Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2025-47688

Summary
Assigner-Patchstack
Assigner Org ID-21595511-bba5-4825-b968-b78d1f9984a3
Published At-07 May, 2025 | 14:20
Updated At-28 Apr, 2026 | 16:12
Rejected At-
Credits

WordPress Advanced File Manager plugin <= 5.3.1 - Broken Access Control to Notice Dismissal vulnerability

Missing Authorization vulnerability in Saad Iqbal Advanced File Manager file-manager-advanced allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Advanced File Manager: from n/a through <= 5.3.1.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:Patchstack
Assigner Org ID:21595511-bba5-4825-b968-b78d1f9984a3
Published At:07 May, 2025 | 14:20
Updated At:28 Apr, 2026 | 16:12
Rejected At:
▼CVE Numbering Authority (CNA)
WordPress Advanced File Manager plugin <= 5.3.1 - Broken Access Control to Notice Dismissal vulnerability

Missing Authorization vulnerability in Saad Iqbal Advanced File Manager file-manager-advanced allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Advanced File Manager: from n/a through <= 5.3.1.

Affected Products
Vendor
Saad Iqbal
Product
Advanced File Manager
Collection URL
https://wordpress.org/plugins
Package Name
file-manager-advanced
Default Status
unaffected
Versions
Affected
  • From 0 through 5.3.1 (custom)
    • -> unaffectedfrom5.3.2
Problem Types
TypeCWE IDDescription
CWECWE-862Missing Authorization
Type: CWE
CWE ID: CWE-862
Description: Missing Authorization
Metrics
VersionBase scoreBase severityVector
3.15.3MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Version: 3.1
Base score: 5.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
CAPEC-180Exploiting Incorrectly Configured Access Control Security Levels
CAPEC ID: CAPEC-180
Description: Exploiting Incorrectly Configured Access Control Security Levels
Solutions

Configurations

Workarounds

Exploits

Credits

finder
Trương Hữu Phúc (truonghuuphuc) | Patchstack Bug Bounty Program
Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://patchstack.com/database/Wordpress/Plugin/file-manager-advanced/vulnerability/wordpress-advanced-file-manager-plugin-5-3-1-broken-access-control-to-notice-dismissal-vulnerability?_s_id=cve
vdb-entry
Hyperlink: https://patchstack.com/database/Wordpress/Plugin/file-manager-advanced/vulnerability/wordpress-advanced-file-manager-plugin-5-3-1-broken-access-control-to-notice-dismissal-vulnerability?_s_id=cve
Resource:
vdb-entry
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:audit@patchstack.com
Published At:07 May, 2025 | 15:16
Updated At:23 Apr, 2026 | 15:30

Missing Authorization vulnerability in Saad Iqbal Advanced File Manager file-manager-advanced allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Advanced File Manager: from n/a through <= 5.3.1.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.15.3MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Primary3.19.8CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 5.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Type: Primary
Version: 3.1
Base score: 9.8
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CPE Matches

advancedfilemanager
advancedfilemanager
>>advanced_file_manager>>Versions before 5.3.2(exclusive)
cpe:2.3:a:advancedfilemanager:advanced_file_manager:*:*:*:*:*:wordpress:*:*
Weaknesses
CWE IDTypeSource
CWE-862Secondaryaudit@patchstack.com
CWE ID: CWE-862
Type: Secondary
Source: audit@patchstack.com
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
https://patchstack.com/database/Wordpress/Plugin/file-manager-advanced/vulnerability/wordpress-advanced-file-manager-plugin-5-3-1-broken-access-control-to-notice-dismissal-vulnerability?_s_id=cveaudit@patchstack.com
Third Party Advisory
Hyperlink: https://patchstack.com/database/Wordpress/Plugin/file-manager-advanced/vulnerability/wordpress-advanced-file-manager-plugin-5-3-1-broken-access-control-to-notice-dismissal-vulnerability?_s_id=cve
Source: audit@patchstack.com
Resource:
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

1273Records found

CVE-2024-43214
Matching Score-10
Assigner-Patchstack
ShareView Details
Matching Score-10
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.27% / 17.90%
||
7 Day CHG~0.00%
Published-26 Aug, 2024 | 20:21
Updated-28 Apr, 2026 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress myCred plugin <= 2.7.2 - Sensitive Data Exposure vulnerability

Missing Authorization vulnerability in Saad Iqbal myCred mycred.This issue affects myCred: from n/a through <= 2.7.2.

Action-Not Available
Vendor-wpexpertsSaad Iqbalmycred
Product-mycredmyCredmycred
CWE ID-CWE-862
Missing Authorization
CVE-2025-49872
Matching Score-10
Assigner-Patchstack
ShareView Details
Matching Score-10
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.21% / 11.38%
||
7 Day CHG~0.00%
Published-17 Jun, 2025 | 15:01
Updated-28 Apr, 2026 | 16:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress myCred plugin <= 2.9.4.2 - Broken Access Control Vulnerability

Missing Authorization vulnerability in Saad Iqbal myCred mycred allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects myCred: from n/a through <= 2.9.4.2.

