Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2025-8593

Summary
Assigner-Wordfence
Assigner Org ID-b15e7b5b-3da4-40ae-a43c-f7aa60e62599
Published At-11 Oct, 2025 | 09:28
Updated At-08 Apr, 2026 | 17:21
Rejected At-
Credits

GSheetConnector For Gravity Forms <= 1.3.27 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Installation

The GSheetConnector For Gravity Forms plugin for WordPress is vulnerable to authorization bypass in versions less than, or equal to, 1.3.27. This is due to a missing capability check on the 'install_plugin' function. This makes it possible for authenticated attackers, with subscriber-level access and above to install plugins on the target site and potentially achieve arbitrary code execution on the server under certain conditions.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:Wordfence
Assigner Org ID:b15e7b5b-3da4-40ae-a43c-f7aa60e62599
Published At:11 Oct, 2025 | 09:28
Updated At:08 Apr, 2026 | 17:21
Rejected At:
▼CVE Numbering Authority (CNA)
GSheetConnector For Gravity Forms <= 1.3.27 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Installation

The GSheetConnector For Gravity Forms plugin for WordPress is vulnerable to authorization bypass in versions less than, or equal to, 1.3.27. This is due to a missing capability check on the 'install_plugin' function. This makes it possible for authenticated attackers, with subscriber-level access and above to install plugins on the target site and potentially achieve arbitrary code execution on the server under certain conditions.

Affected Products
Vendor
westerndeal
Product
GSheetConnector for Gravity Forms – Send Gravity Forms Entries to Google Sheets in Real-Time
Default Status
unaffected
Versions
Affected
  • From 0 through 1.3.27 (semver)
Problem Types
TypeCWE IDDescription
CWECWE-862CWE-862 Missing Authorization
Type: CWE
CWE ID: CWE-862
Description: CWE-862 Missing Authorization
Metrics
VersionBase scoreBase severityVector
3.18.8HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Version: 3.1
Base score: 8.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
finder
wesley
Timeline
EventDate
Discovered2025-07-25 00:00:00
Vendor Notified2025-08-21 13:47:38
Disclosed2025-10-10 20:59:26
Event: Discovered
Date: 2025-07-25 00:00:00
Event: Vendor Notified
Date: 2025-08-21 13:47:38
Event: Disclosed
Date: 2025-10-10 20:59:26
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.wordfence.com/threat-intel/vulnerabilities/id/c7266ce6-2853-4c5d-9e36-8c5b7418b072?source=cve
N/A
https://plugins.trac.wordpress.org/browser/gsheetconnector-gravity-forms/tags/1.3.23/includes/class-gravityform-gs-service.php#L128
N/A
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3354113%40gsheetconnector-gravity-forms&new=3354113%40gsheetconnector-gravity-forms&sfp_email=&sfph_mail=
N/A
Hyperlink: https://www.wordfence.com/threat-intel/vulnerabilities/id/c7266ce6-2853-4c5d-9e36-8c5b7418b072?source=cve
Resource: N/A
Hyperlink: https://plugins.trac.wordpress.org/browser/gsheetconnector-gravity-forms/tags/1.3.23/includes/class-gravityform-gs-service.php#L128
Resource: N/A
Hyperlink: https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3354113%40gsheetconnector-gravity-forms&new=3354113%40gsheetconnector-gravity-forms&sfp_email=&sfph_mail=
Resource: N/A
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security@wordfence.com
Published At:11 Oct, 2025 | 10:15
Updated At:14 Oct, 2025 | 19:36

The GSheetConnector For Gravity Forms plugin for WordPress is vulnerable to authorization bypass in versions less than, or equal to, 1.3.27. This is due to a missing capability check on the 'install_plugin' function. This makes it possible for authenticated attackers, with subscriber-level access and above to install plugins on the target site and potentially achieve arbitrary code execution on the server under certain conditions.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.18.8HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Type: Primary
Version: 3.1
Base score: 8.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-862Primarysecurity@wordfence.com
CWE ID: CWE-862
Type: Primary
Source: security@wordfence.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://plugins.trac.wordpress.org/browser/gsheetconnector-gravity-forms/tags/1.3.23/includes/class-gravityform-gs-service.php#L128security@wordfence.com
N/A
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3354113%40gsheetconnector-gravity-forms&new=3354113%40gsheetconnector-gravity-forms&sfp_email=&sfph_mail=security@wordfence.com
N/A
https://www.wordfence.com/threat-intel/vulnerabilities/id/c7266ce6-2853-4c5d-9e36-8c5b7418b072?source=cvesecurity@wordfence.com
N/A
Hyperlink: https://plugins.trac.wordpress.org/browser/gsheetconnector-gravity-forms/tags/1.3.23/includes/class-gravityform-gs-service.php#L128
Source: security@wordfence.com
Resource: N/A
Hyperlink: https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3354113%40gsheetconnector-gravity-forms&new=3354113%40gsheetconnector-gravity-forms&sfp_email=&sfph_mail=
Source: security@wordfence.com
Resource: N/A
Hyperlink: https://www.wordfence.com/threat-intel/vulnerabilities/id/c7266ce6-2853-4c5d-9e36-8c5b7418b072?source=cve
Source: security@wordfence.com
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

534Records found
CVE-2024-43118
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.24% / 47.22%
||
7 Day CHG~0.00%
Published-01 Nov, 2024 | 14:17
Updated-28 Apr, 2026 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Hummingbird plugin <= 3.9.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in WPMU DEV - Your All-in-One WordPress Platform Hummingbird hummingbird-performance.This issue affects Hummingbird: from n/a through <= 3.9.1.

