Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2025-69188

Summary
Assigner-Patchstack
Assigner Org ID-21595511-bba5-4825-b968-b78d1f9984a3
Published At-22 Jan, 2026 | 16:52
Updated At-28 Apr, 2026 | 20:44
Rejected At-
Credits

WordPress fitness-trainer plugin <= 1.7.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in e-plugins fitness-trainer fitness-trainer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects fitness-trainer: from n/a through <= 1.7.1.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–ĽCommon Vulnerabilities and Exposures (CVE)
cve.org
Assigner:Patchstack
Assigner Org ID:21595511-bba5-4825-b968-b78d1f9984a3
Published At:22 Jan, 2026 | 16:52
Updated At:28 Apr, 2026 | 20:44
Rejected At:
â–ĽCVE Numbering Authority (CNA)
WordPress fitness-trainer plugin <= 1.7.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in e-plugins fitness-trainer fitness-trainer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects fitness-trainer: from n/a through <= 1.7.1.

Affected Products
Vendor
e-plugins
Product
fitness-trainer
Collection URL
https://wordpress.org/plugins
Package Name
fitness-trainer
Default Status
unaffected
Versions
Affected
  • From 0 through 1.7.1 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-862Missing Authorization
Type: CWE
CWE ID: CWE-862
Description: Missing Authorization
Metrics
VersionBase scoreBase severityVector
3.17.3HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Version: 3.1
Base score: 7.3
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Metrics Other Info
Impacts
CAPEC IDDescription
CAPEC-180Exploiting Incorrectly Configured Access Control Security Levels
CAPEC ID: CAPEC-180
Description: Exploiting Incorrectly Configured Access Control Security Levels
Solutions
Configurations
Workarounds
Exploits
Credits
finder
Phat RiO | Patchstack Bug Bounty Program
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://patchstack.com/database/Wordpress/Plugin/fitness-trainer/vulnerability/wordpress-fitness-trainer-plugin-1-7-1-broken-access-control-vulnerability?_s_id=cve
vdb-entry
Hyperlink: https://patchstack.com/database/Wordpress/Plugin/fitness-trainer/vulnerability/wordpress-fitness-trainer-plugin-1-7-1-broken-access-control-vulnerability?_s_id=cve
Resource:
vdb-entry
â–ĽAuthorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
â–ĽNational Vulnerability Database (NVD)
nvd.nist.gov
Source:audit@patchstack.com
Published At:22 Jan, 2026 | 17:16
Updated At:27 Jan, 2026 | 18:15

Missing Authorization vulnerability in e-plugins fitness-trainer fitness-trainer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects fitness-trainer: from n/a through <= 1.7.1.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.17.3HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Type: Secondary
Version: 3.1
Base score: 7.3
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-862Secondaryaudit@patchstack.com
CWE ID: CWE-862
Type: Secondary
Source: audit@patchstack.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://patchstack.com/database/Wordpress/Plugin/fitness-trainer/vulnerability/wordpress-fitness-trainer-plugin-1-7-1-broken-access-control-vulnerability?_s_id=cveaudit@patchstack.com
N/A
Hyperlink: https://patchstack.com/database/Wordpress/Plugin/fitness-trainer/vulnerability/wordpress-fitness-trainer-plugin-1-7-1-broken-access-control-vulnerability?_s_id=cve
Source: audit@patchstack.com
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

66Records found
CVE-2026-27396
Matching Score-10
Assigner-Patchstack
ShareView Details
Matching Score-10
Assigner-Patchstack
CVSS Score-7.3||HIGH
EPSS-0.05% / 16.78%
||
7 Day CHG~0.00%
Published-05 Mar, 2026 | 05:53
Updated-28 Apr, 2026 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Directory Pro plugin <= 2.5.6 - Broken Access Control vulnerability

Missing Authorization vulnerability in e-plugins Directory Pro directory-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Directory Pro: from n/a through <= 2.5.6.

Action-Not Available
Vendor-e-plugins
Product-Directory Pro
CWE ID-CWE-862
Missing Authorization
CVE-2025-69193
Matching Score-10
Assigner-Patchstack
ShareView Details
Matching Score-10
Assigner-Patchstack
CVSS Score-7.3||HIGH
EPSS-0.05% / 16.78%
||
7 Day CHG~0.00%
Published-22 Jan, 2026 | 16:52
Updated-28 Apr, 2026 | 20:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Membership plugin <= 1.6.4 - Broken Access Control vulnerability

Missing Authorization vulnerability in e-plugins WP Membership wp-membership allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Membership: from n/a through <= 1.6.4.