Action-Not Available
Vendor-Saad Iqbal
Product-myCred
CWE ID-CWE-862
Missing Authorization
CVE-2025-67563
Matching Score-10
Assigner-Patchstack
ShareView Details
Matching Score-10
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.27% / 18.02%
||
7 Day CHG~0.00%
Published-09 Dec, 2025 | 14:14
Updated-28 Apr, 2026 | 16:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Post SMTP plugin <= 3.6.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in Saad Iqbal Post SMTP post-smtp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Post SMTP: from n/a through <= 3.6.1.

Action-Not Available
Vendor-Saad Iqbal
Product-Post SMTP
CWE ID-CWE-862
Missing Authorization
CVE-2023-2068
Matching Score-8
Assigner-WPScan
ShareView Details
Matching Score-8
Assigner-WPScan
CVSS Score-9.8||CRITICAL
EPSS-39.62% / 98.44%
||
7 Day CHG~0.00%
Published-27 Jun, 2023 | 13:17
Updated-13 Feb, 2025 | 16:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
File Manager Advanced Shortcode <= 2.3.2 - Unauthenticated Remote Code Execution through shortcode

The File Manager Advanced Shortcode WordPress plugin through 2.3.2 does not adequately prevent uploading files with disallowed MIME types when using the shortcode. This leads to RCE in cases where the allowed MIME type list does not include PHP files. In the worst case, this is available to unauthenticated users.

Action-Not Available
Vendor-advancedfilemanagerUnknown
Product-file_manager_advanced_shortcodefile-manager-advanced-shortcode
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-43354
Matching Score-8
Assigner-Patchstack
ShareView Details
Matching Score-8
Assigner-Patchstack
CVSS Score-9.8||CRITICAL
EPSS-0.53% / 40.82%
||
7 Day CHG~0.00%
Published-19 Aug, 2024 | 19:30
Updated-29 Apr, 2026 | 10:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress myCred plugin <= 2.7.2 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in Saad Iqbal myCred mycred.This issue affects myCred: from n/a through <= 2.7.2.

Action-Not Available
Vendor-Saad Iqbalmycred
Product-myCredmycred
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2025-58595
Matching Score-8
Assigner-Patchstack
ShareView Details
Matching Score-8
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.35% / 26.68%
||
7 Day CHG+0.03%
Published-06 Nov, 2025 | 15:54
Updated-29 Apr, 2026 | 10:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress All In One Login plugin <= 2.0.8 - Bypass Vulnerability vulnerability

Authentication Bypass by Spoofing vulnerability in Saad Iqbal All In One Login change-wp-admin-login allows Identity Spoofing.This issue affects All In One Login: from n/a through <= 2.0.8.

Action-Not Available
Vendor-Saad Iqbal
Product-All In One Login
CWE ID-CWE-290
Authentication Bypass by Spoofing
CVE-2025-54667
Matching Score-8
Assigner-Patchstack
ShareView Details
Matching Score-8
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.20% / 9.97%
||
7 Day CHG~0.00%
Published-14 Aug, 2025 | 10:34
Updated-28 Apr, 2026 | 16:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress myCred plugin <= 2.9.4.3 - Race Condition Vulnerability

Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Saad Iqbal myCred mycred allows Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions.This issue affects myCred: from n/a through <= 2.9.4.3.

Action-Not Available
Vendor-Saad Iqbal
Product-myCred
CWE ID-CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
CVE-2026-32587
Matching Score-6
Assigner-Patchstack
ShareView Details
Matching Score-6
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.17% / 7.00%
||
7 Day CHG~0.00%
Published-16 Mar, 2026 | 15:30
Updated-29 Apr, 2026 | 10:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP EasyPay plugin <= 4.2.11 - Broken Access Control vulnerability

Missing Authorization vulnerability in Saad Iqbal WP EasyPay wp-easy-pay allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP EasyPay: from n/a through <= 4.2.11.

Action-Not Available
Vendor-Saad Iqbal
Product-WP EasyPay
CWE ID-CWE-862
Missing Authorization
CVE-2026-25390
Matching Score-6
Assigner-Patchstack
ShareView Details
Matching Score-6
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.33% / 24.78%
||
7 Day CHG~0.00%
Published-25 Mar, 2026 | 16:14
Updated-28 Apr, 2026 | 16:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress New User Approve plugin <= 3.2.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in Saad Iqbal New User Approve new-user-approve allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects New User Approve: from n/a through <= 3.2.3.