Action-Not Available
Vendor-WPMU DEV - Your All-in-One WordPress PlatformIncsub, LLC
Product-hummingbirdHummingbird
CWE ID-CWE-862
Missing Authorization
CVE-2024-43136
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.50% / 66.22%
||
7 Day CHG~0.00%
Published-01 Nov, 2024 | 14:17
Updated-28 Apr, 2026 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Sunshine Photo Cart plugin <= 3.2.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in sunshinephotocart Sunshine Photo Cart sunshine-photo-cart.This issue affects Sunshine Photo Cart: from n/a through <= 3.2.1.

Action-Not Available
Vendor-sunshinephotocartsunshinephotocart
Product-sunshine_photo_cartSunshine Photo Cart
CWE ID-CWE-862
Missing Authorization
CVE-2022-3911
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-8.8||HIGH
EPSS-0.21% / 42.94%
||
7 Day CHG~0.00%
Published-02 Jan, 2023 | 21:49
Updated-10 Apr, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
iubenda < 3.3.3 - Subscriber+ Privileges Escalation to Admin

The iubenda WordPress plugin before 3.3.3 does does not have authorisation and CSRF in an AJAX action, and does not ensure that the options to be updated belong to the plugin as long as they are arrays. As a result, any authenticated users, such as subscriber can grant themselves any privileges, such as edit_plugins etc

Action-Not Available
Vendor-iubendaUnknown
Product-iubenda-cookie-law-solutioniubenda | All-in-one Compliance for GDPR / CCPA Cookie Consent + more
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CWE ID-CWE-862
Missing Authorization
CVE-2024-4352
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-8.8||HIGH
EPSS-23.34% / 95.99%
||
7 Day CHG~0.00%
Published-16 May, 2024 | 09:32
Updated-08 Apr, 2026 | 19:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tutor LMS Pro <= 2.7.0 - Missing Authorization to SQL Injection

The Tutor LMS Pro plugin for WordPress is vulnerable to unauthorized access of data, modification of data, loss of data due to a missing capability check on the 'get_calendar_materials' function. The plugin is also vulnerable to SQL Injection via the ‘year’ parameter of that function due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

Action-Not Available
Vendor-Themeum
Product-tutor_lmsTutor LMS Protutor_lms_pro
CWE ID-CWE-862
Missing Authorization
CVE-2024-43296
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.29% / 52.32%
||
7 Day CHG~0.00%
Published-01 Nov, 2024 | 14:17
Updated-28 Apr, 2026 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress HTML5 Video Player plugin <= 2.5.30 - Broken Access Control vulnerability

Missing Authorization vulnerability in bPlugins LLC Flash & HTML5 Video allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Flash & HTML5 Video: from n/a through 2.5.30.

Action-Not Available
Vendor-bpluginsbPlugins LLC
Product-html5_video_playerFlash & HTML5 Video
CWE ID-CWE-862
Missing Authorization
CVE-2024-43298
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.26% / 49.46%
||
7 Day CHG~0.00%
Published-01 Nov, 2024 | 14:17
Updated-28 Apr, 2026 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Clone plugin <= 2.4.5 - Broken Access Control vulnerability

Missing Authorization vulnerability in Migrate Clone allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Clone: from n/a through 2.4.5.

Action-Not Available
Vendor-backupblissMigrate
Product-cloneClone
CWE ID-CWE-862
Missing Authorization
CVE-2024-43162
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.56% / 68.34%
||
7 Day CHG~0.00%
Published-01 Nov, 2024 | 14:17
Updated-28 Apr, 2026 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Easy Digital Downloads plugin <= 3.2.12 - Broken Access Control vulnerability

Missing Authorization vulnerability in Easy Digital Downloads allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Digital Downloads: from n/a through 3.2.12.

Action-Not Available
Vendor-Sandhills Development, LLC (EasyDigitalDownloads)Awesome Motive Inc.
Product-easy_digital_downloadsEasy Digital Downloads
CWE ID-CWE-862
Missing Authorization
CVE-2024-43355
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.29% / 52.32%
||
7 Day CHG~0.00%
Published-01 Nov, 2024 | 14:17
Updated-28 Apr, 2026 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress JoomSport plugin <= 5.3.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in BearDev JoomSport allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JoomSport: from n/a through 5.3.0.

Action-Not Available
Vendor-beardevBearDev
Product-joomsportJoomSport
CWE ID-CWE-862
Missing Authorization
CVE-2024-43297
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.26% / 49.46%
||
7 Day CHG~0.00%
Published-01 Nov, 2024 | 14:17
Updated-28 Apr, 2026 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Clone plugin <= 2.4.5 - Broken Access Control vulnerability

Missing Authorization vulnerability in Migrate Clone allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Clone: from n/a through 2.4.5.

Action-Not Available
Vendor-backupblissMigrate
Product-cloneClone
CWE ID-CWE-862
Missing Authorization
CVE-2024-43293
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.29% / 52.32%
||
7 Day CHG~0.00%
Published-01 Nov, 2024 | 14:17
Updated-28 Apr, 2026 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Recipe Card Blocks for Gutenberg & Elementor plugin <= 3.3.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in WPZOOM Recipe Card Blocks for Gutenberg & Elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Recipe Card Blocks for Gutenberg & Elementor: from n/a through 3.3.1.