Action-Not Available
Vendor-e-plugins
Product-WP Membership
CWE ID-CWE-862
Missing Authorization
CVE-2025-69187
Matching Score-10
Assigner-Patchstack
ShareView Details
Matching Score-10
Assigner-Patchstack
CVSS Score-7.3||HIGH
EPSS-0.05% / 16.78%
||
7 Day CHG~0.00%
Published-22 Jan, 2026 | 16:52
Updated-28 Apr, 2026 | 20:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Final User plugin <= 1.2.5 - Broken Access Control vulnerability

Missing Authorization vulnerability in e-plugins Final User final-user allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Final User: from n/a through <= 1.2.5.

Action-Not Available
Vendor-e-plugins
Product-Final User
CWE ID-CWE-862
Missing Authorization
CVE-2025-69181
Matching Score-10
Assigner-Patchstack
ShareView Details
Matching Score-10
Assigner-Patchstack
CVSS Score-7.3||HIGH
EPSS-0.05% / 16.78%
||
7 Day CHG~0.00%
Published-22 Jan, 2026 | 16:52
Updated-28 Apr, 2026 | 20:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Lawyer Directory plugin <= 1.3.4 - Broken Access Control vulnerability

Missing Authorization vulnerability in e-plugins Lawyer Directory lawyer-directory allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Lawyer Directory: from n/a through <= 1.3.4.

Action-Not Available
Vendor-e-plugins
Product-Lawyer Directory
CWE ID-CWE-862
Missing Authorization
CVE-2025-69185
Matching Score-10
Assigner-Patchstack
ShareView Details
Matching Score-10
Assigner-Patchstack
CVSS Score-7.3||HIGH
EPSS-0.05% / 16.78%
||
7 Day CHG~0.00%
Published-22 Jan, 2026 | 16:52
Updated-28 Apr, 2026 | 20:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Hotel Listing plugin <= 1.4.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in e-plugins Hotel Listing hotel-listing allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Hotel Listing: from n/a through <= 1.4.2.

Action-Not Available
Vendor-e-plugins
Product-Hotel Listing
CWE ID-CWE-862
Missing Authorization
CVE-2025-69190
Matching Score-10
Assigner-Patchstack
ShareView Details
Matching Score-10
Assigner-Patchstack
CVSS Score-7.3||HIGH
EPSS-0.05% / 16.78%
||
7 Day CHG~0.00%
Published-22 Jan, 2026 | 16:52
Updated-28 Apr, 2026 | 20:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Listihub theme <= 1.0.6 - Broken Access Control vulnerability

Missing Authorization vulnerability in e-plugins Listihub listihub allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Listihub: from n/a through <= 1.0.6.

Action-Not Available
Vendor-e-plugins
Product-Listihub
CWE ID-CWE-862
Missing Authorization
CVE-2025-69184
Matching Score-10
Assigner-Patchstack
ShareView Details
Matching Score-10
Assigner-Patchstack
CVSS Score-7.3||HIGH
EPSS-0.05% / 16.78%
||
7 Day CHG~0.00%
Published-22 Jan, 2026 | 16:52
Updated-28 Apr, 2026 | 20:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Institutions Directory plugin <= 1.3.4 - Broken Access Control vulnerability

Missing Authorization vulnerability in e-plugins Institutions Directory institutions-directory allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Institutions Directory: from n/a through <= 1.3.4.

Action-Not Available
Vendor-e-plugins
Product-Institutions Directory
CWE ID-CWE-862
Missing Authorization
CVE-2025-69186
Matching Score-10
Assigner-Patchstack
ShareView Details
Matching Score-10
Assigner-Patchstack
CVSS Score-7.3||HIGH
EPSS-0.05% / 16.78%
||
7 Day CHG~0.00%
Published-22 Jan, 2026 | 16:52
Updated-28 Apr, 2026 | 20:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Hospital Doctor Directory plugin <= 1.3.9 - Broken Access Control vulnerability

Missing Authorization vulnerability in e-plugins Hospital Doctor Directory hospital-doctor-directory allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Hospital Doctor Directory: from n/a through <= 1.3.9.

Action-Not Available
Vendor-e-plugins
Product-Hospital Doctor Directory
CWE ID-CWE-862
Missing Authorization
CVE-2025-69192
Matching Score-10
Assigner-Patchstack
ShareView Details
Matching Score-10
Assigner-Patchstack
CVSS Score-7.3||HIGH
EPSS-0.05% / 16.78%
||
7 Day CHG~0.00%
Published-22 Jan, 2026 | 16:52
Updated-28 Apr, 2026 | 20:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Real Estate Pro plugin <= 2.1.5 - Broken Access Control vulnerability

Missing Authorization vulnerability in e-plugins Real Estate Pro real-estate-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Real Estate Pro: from n/a through <= 2.1.5.