Action-Not Available
Vendor-Saad Iqbal
Product-New User Approve
CWE ID-CWE-862
Missing Authorization
CVE-2024-54323
Matching Score-6
Assigner-Patchstack
ShareView Details
Matching Score-6
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.31% / 23.14%
||
7 Day CHG~0.00%
Published-13 Dec, 2024 | 14:25
Updated-28 Apr, 2026 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress New User Approve plugin <= 2.6.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in Saad Iqbal New User Approve new-user-approve allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects New User Approve: from n/a through <= 2.6.2.

Action-Not Available
Vendor-Saad Iqbal
Product-New User Approve
CWE ID-CWE-862
Missing Authorization
CVE-2025-22800
Matching Score-6
Assigner-Patchstack
ShareView Details
Matching Score-6
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.37% / 29.07%
||
7 Day CHG~0.00%
Published-13 Jan, 2025 | 13:11
Updated-28 Apr, 2026 | 16:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Post SMTP plugin <= 2.9.11 - Broken Access Control vulnerability

Missing Authorization vulnerability in Saad Iqbal Post SMTP post-smtp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Post SMTP: from n/a through <= 2.9.11.

Action-Not Available
Vendor-wpexpertsSaad Iqbal
Product-post_smtpPost SMTP
CWE ID-CWE-862
Missing Authorization
CVE-2026-24951
Matching Score-6
Assigner-Patchstack
ShareView Details
Matching Score-6
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.18% / 8.27%
||
7 Day CHG~0.00%
Published-03 Feb, 2026 | 14:08
Updated-28 Apr, 2026 | 16:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress myCred plugin <= 2.9.7.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in Saad Iqbal myCred mycred allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects myCred: from n/a through <= 2.9.7.3.

Action-Not Available
Vendor-Saad Iqbal
Product-myCred
CWE ID-CWE-862
Missing Authorization
CVE-2025-49857
Matching Score-6
Assigner-Patchstack
ShareView Details
Matching Score-6
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.18% / 8.01%
||
7 Day CHG~0.00%
Published-17 Jun, 2025 | 15:01
Updated-28 Apr, 2026 | 16:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress myCred plugin <= 2.9.4.2 - Broken Access Control Vulnerability

Missing Authorization vulnerability in Saad Iqbal myCred mycred allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects myCred: from n/a through <= 2.9.4.2.

Action-Not Available
Vendor-Saad Iqbal
Product-myCred
CWE ID-CWE-862
Missing Authorization
CVE-2025-69063
Matching Score-6
Assigner-Patchstack
ShareView Details
Matching Score-6
Assigner-Patchstack
CVSS Score-8.6||HIGH
EPSS-0.26% / 17.47%
||
7 Day CHG~0.00%
Published-20 Feb, 2026 | 15:46
Updated-28 Apr, 2026 | 16:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress New User Approve plugin <= 3.2.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in Saad Iqbal New User Approve new-user-approve allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects New User Approve: from n/a through <= 3.2.0.

Action-Not Available
Vendor-Saad Iqbal
Product-New User Approve
CWE ID-CWE-862
Missing Authorization
CVE-2025-4370
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-5.3||MEDIUM
EPSS-0.27% / 17.88%
||
7 Day CHG+0.01%
Published-29 Jul, 2025 | 04:23
Updated-08 Apr, 2026 | 17:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Brizy <= 2.6.20 - Missing Authorization to Unauthenticated Limited File Upload

The Brizy – Page Builder plugin for WordPress is vulnerable to limited file uploads due to missing authorization on process_external_asset_urls function as well as missing path validation in store_file function in all versions up to, and including, 2.6.20. This makes it possible for unauthenticated attackers to upload .TXT files on the affected site's server.

Action-Not Available
Vendor-brizythemefusecom
Product-brizyBrizy – Page Builder
CWE ID-CWE-862
Missing Authorization
CVE-2024-4223
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-9.8||CRITICAL
EPSS-0.52% / 40.47%
||
7 Day CHG~0.00%
Published-16 May, 2024 | 08:32
Updated-08 Apr, 2026 | 19:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tutor LMS <= 2.7.0 - Missing Authorization

The Tutor LMS plugin for WordPress is vulnerable to unauthorized access of data, modification of data, loss of data due to a missing capability check on multiple functions in all versions up to, and including, 2.7.0. This makes it possible for unauthenticated attackers to add, modify, or delete data.

Action-Not Available
Vendor-Themeum
Product-tutor_lmsTutor LMS – eLearning and online course solution
CWE ID-CWE-862
Missing Authorization
CVE-2023-26520
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.43% / 34.63%
||
7 Day CHG~0.00%
Published-09 Dec, 2024 | 11:31
Updated-28 Apr, 2026 | 19:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Advanced Text Widget plugin <= 2.1.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in Max Chirkov Advanced Text Widget allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Advanced Text Widget : from n/a through 2.1.2.