Action-Not Available
Vendor-wpzoomWPZOOM
Product-recipe_card_blocks_for_gutenberg_\&_elementorRecipe Card Blocks for Gutenberg & Elementor
CWE ID-CWE-862
Missing Authorization
CVE-2025-8418
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-8.8||HIGH
EPSS-0.61% / 69.74%
||
7 Day CHG~0.00%
Published-12 Aug, 2025 | 06:42
Updated-08 Apr, 2026 | 17:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
B Slider- Gutenberg Slider Block for WP <= 1.1.30 - Authenticated (Subscriber+) Missing Authorization to Arbitrary Plugin Installation

The B Slider- Gutenberg Slider Block for WP plugin for WordPress is vulnerable to Arbitrary Plugin Installation in all versions up to, and including, 1.1.30. This is due to missing capability checks on the activated_plugin function. This makes it possible for authenticated attackers, with subscriber-level access and above, to install arbitrary plugins on the server which can make remote code execution possible.

Action-Not Available
Vendor-bplugins
Product-bSlider – Create Responsive Image, Post, Product, and Video Sliders
CWE ID-CWE-862
Missing Authorization
CVE-2024-43247
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-8.8||HIGH
EPSS-0.41% / 61.28%
||
7 Day CHG~0.00%
Published-19 Aug, 2024 | 17:14
Updated-28 Apr, 2026 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WHMpress plugin <= 6.2-revision-5 - Subscriber+ Arbitrary Settings Change vulnerability

Missing Authorization vulnerability in creativeon WHMpress allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WHMpress: from n/a through 6.2-revision-5.

Action-Not Available
Vendor-creativeoncreativeon
Product-WHMpresswhmpress
CWE ID-CWE-862
Missing Authorization
CVE-2024-43312
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.37% / 58.92%
||
7 Day CHG~0.00%
Published-01 Nov, 2024 | 14:17
Updated-28 Apr, 2026 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WPC Frequently Bought Together for WooCommerce plugin <= 7.1.9 - Broken Access Control vulnerability

Missing Authorization vulnerability in WPClever WPC Frequently Bought Together for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPC Frequently Bought Together for WooCommerce: from n/a through 7.1.9.

Action-Not Available
Vendor-wpcleverWPClever
Product-wpc_frequently_bought_together_for_woocommerceWPC Frequently Bought Together for WooCommerce
CWE ID-CWE-862
Missing Authorization
CVE-2024-43343
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.29% / 52.32%
||
7 Day CHG~0.00%
Published-01 Nov, 2024 | 14:17
Updated-28 Apr, 2026 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Order Tracking – WordPress Status Tracking Plugin plugin < 3.3.13 - Broken Access Control vulnerability

Missing Authorization vulnerability in Etoile Web Design Order Tracking allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Order Tracking: from n/a through 3.3.12.

Action-Not Available
Vendor-etoilewebdesignEtoile Web Design
Product-order_trackingOrder Tracking
CWE ID-CWE-862
Missing Authorization
CVE-2024-43254
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.36% / 57.94%
||
7 Day CHG~0.00%
Published-01 Nov, 2024 | 14:17
Updated-28 Apr, 2026 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Smart Online Order for Clover plugin <= 1.5.6 - Broken Access Control vulnerability

Missing Authorization vulnerability in ZAYTECH Smart Online Order for Clover clover-online-orders.This issue affects Smart Online Order for Clover: from n/a through <= 1.5.6.

Action-Not Available
Vendor-zaytechZAYTECH
Product-smart_online_order_for_cloverSmart Online Order for Clover
CWE ID-CWE-862
Missing Authorization
CVE-2024-43302
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.25% / 48.08%
||
7 Day CHG~0.00%
Published-01 Nov, 2024 | 14:17
Updated-28 Apr, 2026 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Fonts plugin <= 3.7.7 - Broken Access Control vulnerability

Missing Authorization vulnerability in Fonts Plugin Fonts allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Fonts: from n/a through 3.7.7.

Action-Not Available
Vendor-fontspluginFonts Plugin
Product-fontsFonts
CWE ID-CWE-862
Missing Authorization
CVE-2024-4351
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-8.8||HIGH
EPSS-31.04% / 96.78%
||
7 Day CHG~0.00%
Published-16 May, 2024 | 09:32
Updated-08 Apr, 2026 | 18:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tutor LMS Pro <= 2.7.0 - Missing Authorization to Privilege Escalation

The Tutor LMS Pro plugin for WordPress is vulnerable to unauthorized access of data, modification of data, loss of data due to a missing capability check on the 'authenticate' function in all versions up to, and including, 2.7.0. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to gain control of an existing administrator account.

Action-Not Available
Vendor-Themeum
Product-tutor_lmsTutor LMS Protutor_lms
CWE ID-CWE-862
Missing Authorization
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-43332
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.28% / 51.70%
||
7 Day CHG~0.00%
Published-01 Nov, 2024 | 14:17
Updated-28 Apr, 2026 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Photo Engine plugin <= 6.4.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in Jordy Meow Photo Engine allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Photo Engine: from n/a through 6.4.0.