Action-Not Available
Vendor-e-plugins
Product-Real Estate Pro
CWE ID-CWE-862
Missing Authorization
CVE-2025-69191
Matching Score-10
Assigner-Patchstack
ShareView Details
Matching Score-10
Assigner-Patchstack
CVSS Score-7.3||HIGH
EPSS-0.05% / 16.78%
||
7 Day CHG~0.00%
Published-22 Jan, 2026 | 16:52
Updated-28 Apr, 2026 | 20:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress ListingHub plugin <= 1.2.7 - Broken Access Control vulnerability

Missing Authorization vulnerability in e-plugins ListingHub listinghub allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ListingHub: from n/a through <= 1.2.7.

Action-Not Available
Vendor-e-plugins
Product-ListingHub
CWE ID-CWE-862
Missing Authorization
CVE-2025-68057
Matching Score-6
Assigner-Patchstack
ShareView Details
Matching Score-6
Assigner-Patchstack
CVSS Score-7.6||HIGH
EPSS-0.05% / 15.75%
||
7 Day CHG~0.00%
Published-22 Jan, 2026 | 16:52
Updated-28 Apr, 2026 | 16:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Hospital Doctor Directory plugin <= 1.3.9 - Broken Access Control vulnerability

Missing Authorization vulnerability in e-plugins Hospital Doctor Directory hospital-doctor-directory allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Hospital Doctor Directory: from n/a through <= 1.3.9.

Action-Not Available
Vendor-e-plugins
Product-Hospital Doctor Directory
CWE ID-CWE-862
Missing Authorization
CVE-2025-68058
Matching Score-6
Assigner-Patchstack
ShareView Details
Matching Score-6
Assigner-Patchstack
CVSS Score-7.6||HIGH
EPSS-0.05% / 15.75%
||
7 Day CHG~0.00%
Published-22 Jan, 2026 | 16:52
Updated-28 Apr, 2026 | 16:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Institutions Directory plugin <= 1.3..4 - Broken Access Control vulnerability

Missing Authorization vulnerability in e-plugins Institutions Directory institutions-directory allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Institutions Directory: from n/a through <= 1.3..4.

Action-Not Available
Vendor-e-plugins
Product-Institutions Directory
CWE ID-CWE-862
Missing Authorization
CVE-2025-67967
Matching Score-6
Assigner-Patchstack
ShareView Details
Matching Score-6
Assigner-Patchstack
CVSS Score-7.6||HIGH
EPSS-0.02% / 4.15%
||
7 Day CHG~0.00%
Published-22 Jan, 2026 | 16:51
Updated-28 Apr, 2026 | 19:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Lawyer Directory plugin <= 1.3.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in e-plugins Lawyer Directory lawyer-directory allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Lawyer Directory: from n/a through <= 1.3.3.

Action-Not Available
Vendor-e-plugins
Product-Lawyer Directory
CWE ID-CWE-862
Missing Authorization
CVE-2025-54717
Matching Score-6
Assigner-Patchstack
ShareView Details
Matching Score-6
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.07% / 21.56%
||
7 Day CHG~0.00%
Published-14 Aug, 2025 | 18:21
Updated-28 Apr, 2026 | 16:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Membership Plugin <= 1.6.3 - Settings Change Vulnerability

Missing Authorization vulnerability in e-plugins WP Membership wp-membership allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Membership: from n/a through <= 1.6.3.

Action-Not Available
Vendor-e-plugins
Product-WP Membership
CWE ID-CWE-862
Missing Authorization
CVE-2025-68059
Matching Score-6
Assigner-Patchstack
ShareView Details
Matching Score-6
Assigner-Patchstack
CVSS Score-7.6||HIGH
EPSS-0.05% / 15.75%
||
7 Day CHG~0.00%
Published-22 Jan, 2026 | 16:52
Updated-28 Apr, 2026 | 16:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Hotel Listing plugin <= 1.4.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in e-plugins Hotel Listing hotel-listing allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Hotel Listing: from n/a through <= 1.4.2.

Action-Not Available
Vendor-e-plugins
Product-Hotel Listing
CWE ID-CWE-862
Missing Authorization
CVE-2025-64243
Matching Score-6
Assigner-Patchstack
ShareView Details
Matching Score-6
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.03% / 8.70%
||
7 Day CHG-0.02%
Published-16 Dec, 2025 | 08:12
Updated-28 Apr, 2026 | 16:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Directory Pro plugin <= 2.5.6 - Broken Access Control vulnerability

Missing Authorization vulnerability in e-plugins Directory Pro directory-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Directory Pro: from n/a through <= 2.5.6.

Action-Not Available
Vendor-e-plugins
Product-Directory Pro
CWE ID-CWE-862
Missing Authorization
CVE-2026-42377
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.3||HIGH
EPSS-0.01% / 3.36%
||
7 Day CHG~0.00%
Published-29 Apr, 2026 | 07:27
Updated-29 Apr, 2026 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress SureForms Pro plugin <= 2.8.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in Brainstorm Force SureForms Pro allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects SureForms Pro: from n/a through 2.8.0.