Action-Not Available
Vendor-Max Chirkovadvanced_text_widget_project
Product-Advanced Text Widgetadvanced_text_widget
CWE ID-CWE-862
Missing Authorization
CVE-2024-9189
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-5.3||MEDIUM
EPSS-0.47% / 37.16%
||
7 Day CHG~0.00%
Published-28 Sep, 2024 | 02:04
Updated-08 Apr, 2026 | 17:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
EU/UK VAT Manager for WooCommerce <= 2.12.12 - Missing Authorization

The EU/UK VAT Manager for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the alg_wc_eu_vat_exempt_vat_from_admin() function in all versions up to, and including, 2.12.12. This makes it possible for unauthenticated attackers to update the VAT status for any order.

Action-Not Available
Vendor-wpfactorywpcodefactorywpfactory
Product-eu\/uk_vat_manager_for_woocommerceEU/UK VAT Validation Manager for WooCommerceeu\/uk_vat_manager
CWE ID-CWE-862
Missing Authorization
CVE-2024-4259
Matching Score-4
Assigner-TR-CERT (Computer Emergency Response Team of the Republic of Türkiye)
ShareView Details
Matching Score-4
Assigner-TR-CERT (Computer Emergency Response Team of the Republic of Türkiye)
CVSS Score-6.9||MEDIUM
EPSS-0.51% / 39.49%
||
7 Day CHG~0.00%
Published-03 Sep, 2024 | 13:15
Updated-03 Jun, 2026 | 16:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Sensetive Data Exposure in SAMPAS's AKOS

Missing Authorization vulnerability in SAMPAŞ Holding AKOS (AkosCepVatandasService), SAMPAŞ Holding AKOS (TahsilatService) allows Collect Data as Provided by Users. This issue affects AKOS (AkosCepVatandasService): before V2.0; AKOS (TahsilatService): before V1.0.7.

Action-Not Available
Vendor-sambasSAMPAŞ Holdingsampas_holding
Product-akosAKOS (TahsilatService)AKOS (AkosCepVatandasService)akos
CWE ID-CWE-862
Missing Authorization
CVE-2024-9706
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-5.3||MEDIUM
EPSS-0.36% / 27.68%
||
7 Day CHG+0.01%
Published-06 Dec, 2024 | 08:24
Updated-08 Apr, 2026 | 19:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Ultimate Coming Soon & Maintenance <= 1.0.9 - Missing Authorization to Unauthenticated Template Activation

The Ultimate Coming Soon & Maintenance plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ucsm_activate_lite_template_lite function in all versions up to, and including, 1.0.9. This makes it possible for unauthenticated attackers to change the template used for the coming soon / maintenance page.

Action-Not Available
Vendor-rsthemerstheme2017rstheme
Product-ultimate_coming_soon_\&_maintenanceUltimate Coming Soon & Maintenanceultimate-coming-soon
CWE ID-CWE-862
Missing Authorization
CVE-2024-4280
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-5.3||MEDIUM
EPSS-0.43% / 34.23%
||
7 Day CHG~0.00%
Published-10 May, 2024 | 05:34
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
White Label CMS <= 2.7.3 - Missing Authorization to Plugin Settings Reset

The White Label CMS plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the reset_plugin function in all versions up to, and including, 2.7.3. This makes it possible for unauthenticated attackers to reset plugin settings.

Action-Not Available
Vendor-videousermanuals
Product-White Label CMS
CWE ID-CWE-862
Missing Authorization
CVE-2023-20252
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-9.8||CRITICAL
EPSS-1.06% / 60.55%
||
7 Day CHG~0.00%
Published-27 Sep, 2023 | 17:17
Updated-16 Dec, 2025 | 18:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the Security Assertion Markup Language (SAML) APIs of Cisco Catalyst SD-WAN Manager Software could allow an unauthenticated, remote attacker to gain unauthorized access to the application as an arbitrary user. This vulnerability is due to improper authentication checks for SAML APIs. An attacker could exploit this vulnerability by sending requests directly to the SAML API. A successful exploit could allow the attacker to generate an authorization token sufficient to gain access to the application.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-catalyst_sd-wan_managerCisco SD-WAN vManage
CWE ID-CWE-862
Missing Authorization
CWE ID-CWE-287
Improper Authentication
CVE-2026-9187
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-5.3||MEDIUM
EPSS-0.23% / 13.51%
||
7 Day CHG~0.00%
Published-16 Jun, 2026 | 04:30
Updated-16 Jun, 2026 | 12:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Abandoned Contact Form 7 <= 2.2 - Missing Authorization to Unauthenticated Arbitrary Post Deletion via 'recover_id' Parameter

The Abandoned Contact Form 7 plugin for WordPress is vulnerable to unauthorized arbitrary post deletion in versions up to, and including, 2.2. This is due to a missing capability check and missing nonce validation in the action__remove_abandoned() function, which is registered to both the wp_ajax_remove_abandoned and wp_ajax_nopriv_remove_abandoned hooks. The handler takes a user-supplied recover_id parameter from $_POST and passes it directly to wp_delete_post() with the force-delete flag set to true, without verifying that the ID belongs to the plugin's own cf7af_data post type. This makes it possible for unauthenticated attackers to permanently delete arbitrary posts, pages, or other content on the affected site by sending a single admin-ajax.