Action-Not Available
Vendor-meowappsJordy Meow
Product-photo_enginePhoto Engine
CWE ID-CWE-862
Missing Authorization
CVE-2022-36352
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.3||MEDIUM
EPSS-0.24% / 47.38%
||
7 Day CHG~0.00%
Published-08 Jan, 2024 | 21:50
Updated-28 Apr, 2026 | 19:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress ProfileGrid Plugin <= 5.0.3 is vulnerable to Broken Access Control

Missing Authorization vulnerability in Profilegrid ProfileGrid – User Profiles, Memberships, Groups and Communities.This issue affects ProfileGrid – User Profiles, Memberships, Groups and Communities: from n/a through 5.0.3.

Action-Not Available
Vendor-Metagauss Inc.
Product-profilegridProfileGrid – User Profiles, Memberships, Groups and Communities
CWE ID-CWE-862
Missing Authorization
CVE-2024-43223
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.29% / 52.32%
||
7 Day CHG~0.00%
Published-01 Nov, 2024 | 14:17
Updated-28 Apr, 2026 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress EventPrime plugin <= 4.0.3.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in EventPrime Events EventPrime allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects EventPrime: from n/a through 4.0.3.2.

Action-Not Available
Vendor-EventPrime EventsMetagauss Inc.
Product-eventprimeEventPrime
CWE ID-CWE-862
Missing Authorization
CVE-2024-43142
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.25% / 48.08%
||
7 Day CHG~0.00%
Published-01 Nov, 2024 | 14:17
Updated-28 Apr, 2026 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Tutor LMS plugin <= 2.7.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in Themeum Tutor LMS allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tutor LMS: from n/a through 2.7.3.

Action-Not Available
Vendor-Themeum
Product-tutor_lmsTutor LMS
CWE ID-CWE-862
Missing Authorization
CVE-2024-43310
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.53% / 67.25%
||
7 Day CHG~0.00%
Published-01 Nov, 2024 | 14:17
Updated-28 Apr, 2026 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Print Labels with Barcodes. Create price tags, product labels, order labels for WooCommerce plugin <= 3.4.9 - Broken Access Control vulnerability

Missing Authorization vulnerability in UkrSolution Print Barcode Labels for your WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Print Barcode Labels for your WooCommerce products/orders: from n/a through 3.4.9.

Action-Not Available
Vendor-ukrsolutionUkrSolution
Product-print_labels_with_barcodesPrint Barcode Labels for your WooCommerce products/orders
CWE ID-CWE-862
Missing Authorization
CVE-2022-3512
Matching Score-4
Assigner-Cloudflare, Inc.
ShareView Details
Matching Score-4
Assigner-Cloudflare, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.16% / 36.24%
||
7 Day CHG~0.00%
Published-28 Oct, 2022 | 09:22
Updated-06 May, 2025 | 19:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Lock WARP switch bypass using warp-cli 'add-trusted-ssid' command

Using warp-cli command "add-trusted-ssid", a user was able to disconnect WARP client and bypass the "Lock WARP switch" feature resulting in Zero Trust policies not being enforced on an affected endpoint.

Action-Not Available
Vendor-Cloudflare, Inc.
Product-warpWARP
CWE ID-CWE-862
Missing Authorization
CVE-2022-34344
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.21% / 43.01%
||
7 Day CHG~0.00%
Published-08 Jan, 2024 | 21:13
Updated-28 Apr, 2026 | 19:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Wholesale Suite Plugin <= 2.1.5 is vulnerable to Broken Access Control

Missing Authorization vulnerability in Rymera Web Co Wholesale Suite – WooCommerce Wholesale Prices, B2B, Catalog Mode, Order Form, Wholesale User Roles, Dynamic Pricing & More.This issue affects Wholesale Suite – WooCommerce Wholesale Prices, B2B, Catalog Mode, Order Form, Wholesale User Roles, Dynamic Pricing & More: from n/a through 2.1.5.

Action-Not Available
Vendor-rymeraRymera Web Co
Product-wholesale_suiteWholesale Suite – WooCommerce Wholesale Prices, B2B, Catalog Mode, Order Form, Wholesale User Roles, Dynamic Pricing & More
CWE ID-CWE-862
Missing Authorization
CVE-2021-40502
Matching Score-4
Assigner-SAP SE
ShareView Details
Matching Score-4
Assigner-SAP SE
CVSS Score-8.8||HIGH
EPSS-0.35% / 57.67%
||
7 Day CHG~0.00%
Published-10 Nov, 2021 | 15:24
Updated-04 Aug, 2024 | 02:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SAP Commerce - versions 2105.3, 2011.13, 2005.18, 1905.34, does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. Authenticated attackers will be able to access and edit data from b2b units they do not belong to.

Action-Not Available
Vendor-SAP SE
Product-commerceSAP Commerce
CWE ID-CWE-862
Missing Authorization
CVE-2024-4010
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-8.8||HIGH
EPSS-0.54% / 67.80%
||
7 Day CHG~0.00%
Published-15 May, 2024 | 08:34
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Email Subscribers by Icegram Express <= 5.7.19 - Missing Authorization in handle_ajax_request

The Email Subscribers by Icegram Express plugin for WordPress is vulnerable to unauthorized access of data, modification of data, and loss of data due to a missing capability check on the handle_ajax_request function in all versions up to, and including, 5.7.19. This makes it possible for authenticated attackers, with subscriber-level access and above, to cause a loss of confidentiality, integrity, and availability, by performing multiple unauthorized actions. Some of these actions could also be leveraged to conduct PHP Object Injection and SQL Injection attacks.