Action-Not Available
Vendor-Brainstorm Force
Product-SureForms Pro
CWE ID-CWE-862
Missing Authorization
CVE-2026-25456
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.3||HIGH
EPSS-0.05% / 16.07%
||
7 Day CHG~0.00%
Published-25 Mar, 2026 | 16:14
Updated-28 Apr, 2026 | 16:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Automated FedEx live/manual rates with shipping labels plugin <= 5.1.9 - Broken Access Control vulnerability

Missing Authorization vulnerability in Aarsiv Groups Automated FedEx live/manual rates with shipping labels a2z-fedex-shipping allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Automated FedEx live/manual rates with shipping labels: from n/a through <= 5.1.9.

Action-Not Available
Vendor-Aarsiv Groups
Product-Automated FedEx live/manual rates with shipping labels
CWE ID-CWE-862
Missing Authorization
CVE-2024-4744
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.10% / 26.52%
||
7 Day CHG~0.00%
Published-10 Jun, 2024 | 08:10
Updated-28 Apr, 2026 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress iPages Flipbook plugin <= 1.5.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in Avirtum iPages Flipbook.This issue affects iPages Flipbook: from n/a through 1.5.1.

Action-Not Available
Vendor-ipages_flipbook_projectAvirtumavirtum
Product-ipages_flipbookiPages Flipbookipages_flipbook
CWE ID-CWE-862
Missing Authorization
CVE-2024-4222
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-7.3||HIGH
EPSS-0.58% / 69.10%
||
7 Day CHG~0.00%
Published-16 May, 2024 | 09:32
Updated-08 Apr, 2026 | 18:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tutor LMS Pro <= 2.7.0 - Missing Authorization

The Tutor LMS Pro plugin for WordPress is vulnerable to unauthorized access of data, modification of data, loss of data due to a missing capability check on multiple functions in all versions up to, and including, 2.7.0. This makes it possible for unauthenticated attackers to add, modify, or delete user meta and plugin options.

Action-Not Available
Vendor-Themeum
Product-tutor_lmsTutor LMS Pro
CWE ID-CWE-862
Missing Authorization
CVE-2024-39664
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.3||HIGH
EPSS-0.19% / 41.15%
||
7 Day CHG~0.00%
Published-01 Nov, 2024 | 14:17
Updated-28 Apr, 2026 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Filter & Grids plugin <= 2.8.32 - Broken Authentication vulnerability

Missing Authorization vulnerability in YMC Filter & Grids allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Filter & Grids: from n/a through 2.8.33.

Action-Not Available
Vendor-YMCymc-22
Product-Filter & Gridsfilter_\&_grids
CWE ID-CWE-862
Missing Authorization
CVE-2024-35742
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.10% / 26.21%
||
7 Day CHG~0.00%
Published-10 Jun, 2024 | 07:40
Updated-28 Apr, 2026 | 16:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Easy Forms for Mailchimp plugin <= 6.9.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in Code Parrots Easy Forms for Mailchimp.This issue affects Easy Forms for Mailchimp: from n/a through 6.9.0.

Action-Not Available
Vendor-codeparrotsCode Parrots
Product-easy_forms_for_mailchimpEasy Forms for Mailchimp
CWE ID-CWE-862
Missing Authorization
CVE-2024-35692
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.14% / 33.47%
||
7 Day CHG~0.00%
Published-11 Jun, 2024 | 09:21
Updated-28 Apr, 2026 | 16:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress GDPR/CCPA Cookie Consent Banner plugin <= 3.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in Termly Cookie Consent.This issue affects Cookie Consent: from n/a through 3.2.

Action-Not Available
Vendor-termlyTermlytermly
Product-gdpr_cookie_consent_bannerCookie Consentgdpr_cookie_consent_banner
CWE ID-CWE-862
Missing Authorization
CVE-2024-30525
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.13% / 31.37%
||
7 Day CHG~0.00%
Published-04 Jun, 2024 | 19:24
Updated-28 Apr, 2026 | 16:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Move Addons for Elementor plugin <= 1.2.9 - Broken Access Control vulnerability

Missing Authorization vulnerability in moveaddons Move Addons for Elementor.This issue affects Move Addons for Elementor: from n/a through 1.2.9.

Action-Not Available
Vendor-moveaddonsmoveaddonsmoveaddons
Product-move_addons_for_elementorMove Addons for Elementormove_addons_for_elementor
CWE ID-CWE-862
Missing Authorization
CVE-2022-36228
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.3||HIGH
EPSS-0.07% / 20.06%
||
7 Day CHG~0.00%
Published-09 Oct, 2023 | 00:00
Updated-30 Oct, 2024 | 15:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Nokelock Smart padlock O1 Version 5.3.0 is vulnerable to Insecure Permissions. By sending a request, you can add any device and set the device password in the Nokelock app.