Action-Not Available
Vendor-zealopensource
Product-Abandoned Contact Form 7
CWE ID-CWE-862
Missing Authorization
CVE-2023-1114
Matching Score-4
Assigner-TR-CERT (Computer Emergency Response Team of the Republic of Türkiye)
ShareView Details
Matching Score-4
Assigner-TR-CERT (Computer Emergency Response Team of the Republic of Türkiye)
CVSS Score-9.8||CRITICAL
EPSS-0.69% / 48.11%
||
7 Day CHG~0.00%
Published-01 Mar, 2023 | 11:50
Updated-01 Jun, 2026 | 13:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper Input Validation on e-Belediye

Missing Authorization vulnerability in Eskom e-Belediye allows Information Elicitation. This issue affects e-Belediye: from 1.0.0.95 before 1.0.0.100.

Action-Not Available
Vendor-eskomEskom
Product-e-belediyee-Belediye
CWE ID-CWE-862
Missing Authorization
CVE-2023-1782
Matching Score-4
Assigner-HashiCorp Inc.
ShareView Details
Matching Score-4
Assigner-HashiCorp Inc.
CVSS Score-10||CRITICAL
EPSS-0.76% / 50.77%
||
7 Day CHG~0.00%
Published-05 Apr, 2023 | 19:10
Updated-10 Feb, 2025 | 16:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Nomad Unauthenticated Client Agent HTTP Request Privilege Escalation

HashiCorp Nomad and Nomad Enterprise versions 1.5.0 up to 1.5.2 allow unauthenticated users to bypass intended ACL authorizations for clusters where mTLS is not enabled. This issue is fixed in version 1.5.3.

Action-Not Available
Vendor-HashiCorp, Inc.
Product-nomadNomadNomad Enterprise
CWE ID-CWE-862
Missing Authorization
CVE-2023-1261
Matching Score-4
Assigner-Silicon Labs
ShareView Details
Matching Score-4
Assigner-Silicon Labs
CVSS Score-8.2||HIGH
EPSS-0.44% / 35.28%
||
7 Day CHG~0.00%
Published-21 Mar, 2023 | 20:26
Updated-26 Feb, 2025 | 16:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Missing MAC layer security in Wi-SUN SDK

Missing MAC layer security in Silicon Labs Wi-SUN SDK v1.5.0 and earlier allows malicious node to route malicious messages through network.

Action-Not Available
Vendor-silabssilabs.com
Product-wi-sun_software_development_kitWi-SUN SDK
CWE ID-CWE-862
Missing Authorization
CVE-2023-1868
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-6.5||MEDIUM
EPSS-0.61% / 45.12%
||
7 Day CHG~0.00%
Published-05 Apr, 2023 | 13:23
Updated-08 Apr, 2026 | 18:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
YourChannel <= 1.2.3 - Missing Authorization to Plugin Cache Reset

The YourChannel plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check when clearing the plugin cache via the yrc_clear_cache GET parameter in versions up to, and including, 1.2.3. This makes it possible for unauthenticated attackers to clear the plugin's cache.

Action-Not Available
Vendor-pluginpluginbuilders
Product-yourchannelYourChannel: Everything you want in a YouTube plugin.
CWE ID-CWE-862
Missing Authorization
CVE-2023-1843
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-6.5||MEDIUM
EPSS-0.63% / 45.74%
||
7 Day CHG~0.00%
Published-09 Jun, 2023 | 05:33
Updated-08 Apr, 2026 | 18:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Metform Elementor Contact Form Builder <= 3.3.0 - Missing Authorization

The Metform Elementor Contact Form Builder plugin for WordPress is vulnerable to unauthorized permalink structure update due to a missing capability check on the permalink_setup function in versions up to, and including, 3.3.0. This makes it possible for unauthenticated attackers to change the permalink structure.

Action-Not Available
Vendor-wpmetroxnor
Product-metform_elementor_contact_form_builderMetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor
CWE ID-CWE-862
Missing Authorization
CVE-2023-1262
Matching Score-4
Assigner-Silicon Labs
ShareView Details
Matching Score-4
Assigner-Silicon Labs
CVSS Score-8.2||HIGH
EPSS-0.44% / 35.28%
||
7 Day CHG~0.00%
Published-21 Mar, 2023 | 20:30
Updated-26 Feb, 2025 | 16:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Missing MAC layer security in Wi-SUN Linux Border Router

Missing MAC layer security in Silicon Labs Wi-SUN Linux Border Router v1.5.2 and earlier allows malicious node to route malicious messages through network.