Action-Not Available
Vendor-icegramicegram
Product-Email Subscribers & Newsletters – Email Marketing, Post Notifications & Newsletter Plugin for WordPressemail_subscribers_\&_newsletters
CWE ID-CWE-862
Missing Authorization
CVE-2026-22472
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.04% / 11.78%
||
7 Day CHG~0.00%
Published-22 Jan, 2026 | 16:52
Updated-28 Apr, 2026 | 17:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Easy Form Builder plugin <= 3.9.6 - Broken Access Control vulnerability

Missing Authorization vulnerability in hassantafreshi Easy Form Builder easy-form-builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Form Builder: from n/a through <= 3.9.6.

Action-Not Available
Vendor-hassantafreshi
Product-Easy Form Builder
CWE ID-CWE-862
Missing Authorization
CVE-2026-22481
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.04% / 11.78%
||
7 Day CHG~0.00%
Published-22 Jan, 2026 | 16:52
Updated-28 Apr, 2026 | 17:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress BD Courier Order Ratio Checker plugin <= 2.0.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in Rasedul Haque Rumi BD Courier Order Ratio Checker bd-courier-order-ratio-checker allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects BD Courier Order Ratio Checker: from n/a through <= 2.0.1.

Action-Not Available
Vendor-Rasedul Haque Rumi
Product-BD Courier Order Ratio Checker
CWE ID-CWE-862
Missing Authorization
CVE-2022-31765
Matching Score-4
Assigner-Siemens
ShareView Details
Matching Score-4
Assigner-Siemens
CVSS Score-8.8||HIGH
EPSS-0.50% / 66.22%
||
7 Day CHG~0.00%
Published-11 Oct, 2022 | 00:00
Updated-14 Apr, 2026 | 09:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Affected devices do not properly authorize the change password function of the web interface. This could allow low privileged users to escalate their privileges.