Action-Not Available
Vendor-janusintln/a
Product-noke_standard_smart_padlock_firmwarenoke_hd\+_smart_padlock_firmwarenoke_hd_smart_padlock_firmwarenoke_hd\+_smart_padlocknoke_hd_smart_padlocknoke_standard_smart_padlockn/a
CWE ID-CWE-862
Missing Authorization
CVE-2024-1094
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-7.3||HIGH
EPSS-0.24% / 47.31%
||
7 Day CHG~0.00%
Published-14 Jun, 2024 | 04:36
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Timetics- AI-powered Appointment Booking with Visual Seat Plan and ultimate Calendar Scheduling Plugin <= 1.0.21 - Missing Authorization to Limited Privilege Escalation

The Timetics- AI-powered Appointment Booking with Visual Seat Plan and ultimate Calendar Scheduling plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the make_staff() function in all versions up to, and including, 1.0.21. This makes it possible for unauthenticated attackers to grant users staff permissions. CVE-2024-37427 is likely a duplicate of this issue.

Action-Not Available
Vendor-arrayticsarraytics
Product-Timetics – Appointment Booking & Schedulingtimetics
CWE ID-CWE-862
Missing Authorization
CVE-2025-8435
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.12% / 30.65%
||
7 Day CHG+0.01%
Published-01 Aug, 2025 | 04:32
Updated-05 Aug, 2025 | 18:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
code-projects Online Movie Streaming admin-control.php authorization

A vulnerability was found in code-projects Online Movie Streaming 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin-control.php. The manipulation of the argument ID leads to missing authorization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-anishaSource Code & Projects
Product-online_movie_streamingOnline Movie Streaming
CWE ID-CWE-862
Missing Authorization
CWE ID-CWE-863
Incorrect Authorization
CVE-2025-8434
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.10% / 26.11%
||
7 Day CHG+0.01%
Published-01 Aug, 2025 | 04:02
Updated-05 Aug, 2025 | 18:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
code-projects Online Movie Streaming admin.php authorization

A vulnerability was found in code-projects Online Movie Streaming 1.0. It has been classified as critical. Affected is an unknown function of the file /admin.php. The manipulation of the argument ID leads to missing authorization. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-anishaSource Code & Projects
Product-online_movie_streamingOnline Movie Streaming
CWE ID-CWE-862
Missing Authorization
CWE ID-CWE-863
Incorrect Authorization
CVE-2024-0570
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.19% / 40.18%
||
7 Day CHG~0.00%
Published-16 Jan, 2024 | 13:31
Updated-09 May, 2025 | 18:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Totolink N350RT Setting cstecgi.cgi access control

A vulnerability classified as critical was found in Totolink N350RT 9.3.5u.6265. This vulnerability affects unknown code of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. The manipulation leads to improper access controls. The attack can be initiated remotely. It is recommended to upgrade the affected component. VDB-250786 is the identifier assigned to this vulnerability.

Action-Not Available
Vendor-TOTOLINK
Product-n350rt_firmwaren350rtN350RT
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-862
Missing Authorization
CVE-2024-0702
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-7.3||HIGH
EPSS-0.15% / 35.02%
||
7 Day CHG~0.00%
Published-20 Feb, 2024 | 18:56
Updated-08 Apr, 2026 | 19:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Oliver POS – A WooCommerce Point of Sale (POS) <= 2.4.2.1 - Missing Authorization

The Oliver POS – A WooCommerce Point of Sale (POS) plugin for WordPress is vulnerable to unauthorized access due to missing capability checks on several functions hooked via AJAX in the includes/class-pos-bridge-install.php file in all versions up to, and including, 2.4.2.1 This makes it possible for authenticated attackers, with subscriber-level access and above, to perform several unauthorized actions like deactivating the plugin, disconnecting the subscription, syncing the status and more.

Action-Not Available
Vendor-oliverposoliverposoliverpos
Product-oliver_posOliver POS – A WooCommerce Point of Sale (POS)oliver_pos
CWE ID-CWE-862
Missing Authorization
CVE-2023-6751
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-7.3||HIGH
EPSS-0.15% / 35.63%
||
7 Day CHG~0.00%
Published-11 Jan, 2024 | 08:33
Updated-08 Apr, 2026 | 19:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Hostinger <= 1.9.7 - Missing Authorization to Maintenance Mode Activation

The Hostinger plugin for WordPress is vulnerable to unauthorized plugin settings update due to a missing capability check on the function publish_website in all versions up to, and including, 1.9.7. This makes it possible for unauthenticated attackers to enable and disable maintenance mode.