Action-Not Available
Vendor-silabssilabs.com
Product-wireless_smart_ubiquitous_network_linux_border_router_firmwarewireless_smart_ubiquitous_network_linux_border_routerWi-SUN Linux Border Router
CWE ID-CWE-862
Missing Authorization
CVE-2024-41730
Matching Score-4
Assigner-SAP SE
ShareView Details
Matching Score-4
Assigner-SAP SE
CVSS Score-9.8||CRITICAL
EPSS-75.87% / 99.47%
||
7 Day CHG~0.00%
Published-13 Aug, 2024 | 03:31
Updated-12 Sep, 2024 | 13:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Missing Authentication check in SAP BusinessObjects Business Intelligence Platform

In SAP BusinessObjects Business Intelligence Platform, if Single Signed On is enabled on Enterprise authentication, an unauthorized user can get a logon token using a REST endpoint. The attacker can fully compromise the system resulting in High impact on confidentiality, integrity and availability.

Action-Not Available
Vendor-SAP SE
Product-business_objects_business_intelligence_platformSAP BusinessObjects Business Intelligence Platformsap_business_objects_business_intgelligence_platform
CWE ID-CWE-862
Missing Authorization
CVE-2023-0556
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-9.8||CRITICAL
EPSS-0.95% / 57.00%
||
7 Day CHG~0.00%
Published-27 Jan, 2023 | 21:08
Updated-08 Apr, 2026 | 18:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ContentStudio <= 1.2.5 - Missing Authorization

The ContentStudio plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on several functions in versions up to, and including, 1.2.5. This makes it possible for unauthenticated attackers to obtain the blog metadata (via the function cstu_get_metadata) that includes the plugin's contentstudio_token. Knowing this token allows for other interactions with the plugin such as creating posts in versions prior to 1.2.5, which added other requirements to posting and updating.

Action-Not Available
Vendor-contentstudiocontentstudio
Product-contentstudioContentStudio
CWE ID-CWE-862
Missing Authorization
CVE-2024-39654
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.35% / 26.97%
||
7 Day CHG~0.00%
Published-01 Nov, 2024 | 14:17
Updated-28 Apr, 2026 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Sign-up Sheets plugin <= 2.2.12 - Broken Access Control vulnerability

Missing Authorization vulnerability in Fetch Designs Sign-up Sheets sign-up-sheets.This issue affects Sign-up Sheets: from n/a through <= 2.2.12.

Action-Not Available
Vendor-Fetch Designsfetchdesigns
Product-Sign-up Sheetssign-up_sheets
CWE ID-CWE-862
Missing Authorization
CVE-2020-28215
Matching Score-4
Assigner-Schneider Electric
ShareView Details
Matching Score-4
Assigner-Schneider Electric
CVSS Score-9.8||CRITICAL
EPSS-2.24% / 80.72%
||
7 Day CHG~0.00%
Published-11 Dec, 2020 | 00:51
Updated-04 Aug, 2024 | 16:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A CWE-862: Missing Authorization vulnerability exists in Easergy T300 (firmware 2.7 and older), that could cause a wide range of problems, including information exposures, denial of service, and arbitrary code execution when access control checks are not applied consistently.

Action-Not Available
Vendor-n/a
Product-easergy_t300easergy_t300_firmwareEasergy T300 (firmware 2.7 and older)
CWE ID-CWE-862
Missing Authorization
CVE-2024-0629
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-5.3||MEDIUM
EPSS-0.40% / 31.72%
||
7 Day CHG~0.00%
Published-02 May, 2024 | 16:52
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
2Checkout Payment Gateway for WooCommerce <= 6.2 - Missing Authorization via sniff_ins

The 2Checkout Payment Gateway for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the sniff_ins function in all versions up to, and including, 6.2. This makes it possible for unauthenticated attackers to make changes to orders and mark them as paid.

Action-Not Available
Vendor-nmedianmedia
Product-2Checkout Payment Gateway for WooCommerce2checkout_payment_gateway
CWE ID-CWE-862
Missing Authorization
CVE-2024-3915
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-5.3||MEDIUM
EPSS-0.38% / 29.70%
||
7 Day CHG~0.00%
Published-09 May, 2024 | 20:03
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Swift Framework <= 2.7.31 - Missing Authorization to Unauthenticated Arbitrary Content Update

The Swift Framework plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the sf_edit_directory_item() function in all versions up to, and including, 2.7.31. This makes it possible for unauthenticated attackers to update arbitrary posts with arbitrary content. Unfortunately, we did not receive a response from the vendor to send over the vulnerability details.