Action-Not Available
Vendor-Siemens AG
Product-6gk5748-1gd00-0ab0_firmware6gk5786-1fc00-0aa0_firmware6gk5786-2fe00-0ab0_firmware6gk5788-1gd00-0ab0_firmware6gk5788-2fc00-0aa0_firmware6gk5788-2gd00-0ta06gk5213-3bb00-2ab2_firmware6gk5208-0ua00-5es66gk5416-4gr00-2am26gk5205-3bb00-2tb2_firmware6gk5205-3bb00-2ab26gk5213-3bd00-2tb2_firmware6gk5786-2fc00-0ac0_firmware6gk5786-2fe00-0aa06gk5208-0ga00-2tc26gk5788-2hy01-0aa0_firmware6gk5328-4fs00-2rr3_firmware6gk5788-2hy01-0aa06gk5774-1fx00-0aa06ag1206-2bs00-7ac2_firmware6gk5856-2ea00-3da16gk5206-2gs00-2ac26gk5738-1gy00-0ab06gk5622-2gs00-2ac26gk5526-8gr00-2ar2_firmware6gk5786-2hc00-0aa0_firmware6gk5552-0aa00-2ar2_firmware6gk5642-2gs00-2ac26gk5328-4ss00-3ar3_firmware6gk5206-2gs00-2tc26gk5748-1gy01-0aa0_firmware6gk5324-0ba00-3ar36gk5216-0ha00-2as6_firmware6gk5328-4fs00-3ar36gk5788-2fc00-0ac0_firmware6gk5774-1fx00-0ab06gk5786-1fc00-0ab06gk5416-4gr00-2am2_firmware6gk5328-4ss00-3ar36gk5812-1aa00-2aa2_firmware6gk5804-0ap00-2aa26gk5748-1gd00-0aa06gk5774-1fx00-0ab0_firmware6gk5766-1ge00-7ta0_firmware6gk5224-4gs00-2fc2_firmware6gk5324-0ba00-3ar3_firmware6gk5552-0aa00-2hr26gk5788-2gd00-0ab06gk5216-0ha00-2ts66gk5766-1ge00-3db0_firmware6gk5788-1fc00-0aa06gk5216-3rs00-2ac26gk5408-4gq00-2am26gk5761-1fc00-0ab0_firmware6gk5208-0ba00-2ac2_firmware6gk5826-2ab00-2ab2_firmware6gk5408-4gp00-2am26gk5761-1fc00-0ab06gk5761-1fc00-0aa0_firmware6gk5208-0ga00-2fc2_firmware6gk5408-8gs00-2am26gk5328-4fs00-3ar3_firmware6gk5766-1ge00-7da0_firmware6gk5552-0aa00-2ar26gk5876-4aa00-2da2_firmware6gk5786-2fc00-0ac06gk5788-2gy01-0aa0_firmware6gk5216-0ba00-2fc26gk5788-1gy01-0aa06gk5876-3aa02-2ba2_firmware6gk5524-8gs00-3ar2_firmware6gk5876-3aa02-2ba26gk5722-1fc00-0ab06gk5206-2rs00-2ac26gk5205-3bf00-2ab2_firmware6gk5528-0ar00-2hr2_firmware6gk5734-1fx00-0aa06gk5788-1fc00-0aa0_firmware6gk5208-0ba00-2fc26gk5722-1fc00-0aa06gk5205-3bd00-2ab26gk5876-3aa02-2ea2_firmware6gk5778-1gy00-0aa06gk5206-2gs00-2fc2_firmware6gk5324-0ba00-2ar3_firmware6gk5734-1fx00-0aa6_firmware6gk5326-2qs00-3rr3_firmware6gk5526-8gr00-3ar26gk5766-1je00-3da06gk5778-1gy00-0tb0_firmware6gk5763-1al00-3aa0_firmware6gk5766-1ge00-7tb06gk5763-1al00-3da0_firmware6gk5204-0ba00-2yf2_firmware6gk5224-4gs00-2fc26gk5208-0ha00-2ts6_firmware6gk5786-1fc00-0ab0_firmware6gk5208-0ra00-2ac2_firmware6gk5528-0ar00-2ar2_firmware6gk5216-0ha00-2es66gk5206-2rs00-2ac2_firmware6gk5812-1aa00-2aa26gk5524-8gr00-2ar26gk5774-1fx00-0aa0_firmware6gk5326-2qs00-3ar3_firmware6gk5816-1ba00-2aa26gk5774-1fy00-0tb0_firmware6gk5786-2fe00-0aa0_firmware6gk5206-2rs00-5fc26gk5642-2gs00-2ac2_firmware6gk5816-1aa00-2aa26gk5788-1fc00-0ab0_firmware6gk5853-2ea00-2da1_firmware6gk5632-2gs00-2ac2_firmware6gk5224-4gs00-2ac2_firmware6gk5778-1gy00-0aa0_firmware6gk5206-2bb00-2ac2_firmware6gk5208-0ba00-2ab2_firmware6gk5748-1fc00-0aa0_firmware6gk5748-1gy01-0ta06gk5216-0ba00-2ab26gk5206-2rs00-5ac2_firmware6gk5208-0ba00-2fc2_firmware6gk5788-2gd00-0aa0_firmware6gk5778-1gy00-0ab0_firmware6gk5326-2qs00-3rr36gk5408-8gs00-2am2_firmware6gk5876-4aa00-2ba26gk5205-3bd00-2tb26gk5774-1fy00-0ta0_firmware6gk5224-4gs00-2tc26gk5216-0ua00-5es66gk5721-1fc00-0ab06gk5528-0aa00-2ar26gk5788-2fc00-0ab0_firmware6gk5408-4gq00-2am2_firmware6gk5208-0ga00-2ac26gk5208-0ba00-2ab26gk5216-4bs00-2ac26gk5774-1fx00-0ab6_firmware6gk5204-2aa00-2gf26gk5766-1je00-7da0_firmware6gk5213-3bd00-2ab26gk5748-1gy01-0ta0_firmware6gk5876-4aa00-2ba2_firmware6gk5786-2fc00-0aa06gk5528-0ar00-2ar26gk5804-0ap00-2aa2_firmware6gk5206-2gs00-2ac2_firmware6gk5646-2gs00-2ac26gk5216-0ha00-2es6_firmware6gk5786-2fc00-0ab0_firmware6gk5208-0ra00-2ac26gk5205-3bb00-2ab2_firmware6gk5748-1fc00-0ab0_firmware6gk5853-2ea00-2da16gk5788-2gd00-0aa06gk5208-0ha00-2as6_firmware6gk5748-1fc00-0aa06gk5208