Action-Not Available
Vendor-hostingerhostinger
Product-hostingerHostinger Tools
CWE ID-CWE-862
Missing Authorization
CVE-2025-12925
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.07% / 21.33%
||
7 Day CHG~0.00%
Published-10 Nov, 2025 | 01:32
Updated-24 Feb, 2026 | 07:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
rymcu forest UserDicController.java deleteDic authorization

A security flaw has been discovered in rymcu forest up to de53ce79db9faa2efc4e79ce1077a302c42a1224. Impacted is the function getAll/addDic/getAllDic/deleteDic of the file src/main/java/com/rymcu/forest/lucene/api/UserDicController.java. The manipulation results in missing authorization. The attack may be launched remotely. This product operates on a rolling release basis, ensuring continuous delivery. Consequently, there are no version details for either affected or updated releases.

Action-Not Available
Vendor-rymcurymcu
Product-forestforest
CWE ID-CWE-862
Missing Authorization
CWE ID-CWE-863
Incorrect Authorization
CVE-2023-6007
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-7.3||HIGH
EPSS-0.23% / 45.20%
||
7 Day CHG~0.00%
Published-22 Nov, 2023 | 15:33
Updated-08 Apr, 2026 | 18:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
UserPro <= 5.1.1 - Missing Authorization via multiple functions

The UserPro plugin for WordPress is vulnerable to unauthorized access of data, modification of data, loss of data due to a missing capability check on multiple functions in all versions up to, and including, 5.1.1. This makes it possible for unauthenticated attackers to add, modify, or delete user meta and plugin options.

Action-Not Available
Vendor-userpropluginn/a
Product-userproUserPro - Community and User Profile WordPress Plugin
CWE ID-CWE-862
Missing Authorization
CVE-2023-51537
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.21% / 42.39%
||
7 Day CHG~0.00%
Published-12 Jun, 2024 | 09:02
Updated-28 Apr, 2026 | 16:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Awesome Support plugin <= 6.1.5 - Broken Access Control vulnerability

Missing Authorization vulnerability in Awesome Support Team Awesome Support.This issue affects Awesome Support: from n/a through 6.1.5.

Action-Not Available
Vendor-awesomesupportAwesome Support Teamawesomesupport
Product-awesome_support_wordpress_helpdesk_\&_supportAwesome Supportawesome_support_wordpress_helpdesk_\&_support
CWE ID-CWE-862
Missing Authorization
CVE-2026-0832
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-7.3||HIGH
EPSS-0.05% / 14.44%
||
7 Day CHG~0.00%
Published-28 Jan, 2026 | 06:43
Updated-08 Apr, 2026 | 17:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
New User Approve <= 3.2.2 - Missing Authorization to Unauthenticated Arbitrary User Approval, Denial, and Information Disclosure

The New User Approve plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on multiple REST API endpoints in all versions up to, and including, 3.2.2. This makes it possible for unauthenticated attackers to approve or deny user accounts, retrieve sensitive user information including emails and roles, and force logout of privileged users.

Action-Not Available
Vendor-saadiqbal
Product-New User Approve
CWE ID-CWE-862
Missing Authorization
CVE-2021-4448
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-7.3||HIGH
EPSS-48.90% / 97.80%
||
7 Day CHG~0.00%
Published-16 Oct, 2024 | 06:43
Updated-08 Apr, 2026 | 16:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Kaswara Modern VC Addons <= 3.0.1 - Missing Authorization

The Kaswara Modern VC Addons plugin for WordPress is vulnerable to authorization bypass in versions up to, and including, 3.0.1 due to insufficient capability checking on various AJAX actions. This makes it possible for unauthenticated attackers to perform a wide variety of unauthorized actions such as importing data, uploading arbitrary files, deleting arbitrary files, and more.

Action-Not Available
Vendor-kaswara_projectSayenThemeskaswara_project
Product-kaswaraKaswara Modern VC Addonskaswara
CWE ID-CWE-862
Missing Authorization
CVE-2021-4444
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-7.3||HIGH
EPSS-0.16% / 36.90%
||
7 Day CHG~0.00%
Published-16 Oct, 2024 | 06:43
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Product Filter by WooBeWoo <= 1.4.9 - Missing Authorization

The Product Filter by WooBeWoo plugin for WordPress is vulnerable to authorization bypass in versions up to, and including 1.4.9 due to missing authorization checks on various functions. This makes it possible for unauthenticated attackers to perform unauthorized actions such as creating new filters and injecting malicious javascript into a vulnerable site. This was actively exploited at the time of discovery.

