Themify Ultra: from n/a through 7.3.5.

Action-Not Available
Vendor-themifyThemifythemify
Product-ultraThemify Ultrathemify_ultra
CWE ID-CWE-862
Missing Authorization
CVE-2026-7761
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-8.8||HIGH
EPSS-0.50% / 39.10%
||
7 Day CHG~0.00%
Published-24 Jun, 2026 | 06:49
Updated-25 Jun, 2026 | 13:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Ultimate Member <= 2.11.4 - Authenticated (Contributor+) Account Takeover via Password Reset Link Disclosure

The Ultimate Member plugin for WordPress is vulnerable to Account Takeover via Password Reset Link Disclosure in all versions up to and including 2.11.4. This is due to a chain of three logic bugs: (1) an MD5 hash fallback in get_directory_by_hash() that allows any post to be used as a member directory by computing SUBSTRING(MD5(post_id), 11, 5), (2) a strstr() parsing logic flaw in post_data() that allows bypassing WordPress's protected meta key restrictions by placing '_um_' anywhere in the meta key name rather than at the start, and (3) missing field name validation in build_user_card_data() that allows arbitrary field names including 'password_reset_link' to be passed to um_filtered_value(). This makes it possible for authenticated attackers with Contributor-level access and above to create a malicious post via XMLRPC with crafted meta fields, use the MD5 fallback to point the member directory AJAX handler to their post, inject 'password_reset_link' into the tagline_fields configuration, and leak live password reset URLs for all users in the member directory response, including administrators.

Action-Not Available
Vendor-Ultimate Member Group Ltd
Product-Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin
CWE ID-CWE-862
Missing Authorization
CVE-2024-2216
Matching Score-4
Assigner-Jenkins Project
ShareView Details
Matching Score-4
Assigner-Jenkins Project
CVSS Score-8.8||HIGH
EPSS-0.83% / 52.94%
||
7 Day CHG~0.00%
Published-06 Mar, 2024 | 17:01
Updated-18 Sep, 2025 | 16:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A missing permission check in an HTTP endpoint in Jenkins docker-build-step Plugin 2.11 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified TCP or Unix socket URL, and to reconfigure the plugin using the provided connection test parameters, affecting future build step executions.

Action-Not Available
Vendor-Jenkins
Product-docker-build-stepJenkins docker-build-step Plugindocker
CWE ID-CWE-862
Missing Authorization
CVE-2026-56423
Matching Score-4
Assigner-Computer Incident Response Center Luxembourg (CIRCL)
ShareView Details
Matching Score-4
Assigner-Computer Incident Response Center Luxembourg (CIRCL)
CVSS Score-9.4||CRITICAL
EPSS-0.26% / 17.45%
||
7 Day CHG~0.00%
Published-22 Jun, 2026 | 11:56
Updated-23 Jun, 2026 | 15:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
MISP Core: Broken access control allows instance-wide unauthorized deletion of event reports and sharing groups via bulk deletion endpoints

MISP Core contained broken access-control checks in the bulk deletion flows for Event Reports and Sharing Groups. The affected deleteSelection handlers authorized deletion using broad role-level permissions instead of validating authorization for each selected object. For Event Reports, EventReportsController::deleteSelection relied on the global perm_add capability rather than a per-report ownership/authorization check. As a result, a contributor-level user could submit report IDs or UUIDs for reports belonging to other organisations and hard-delete them instance-wide. The fix changed the callback to call EventReport::fetchIfAuthorized($user, $itemId, 'delete') for each selected report before deletion. For Sharing Groups, SharingGroupsController::deleteSelection relied on the global perm_sharing_group capability rather than verifying ownership of each selected sharing group. This allowed a sharing-group-capable user to hard-delete sharing groups owned by other organisations, bypassing the per-object ownership gate used by the single-object delete action. The fix changed the callback to call SharingGroup::checkIfOwner($user, $itemId) for each selected sharing group. An authenticated attacker with the relevant broad role permission could abuse the affected bulk deletion endpoints to delete objects outside their organisation’s authorization scope, causing loss of event-report content or sharing-group configuration across the instance.

Action-Not Available
Vendor-misp-projectmisp
Product-mispmisp
CWE ID-CWE-862
Missing Authorization
CVE-2023-44148
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.39% / 30.69%
||
7 Day CHG~0.00%
Published-19 Jun, 2024 | 11:50
Updated-28 Apr, 2026 | 16:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Astra Bulk Edit plugin <= 1.2.7 - Broken Access Control vulnerability

Missing Authorization vulnerability in Brainstorm Force Astra Bulk Edit.This issue affects Astra Bulk Edit: from n/a through 1.2.7.

Action-Not Available
Vendor-Brainstorm Force
Product-astraAstra Bulk Edit
CWE ID-CWE-862
Missing Authorization
CVE-2026-56773
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.7||HIGH
EPSS-0.37% / 29.04%
||
7 Day CHG~0.00%
Published-26 Jun, 2026 | 14:38
Updated-27 Jun, 2026 | 04:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Teable - Missing Authorization in v2 REST API

Teable's v2 REST API controller lacks @Permissions metadata on ORPC endpoints, allowing any authenticated user to bypass authorization checks. Attackers can read table schemas, create tables, and modify or delete records across bases and tables via endpoints like GET /api/v2/tables/get and POST /api/v2/tables/updateRecords.