-0ga00-2fc26gk5216-0ba00-2tb2_firmware6gk5216-3rs00-5ac26gk5208-0ga00-2tc2_firmware6gk5208-0ba00-2tb26gk5761-1fc00-0aa06gk5788-2fc00-0ac06gk5216-4bs00-2ac2_firmware6gk5774-1fx00-0aa6_firmware6gk5208-0ga00-2ac2_firmware6gk5206-2bs00-2ac26gk5208-0ra00-5ac26gk5778-1gy00-0tb06gk5216-0ba00-2ac26gk5774-1fx00-0ab66gk5204-0ba00-2gf26gk5721-1fc00-0aa06gk5812-1ba00-2aa2_firmware6gk5526-8gs00-4ar2_firmware6gk5552-0aa00-2hr2_firmware6gk5408-8gr00-2am2_firmware6ag1216-4bs00-7ac26gk5216-4gs00-2ac2_firmware6gk5722-1fc00-0ac06gk5778-1gy00-0ta06gk5216-4gs00-2ac26ag1216-4bs00-7ac2_firmware6gk6108-4am00-2da26gk5526-8gs00-3ar26gk5524-8gr00-4ar26gk5786-2hc00-0ab06gk5874-2aa00-2aa2_firmware6gk5208-0ba00-2tb2_firmware6gk5216-4gs00-2fc2_firmware6gk5224-4gs00-2tc2_firmware6gk5766-1ge00-7db0_firmware6gk5524-8gr00-3ar2_firmware6gk5774-1fy00-0ta06gk5763-1al00-7da0_firmware6gk5766-1ge00-7db06gk5788-1gd00-0ab06gk5526-8gr00-3ar2_firmware6gk5524-8gs00-2ar26gk5213-3bd00-2tb26gk5748-1gd00-0aa0_firmware6gk5856-2ea00-3aa16gk5328-4fs00-3rr3_firmware6gk5204-2aa00-2yf26gk5528-0ar00-2hr26gk5786-2fc00-0aa0_firmware6gk5524-8gr00-2ar2_firmware6gk5721-1fc00-0aa0_firmware6gk5204-2aa00-2yf2_firmware6gk5788-2gd00-0tc0_firmware6gk5816-1ba00-2aa2_firmware6gk5524-8gr00-4ar2_firmware6gk5812-1ba00-2aa26gk5766-1je00-7da06gk5416-4gs00-2am26gk5721-1fc00-0ab0_firmware6gk5408-4gp00-2am2_firmware6gk5526-8gs00-2ar26gk5208-0ha00-2es66gk5216-0ha00-2as66gk5774-1fx00-0aa66gk5524-8gs00-2ar2_firmware6gk5528-0aa00-2hr2_firmware6gk5528-0aa00-2hr26gk5216-0ha00-2ts6_firmware6gk5206-2bb00-2ac26gk5216-0ba00-2fc2_firmware6gk5786-2hc00-0aa06gk5524-8gs00-4ar26gk5763-1al00-7da06gk5205-3bf00-2tb2_firmware6gk5738-1gy00-0ab0_firmware6gk5774-1fx00-0ac0_firmware6gk5734-1fx00-0ab0_firmware6gk5216-0ba00-2tb26gk5204-0ba00-2gf2_firmware6gk5786-2fc00-0ab06gk5552-0ar00-2ar2_firmware6gk5526-8gr00-2ar26gk5552-0ar00-2hr2_firmware6gk5876-4aa00-2da26gk5622-2gs00-2ac2_firmware6gk5786-2hc00-0ab0_firmware6gk5328-4ss00-2ar36gk5224-0ba00-2ac2_firmware6gk5328-4fs00-2ar36gk5216-3rs00-5ac2_firmware6gk5874-2aa00-2aa26gk5205-3bf00-2ab26gk5213-3bf00-2tb2_firmware6gk5205-3bb00-2tb26gk5206-2rs00-5fc2_firmware6gk5734-1fx00-0ab06gk5778-1gy00-0ab06gk5874-3aa00-2aa2_firmware6gk5216-4gs00-2fc26gk5788-2gy01-0ta0_firmware6gk5766-1ge00-7da06gk5213-3bb00-2tb2_firmware6gk5738-1gy00-0aa0_firmware6gk5216-0ba00-2ab2_firmware6gk5788-1gd00-0aa06gk5876-3aa02-2ea26gk5646-2gs00-2ac2_firmware6gk5788-2fc00-0aa06gk5636-2gs00-2ac2_firmware6gk5205-3bd00-2tb2_firmware6gk5766-1ge00-3da06gk5526-8gs00-4ar26gk5206-2gs00-2fc26gk5766-1ge00-3db06gk5213-3bf00-2tb26gk5328-4ss00-2ar3_firmware6ag1208-0ba00-7ac26gk5328-4fs00-3rr36gk6108-4am00-2da2_firmware6gk5788-2gy01-0ta06gk5778-1gy00-0ta0_firmware6gk5206-2gs00-2tc2_firmware6gk5856-2ea00-3da1_firmware6ag1206-2bb00-7ac2_firmware6gk5204-0ba00-2yf26gk5205-3bf00-2tb26gk5208-0ha00-2as66gk5208-0ha00-2ts66gk5788-2gd00-0tb0_firmware6gk5734-1fx00-0ab66gk5766-1je00-7ta0_firmware6gk5763-1al00-3da06gk5213-3bf00-2ab2_firmware6gk5788-2gy01-0aa06gk5766-1ge00-3da0_firmware6gk5786-2fe00-0ab06gk5766-1je00-7ta06gk5208-0ua00-5es6_firmware6gk5213-3bf00-2ab26ag1206-2bs00-7ac26gk5524-8gs00-3ar26gk5722-1fc00-0aa0_firmware6gk5738-1gy00-0aa06gk5632-2gs00-2ac26gk5324-0ba00-2ar36gk5526-8gr00-4ar26gk5206-2bs00-2ac2_firmware6gk6108-4am00-2ba2_firmware6gk5766-1ge00-7tb0_firmware6gk5748-1gy01-0aa06gk5213-3bb00-2tb26gk6108-4am00-2ba26gk5552-0ar00-2hr26gk5216-0ua00-5es6_firmware6gk5213-3bb00-2ab26gk5524-8gs00-4ar2_firmware6gk5788-2fc00-0ab06gk5526-8gs00-2ar2_firmware6gk5748-1fc00-0ab06gk5766-1ge00-7ta06gk5826-2ab00-2ab26gk5204-2aa00-2gf2_firmware6gk5552-0ar00-2ar26gk5856-2ea00-3aa1_firmware6gk5224-4gs00-2ac26gk5816-1aa00-2aa2_firmware6gk5526