Action-Not Available
Vendor-Swift Ideasswift_ideas
Product-Swift Frameworkswift_framework
CWE ID-CWE-862
Missing Authorization
CVE-2024-39625
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.35% / 26.98%
||
7 Day CHG~0.00%
Published-01 Nov, 2024 | 14:17
Updated-28 Apr, 2026 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Icegram Engage plugin <= 3.1.24 - Unauthenticated Message Duplication Vulnerability

Missing Authorization vulnerability in icegram Icegram allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Icegram: from n/a through 3.1.24.

Action-Not Available
Vendor-icegramicegram
Product-Icegramicegram
CWE ID-CWE-862
Missing Authorization
CVE-2022-4943
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-7.5||HIGH
EPSS-0.54% / 41.62%
||
7 Day CHG~0.00%
Published-20 Oct, 2023 | 07:29
Updated-08 Apr, 2026 | 18:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
miniOrange's Google Authenticator <= 5.6.5 - Missing Authorization to Plugin Settings Change

The miniOrange's Google Authenticator plugin for WordPress is vulnerable to authorization bypass due to a missing capability check when changing plugin settings in versions up to, and including, 5.6.5. This makes it possible for unauthenticated attackers to change the plugin's settings.

Action-Not Available
Vendor-miniorangecyberlord92
Product-google_authenticatorminiOrange 2FA – Two-Factor Authentication for WordPress (SMS, Email & Google Authenticator)
CWE ID-CWE-862
Missing Authorization
CVE-2022-4939
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-9.8||CRITICAL
EPSS-2.10% / 79.45%
||
7 Day CHG~0.00%
Published-05 Apr, 2023 | 18:00
Updated-08 Apr, 2026 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WCFM Membership <= 2.10.0 - Unauthenticated Privilege Escalation

THe WCFM Membership plugin for WordPress is vulnerable to privilege escalation in versions up to, and including 2.10.0, due to a missing capability check on the wp_ajax_nopriv_wcfm_ajax_controller AJAX action that controls membership settings. This makes it possible for unauthenticated attackers to modify the membership registration form in a way that allows them to set the role for registration to that of any user including administrators. Once configured, the attacker can then register as an administrator.

Action-Not Available
Vendor-wcloverswclovers
Product-wcfm_membershipWCFM Membership – WooCommerce Memberships for Multivendor Marketplace
CWE ID-CWE-862
Missing Authorization
CVE-2024-39650
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.3||HIGH
EPSS-0.44% / 35.39%
||
7 Day CHG~0.00%
Published-01 Nov, 2024 | 14:17
Updated-28 Apr, 2026 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WooCommerce PDF Vouchers plugin < 4.9.5 - Unauthenticated Multiple Vulnerabilities

Missing Authorization vulnerability in WPWeb Elite WooCommerce PDF Vouchers allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WooCommerce PDF Vouchers: from n/a through 4.9.4.

Action-Not Available
Vendor-WPWeb Elite
Product-woocommerce_pdf_vouchersWooCommerce PDF Voucherswoocommerce_pdf_vouchers
CWE ID-CWE-862
Missing Authorization
CVE-2022-48367
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.72% / 49.47%
||
7 Day CHG~0.00%
Published-12 Mar, 2023 | 00:00
Updated-04 Mar, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in eZ Publish Ibexa Kernel before 7.5.28. Access control based on object state is mishandled.

Action-Not Available
Vendor-ibexan/a
Product-fastlykernelez_platform_kerneldigital_experience_platformezplatform-http-cache-fastlyn/a
CWE ID-CWE-862
Missing Authorization
CVE-2024-3961
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-5.3||MEDIUM
EPSS-0.37% / 29.05%
||
7 Day CHG~0.00%
Published-21 Jun, 2024 | 03:49
Updated-08 Apr, 2026 | 18:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ConvertKit <= 2.4.9 - Missing Authorization

The ConvertKit – Email Newsletter, Email Marketing, Subscribers and Landing Pages plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the tag_subscriber function in all versions up to, and including, 2.4.9. This makes it possible for unauthenticated attackers to subscribe users to tags. Financial damages may occur to site owners if their API quota is exceeded.

Action-Not Available
Vendor-convertkitconvertkitconvertkit
Product-convertkit_-_email_marketing\,_email_newsletter_and_landing_pagesKit (formerly ConvertKit) – Email Newsletter, Email Marketing, Membership, Subscribers and Landing Pagesconvertkit_-_email_marketing\,_email_newsletter_and_landing_pages
CWE ID-CWE-862
Missing Authorization
CVE-2022-48491
Matching Score-4
Assigner-Huawei Technologies
ShareView Details
Matching Score-4
Assigner-Huawei Technologies
CVSS Score-5.3||MEDIUM
EPSS-0.31% / 22.52%
||
7 Day CHG~0.00%
Published-19 Jun, 2023 | 00:00
Updated-17 Dec, 2024 | 15:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability of missing authentication on certain HUAWEI phones.Successful exploitation of this vulnerability can lead to ads and other windows to display at any time.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-emuiHarmonyOSEMUI
CWE ID-CWE-862
Missing Authorization
CVE-2024-38743
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.39% / 31.34%
||
7 Day CHG~0.00%
Published-01 Nov, 2024 | 14:18
Updated-28 Apr, 2026 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Plum: Spin Wheel & Email Pop-up plugin <= 2.0 - Broken Access Control vulnerability

Access Control vulnerability in Upqode Plum: Spin Wheel & Email Pop-up allows . This issue affects Plum: Spin Wheel & Email Pop-up: from n/a through 2.0.