Action-Not Available
Vendor-teableio
Product-teable
CWE ID-CWE-862
Missing Authorization
CVE-2025-5701
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-8.8||HIGH
EPSS-1.72% / 74.67%
||
7 Day CHG~0.00%
Published-05 Jun, 2025 | 11:15
Updated-08 Apr, 2026 | 17:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
HyperComments <= 1.2.2 - Unauthenticated (Subscriber+) Arbitrary Options Update

The HyperComments plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the hc_request_handler function in all versions up to, and including, 1.2.2. This makes it possible for unauthenticated attackers to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site.

Action-Not Available
Vendor-siteheart
Product-HyperComments
CWE ID-CWE-862
Missing Authorization
CVE-2020-36725
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-8.8||HIGH
EPSS-1.15% / 62.91%
||
7 Day CHG~0.00%
Published-07 Jun, 2023 | 01:51
Updated-08 Apr, 2026 | 19:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TI WooCommerce Wishlist <= 1.21.11 and TI WooCommerce Wishlist Pro <= 1.21.4 - Arbitrary Options Update

The TI WooCommerce Wishlist and TI WooCommerce Wishlist Pro plugins for WordPress are vulnerable to an Options Change vulnerability in versions up to, and including, 1.21.11 and 1.21.4 via the 'ti-woocommerce-wishlist/includes/export.class.php' file. This makes it possible for authenticated attackers to gain otherwise restricted access to the vulnerable blog and update any settings.

Action-Not Available
Vendor-templateinvaderstemplateinvadersTemplateInvaders
Product-ti_woocommerce_wishlistTI WooCommerce WishlistTI WooCommerce Wishlist Pro
CWE ID-CWE-862
Missing Authorization
CVE-2020-35745
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-1.73% / 74.84%
||
7 Day CHG~0.00%
Published-07 Jan, 2021 | 20:29
Updated-04 Aug, 2024 | 17:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PHPGURUKUL Hospital Management System V 4.0 does not properly restrict access to admin/dashboard.php, which allows attackers to access all data of users, doctors, patients, change admin password, get appointment history and access all session logs.

Action-Not Available
Vendor-n/aPHPGurukul LLP
Product-hospital_management_systemn/a
CWE ID-CWE-862
Missing Authorization
CVE-2020-36698
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-8.8||HIGH
EPSS-0.96% / 57.33%
||
7 Day CHG~0.00%
Published-20 Oct, 2023 | 06:35
Updated-08 Apr, 2026 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Security & Malware scan by CleanTalk <= 2.50 - Missing Authorization

The Security & Malware scan by CleanTalk plugin for WordPress is vulnerable to unauthorized user interaction in versions up to, and including, 2.50. This is due to missing capability checks on several AJAX actions and nonce disclosure in the source page of the administrative dashboard. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to call functions and delete and/or upload files.

Action-Not Available
Vendor-cleantalkcleantalkcleantalk
Product-security_\&_malware_scanLogin Security, FireWall, Malware removal by CleanTalksecurity_\&_malware_scan
CWE ID-CWE-862
Missing Authorization
CVE-2020-3400
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-8.8||HIGH
EPSS-0.98% / 57.95%
||
7 Day CHG~0.00%
Published-24 Sep, 2020 | 18:02
Updated-13 Nov, 2024 | 17:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco IOS XE Software Web UI Authorization Bypass Vulnerability

A vulnerability in the web UI feature of Cisco IOS XE Software could allow an authenticated, remote attacker to utilize parts of the web UI for which they are not authorized.The vulnerability is due to insufficient authorization of web UI access requests. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web UI. A successful exploit could allow the attacker to utilize parts of the web UI for which they are not authorized. This could allow a Read-Only user to perform actions of an Admin user.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-ios_xeCisco IOS XE Software
CWE ID-CWE-862
Missing Authorization
CVE-2026-56767
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.7||HIGH
EPSS-0.33% / 24.90%
||
7 Day CHG~0.00%
Published-25 Jun, 2026 | 18:03
Updated-25 Jun, 2026 | 21:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Maxun < 0.0.42 - Cross-Tenant IDOR in Storage and Webhook API Handlers

Maxun before 0.0.42 contains a cross-tenant insecure direct object reference vulnerability in storage and webhook API handlers that allows authenticated users to access other users' robots and OAuth tokens. Attackers can read plaintext Google and Airtable access tokens, modify, delete, or execute other users' robots by bypassing ownership checks in API endpoints.

Action-Not Available
Vendor-getmaxun
Product-maxun
CWE ID-CWE-862
Missing Authorization
CVE-2020-35625
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-1.03% / 59.55%
||
7 Day CHG~0.00%
Published-21 Dec, 2020 | 22:36
Updated-04 Aug, 2024 | 17:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in the Widgets extension for MediaWiki through 1.35.1. Any user with the ability to edit pages within the Widgets namespace could call any static function within any class (defined within PHP or MediaWiki) via a crafted HTML comment, related to a Smarty template. For example, a person in the Widget Editors group could use \MediaWiki\Shell\Shell::command within a comment.

Action-Not Available
Vendor-n/aWikimedia Foundation
Product-mediawikin/a
CWE ID-CWE-862
Missing Authorization
CVE-2026-56038
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-8.8||HIGH
EPSS-0.23% / 13.98%
||
7 Day CHG~0.00%
Published-26 Jun, 2026 | 14:52
Updated-26 Jun, 2026 | 18:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Frisbii Pay plugin <= 1.8.2 - Privilege Escalation vulnerability

Contributor Privilege Escalation in Frisbii Pay <= 1.8.2 versions.

Action-Not Available
Vendor-Frisbii
Product-Frisbii Pay
CWE ID-CWE-862
Missing Authorization
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 11
  • 12
  • Next
Details not found