Action-Not Available
Vendor-woobewoowoobewoo
Product-Product Filter for WooCommerce by WBWproduct_filter
CWE ID-CWE-862
Missing Authorization
CVE-2024-39650
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.3||HIGH
EPSS-0.30% / 53.20%
||
7 Day CHG~0.00%
Published-01 Nov, 2024 | 14:17
Updated-28 Apr, 2026 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WooCommerce PDF Vouchers plugin < 4.9.5 - Unauthenticated Multiple Vulnerabilities

Missing Authorization vulnerability in WPWeb Elite WooCommerce PDF Vouchers allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WooCommerce PDF Vouchers: from n/a through 4.9.4.

Action-Not Available
Vendor-WPWeb Elite
Product-woocommerce_pdf_vouchersWooCommerce PDF Voucherswoocommerce_pdf_vouchers
CWE ID-CWE-862
Missing Authorization
CVE-2024-3821
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-7.3||HIGH
EPSS-0.32% / 55.13%
||
7 Day CHG~0.00%
Published-01 Jun, 2024 | 08:38
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
wpDataTables - Tables & Table Charts (Premium) <= 6.3.2 - Missing Authorization to DataTable Access & Modification

The wpDataTables – WordPress Data Table, Dynamic Tables & Table Charts Plugin plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several functions in the wdt_ajax_actions.php file in all versions up to, and including, 6.3.2. This makes it possible for unauthenticated attackers to manipulate data tables. Please note this only affects the premium version of the plugin.

Action-Not Available
Vendor-wpdatatables
Product-wpDataTables – WordPress Data Table, Dynamic Tables & Table Charts Plugin
CWE ID-CWE-862
Missing Authorization
CVE-2021-39226
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-9.8||CRITICAL
EPSS-94.35% / 99.96%
||
7 Day CHG~0.00%
Published-05 Oct, 2021 | 17:30
Updated-24 Oct, 2025 | 14:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-09-15||Apply updates per vendor instructions.
Snapshot authentication bypass in grafana

Grafana is an open source data visualization platform. In affected versions unauthenticated and authenticated users are able to view the snapshot with the lowest database key by accessing the literal paths: /dashboard/snapshot/:key, or /api/snapshots/:key. If the snapshot "public_mode" configuration setting is set to true (vs default of false), unauthenticated users are able to delete the snapshot with the lowest database key by accessing the literal path: /api/snapshots-delete/:deleteKey. Regardless of the snapshot "public_mode" setting, authenticated users are able to delete the snapshot with the lowest database key by accessing the literal paths: /api/snapshots/:key, or /api/snapshots-delete/:deleteKey. The combination of deletion and viewing enables a complete walk through all snapshot data while resulting in complete snapshot data loss. This issue has been resolved in versions 8.1.6 and 7.5.11. If for some reason you cannot upgrade you can use a reverse proxy or similar to block access to the literal paths: /api/snapshots/:key, /api/snapshots-delete/:deleteKey, /dashboard/snapshot/:key, and /api/snapshots/:key. They have no normal function and can be disabled without side effects.

Action-Not Available
Vendor-Grafana LabsFedora Project
Product-fedoragrafanagrafanaGrafana
CWE ID-CWE-287
Improper Authentication
CWE ID-CWE-862
Missing Authorization
CVE-2023-45104
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.3||HIGH
EPSS-0.21% / 42.98%
||
7 Day CHG~0.00%
Published-02 Jan, 2025 | 11:59
Updated-29 Apr, 2026 | 10:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress BetterLinks plugin <= 1.6.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in WPDeveloper BetterLinks betterlinks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects BetterLinks: from n/a through <= 1.6.0.

Action-Not Available
Vendor-WPDeveloper
Product-betterlinksBetterLinks
CWE ID-CWE-862
Missing Authorization
CVE-2025-68043
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.3||HIGH
EPSS-1.77% / 82.87%
||
7 Day CHG+0.46%
Published-20 Feb, 2026 | 15:46
Updated-28 Apr, 2026 | 19:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress LottieFiles plugin <= 3.0.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in LottieFiles LottieFiles lottiefiles allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LottieFiles: from n/a through <= 3.0.0.

Action-Not Available
Vendor-LottieFiles
Product-LottieFiles
CWE ID-CWE-862
Missing Authorization
CVE-2025-68022
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.3||HIGH
EPSS-0.02% / 4.44%
||
7 Day CHG~0.00%
Published-20 Feb, 2026 | 15:46
Updated-28 Apr, 2026 | 16:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Plugin BlueX for WooCommerce plugin <= 3.1.6 - Broken Access Control vulnerability

Missing Authorization vulnerability in soporteblue Plugin BlueX for WooCommerce bluex-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Plugin BlueX for WooCommerce: from n/a through <= 3.1.6.