Action-Not Available
Vendor-Upqodeupqode
Product-Plum: Spin Wheel & Email Pop-upplum
CWE ID-CWE-862
Missing Authorization
CVE-2024-37921
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.37% / 29.10%
||
7 Day CHG~0.00%
Published-01 Nov, 2024 | 14:18
Updated-28 Apr, 2026 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Chained Quiz plugin <= 1.3.2.8 - Broken Access Control vulnerability

Missing Authorization vulnerability in Kiboko Labs Chained Quiz allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Chained Quiz: from n/a through 1.3.2.8.

Action-Not Available
Vendor-Kiboko Labskibokolabs
Product-Chained Quizchained_quiz
CWE ID-CWE-862
Missing Authorization
CVE-2022-47182
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.42% / 34.03%
||
7 Day CHG~0.00%
Published-13 Dec, 2024 | 14:22
Updated-28 Apr, 2026 | 19:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress APIExperts Square for WooCommerce plugin <= 4.4.1 - Broken Access Control

Missing Authorization vulnerability in Wpexpertsio APIExperts Square for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects APIExperts Square for WooCommerce: from n/a through 4.4.1.

Action-Not Available
Vendor-Wpexpertsio
Product-APIExperts Square for WooCommerce
CWE ID-CWE-862
Missing Authorization
CVE-2022-46845
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.21% / 10.61%
||
7 Day CHG~0.00%
Published-09 Dec, 2025 | 16:42
Updated-28 Apr, 2026 | 16:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Slider a SlidersPack plugin <= 2.0.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in Essential Plugin Slider a SlidersPack allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Slider a SlidersPack: from n/a before 2.3.

Action-Not Available
Vendor-Essential Plugin
Product-Slider a SlidersPack
CWE ID-CWE-862
Missing Authorization
CVE-2020-28036
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-5.02% / 91.21%
||
7 Day CHG-0.14%
Published-31 Oct, 2020 | 00:59
Updated-04 Aug, 2024 | 16:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

wp-includes/class-wp-xmlrpc-server.php in WordPress before 5.5.2 allows attackers to gain privileges by using XML-RPC to comment on a post.

Action-Not Available
Vendor-n/aDebian GNU/LinuxWordPress.orgFedora Project
Product-wordpressdebian_linuxfedoran/a
CWE ID-CWE-862
Missing Authorization
CVE-2024-38783
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.37% / 29.09%
||
7 Day CHG~0.00%
Published-01 Nov, 2024 | 14:17
Updated-28 Apr, 2026 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Arconix FAQ plugin <= 1.9.4 - Broken Access Control vulnerability

Missing Authorization vulnerability in Tyche Softwares Arconix FAQ allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Arconix FAQ: from n/a through 1.9.4.

Action-Not Available
Vendor-tychesoftwaresTyche Softwarestychesoftwares
Product-arconix_faqArconix FAQacronix_faq
CWE ID-CWE-862
Missing Authorization
CVE-2024-38748
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.52% / 40.36%
||
7 Day CHG~0.00%
Published-01 Nov, 2024 | 14:17
Updated-28 Apr, 2026 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress EleForms plugin <= 2.9.9.9 - Broken Access Control vulnerability

Access Control vulnerability in TheInnovs EleForms allows . This issue affects EleForms: from n/a through 2.9.9.9.

Action-Not Available
Vendor-theinnovsTheInnovsthelnnovs
Product-eleformsEleFormseleforms
CWE ID-CWE-862
Missing Authorization
CVE-2024-38504
Matching Score-4
Assigner-JetBrains s.r.o.
ShareView Details
Matching Score-4
Assigner-JetBrains s.r.o.
CVSS Score-4.3||MEDIUM
EPSS-0.36% / 28.21%
||
7 Day CHG~0.00%
Published-18 Jun, 2024 | 10:42
Updated-23 Aug, 2024 | 02:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In JetBrains YouTrack before 2024.2.34646 the Guest User Account was enabled for attaching files to articles

Action-Not Available
Vendor-JetBrains s.r.o.
Product-youtrackYouTrack
CWE ID-CWE-862
Missing Authorization
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 25
  • 26
  • Next
Details not found