Action-Not Available
Vendor-soporteblue
Product-Plugin BlueX for WooCommerce
CWE ID-CWE-862
Missing Authorization
CVE-2025-52801
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.3||HIGH
EPSS-0.07% / 21.79%
||
7 Day CHG~0.00%
Published-14 Aug, 2025 | 10:33
Updated-12 May, 2026 | 00:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress TheBooking Plugin <= 1.4.4 - Broken Access Control Vulnerability

Missing Authorization vulnerability in VonStroheim TheBooking thebooking allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects TheBooking: from n/a through <= 1.4.4.

Action-Not Available
Vendor-VonStroheim
Product-TheBooking
CWE ID-CWE-862
Missing Authorization
CVE-2020-36840
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-7.3||HIGH
EPSS-0.36% / 58.41%
||
7 Day CHG~0.00%
Published-16 Oct, 2024 | 07:31
Updated-08 Apr, 2026 | 17:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Timetable and Event Schedule by MotoPress <= 2.3.8 - Missing Authorization

The Timetable and Event Schedule by MotoPress plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the wp_ajax_route_url() function called via a nopriv AJAX action in versions up to, and including, 2.3.8. This makes it possible for unauthenticated attackers to call that function and perform a wide variety of actions such as including random template, injecting malicious web scripts, and more.

Action-Not Available
Vendor-motopressjetmonstersmotopress
Product-timetable_and_event_scheduleTimetable and Event Schedule by MotoPresstimetable_and_event_schedule
CWE ID-CWE-862
Missing Authorization
CVE-2023-36510
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.3||HIGH
EPSS-0.23% / 46.18%
||
7 Day CHG~0.00%
Published-13 Dec, 2024 | 14:23
Updated-28 Apr, 2026 | 16:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress ReDi Restaurant Reservation plugin <= 23.0211 - Broken Access Control vulnerability

Missing Authorization vulnerability in Reservation Diary ReDi Restaurant Reservation allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ReDi Restaurant Reservation: from n/a through 23.0211.

Action-Not Available
Vendor-Reservation Diary
Product-ReDi Restaurant Reservation
CWE ID-CWE-862
Missing Authorization
CVE-2025-13063
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.04% / 13.48%
||
7 Day CHG~0.00%
Published-12 Nov, 2025 | 21:02
Updated-14 Nov, 2025 | 16:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
DinukaNavaratna Dee Store authorization

A flaw has been found in DinukaNavaratna Dee Store 1.0. Affected is an unknown function. Executing manipulation can lead to missing authorization. The attack may be performed from remote. The exploit has been published and may be used. Multiple endpoints are affected.

Action-Not Available
Vendor-DinukaNavaratna
Product-Dee Store
CWE ID-CWE-862
Missing Authorization
CWE ID-CWE-863
Incorrect Authorization
CVE-2025-0856
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-7.3||HIGH
EPSS-0.52% / 67.07%
||
7 Day CHG~0.00%
Published-06 May, 2025 | 22:22
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PGS Core <= 5.8.0 - Missing Authorization via Multiple Functions

The PGS Core plugin for WordPress is vulnerable to unauthorized access, modification, and loss of data due to a missing capability check on multiple functions in all versions up to, and including, 5.8.0. This makes it possible for unauthenticated attackers to add, modify, or plugin options.

Action-Not Available
Vendor-Potenza Global Solutions
Product-PGS Core
CWE ID-CWE-862
Missing Authorization
CVE-2020-36697
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-7.3||HIGH
EPSS-0.10% / 26.47%
||
7 Day CHG~0.00%
Published-07 Jun, 2023 | 01:51
Updated-08 Apr, 2026 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WP GDPR <= 2.1.1 - Missing Authorization Checks

The WP GDPR plugin for WordPress is vulnerable to authorization bypass due to a missing capability check in versions up to, and including, 2.1.1. This makes it possible for unauthenticated attackers to delete any comment and modify the plugin’s settings.

Action-Not Available
Vendor-appsaloonkoenhuybrechts
Product-wp_gdprWP GDPR
CWE ID-CWE-862
Missing Authorization
CVE-2020-36716
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-7.3||HIGH
EPSS-0.10% / 28.00%
||
7 Day CHG~0.00%
Published-07 Jun, 2023 | 01:51
Updated-08 Apr, 2026 | 18:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WP Activity Log <= 4.0.1 - Missing Authorization

The WP Activity Log plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the setup_page function in versions up to, and including, 4.0.1. This makes it possible for unauthenticated attackers to run the setup wizard (if it has not been run previously) and access plugin configuration options.

Action-Not Available
Vendor-wpwhitesecuritymelapress
Product-wp_activity_logWP Activity Log
CWE ID-CWE-862
Missing Authorization
  • Previous
  • 1
  • 2
  • Next
Details not found