-8gr00-4ar2_firmware6gk5408-8gr00-2am26gk5216-4gs00-2tc2_firmware6gk5328-4fs00-2rr36gk5213-3bd00-2ab2_firmware6gk5206-2bs00-2fc2_firmware6gk5216-3rs00-2ac2_firmware6gk5734-1fx00-0aa0_firmware6gk5216-4gs00-2tc26gk5526-8gs00-3ar2_firmware6gk5524-8gr00-3ar26gk5206-2bd00-2ac2_firmware6gk5722-1fc00-0ac0_firmware6gk5788-2gd00-0tc06gk5206-2rs00-5ac26gk5734-1fx00-0ab6_firmware6gk5774-1fx00-0ac06ag1208-0ba00-7ac2_firmware6gk5788-2gd00-0ab0_firmware6ag1206-2bb00-7ac26gk5722-1fc00-0ab0_firmware6gk5208-0ba00-2ac26gk5788-2gd00-0tb06gk5788-1gd00-0aa0_firmware6gk5328-4fs00-2ar3_firmware6gk5528-0aa00-2ar2_firmware6gk5416-4gs00-2am2_firmware6gk5206-2bd00-2ac26gk5786-1fc00-0aa06gk5748-1gd00-0ab06gk5216-0ba00-2ac2_firmware6gk5208-0ha00-2es6_firmware6gk5763-1al00-3aa06gk5734-1fx00-0aa66gk5766-1je00-3da0_firmware6gk5326-2qs00-3ar36gk5788-1fc00-0ab06gk5224-0ba00-2ac26gk5205-3bd00-2ab2_firmware6gk5788-2gd00-0ta0_firmware6gk5636-2gs00-2ac26gk5206-2bs00-2fc26gk5774-1fy00-0tb06gk5208-0ra00-5ac2_firmware6gk5874-3aa00-2aa26gk5788-1gy01-0aa0_firmwareSCALANCE M876-4 (EU)SCALANCE WAM763-1SCALANCE W1748-1 M12SCALANCE XC224-4C G (EIP Def.)SCALANCE W734-1 RJ45 (USA)SCALANCE XC206-2SFP GSCALANCE XR524-8C, 24VSCALANCE XC206-2 (SC)SCALANCE XB205-3 (SC, PN)SCALANCE XC216-4CSCALANCE SC646-2CSCALANCE XC206-2G PoE (54 V DC)SCALANCE XR328-4C WG (28xGE, DC 24V)SIPLUS NET SCALANCE XC206-2SCALANCE XP216EECSCALANCE XC216EECSCALANCE XR324WG (24 x FE, AC 230V)SCALANCE XB213-3 (ST, E/IP)SCALANCE XB208 (PN)SCALANCE XR552-12M (2HR2, L3 int.)SCALANCE M826-2 SHDSL-RouterSCALANCE XR328-4C WG (24XFE, 4XGE, 24V)SCALANCE W1788-2 M12SCALANCE W786-1 RJ45SCALANCE S615 LAN-RouterSCALANCE W774-1 M12 EECSCALANCE WUM766-1 (USA)SCALANCE XP216SCALANCE W778-1 M12 EECSCALANCE XP216POE EECSCALANCE W761-1 RJ45SCALANCE W722-1 RJ45SCALANCE XP208SCALANCE W1788-2 EEC M12SCALANCE SC642-2CSCALANCE XR526-8C, 24V (L3 int.)SCALANCE XC208GSCALANCE XR328-4C WG (24xFE,4xGE,AC230V)SCALANCE XR528-6M (2HR2)SCALANCE SC632-2CSCALANCE XC224SCALANCE XM408-4C (L3 int.)SCALANCE XB213-3 (SC, PN)SIPLUS NET SCALANCE XC208SCALANCE M812-1 ADSL-RouterSCALANCE XC206-2G PoESCALANCE XR328-4C WG (24xFE, 4xGE,DC24V)SCALANCE XC208G PoE (54 V DC)SCALANCE WAM766-1 EEC (US)SCALANCE W778-1 M12 EEC (USA)SCALANCE W786-2IA RJ45SCALANCE XB213-3 (SC, E/IP)SCALANCE XR526-8C, 24VSCALANCE XC208SCALANCE XB208 (E/IP)SCALANCE XR552-12MSCALANCE XP216 (Ethernet/IP)SCALANCE XB205-3 (ST, E/IP)SCALANCE M876-3 (ROK)SCALANCE MUM853-1 (EU)SCALANCE XF204-2BASCALANCE XR326-2C PoE WGSCALANCE XR526-8C, 1x230V (L3 int.)SCALANCE W774-1 RJ45 (USA)SCALANCE XC216-3G PoE (54 V DC)SCALANCE WAM766-1 EECSCALANCE XR526-8C, 2x230VSCALANCE XC206-2SFP G (EIP DEF.)SCALANCE XR528-6M (L3 int.)SCALANCE XM408-4CSCALANCE XR526-8C, 1x230VSCALANCE XR524-8C, 24V (L3 int.)SCALANCE M874-3SCALANCE XM408-8CSCALANCE M876-4 (NAM)SCALANCE S615 EEC LAN-RouterSCALANCE W786-2 SFPSCALANCE W738-1 M12SCALANCE XC208G (EIP def.)SCALANCE XC224-4C G EECSCALANCE W1788-2IA M12SCALANCE W774-1 RJ45SCALANCE XC206-2SFP EECSCALANCE XM416-4CSCALANCE XC216-3G PoESCALANCE XR524-8C, 2x230VSCALANCE XR528-6M (2HR2, L3 int.)SCALANCE XB205-3LD (SC, E/IP)SCALANCE XC216-4C G EECSCALANCE WUM766-1SCALANCE XC216-4C GSCALANCE XB213-3LD (SC, E/IP)SCALANCE W721-1 RJ45SCALANCE XR326-2C PoE WG (without UL)SCALANCE XR324WG (24 X FE, DC 24V)SCALANCE W748-1 RJ45SCALANCE W788-2 RJ45SCALANCE XR524-8C, 1x230VSCALANCE XR524-8C, 1x230V (L3 int.)SCALANCE MUM856-1 (EU)SCALANCE XC206-2SFP G EECSCALANCE M874-2SCALANCE W734-1 RJ45SCALANCE W748-1 M12SCALANCE XF204-2BA DNASCALANCE XB213-3LD (SC, PN)SCALANCE XC224-4C GSCALANCE XR526-8C, 2x230V (L3 int.)SCALANCE XP208EECSCALANCE XF204 DNASCALANCE XR528-6MSCALANCE WAM766-1SCALANCE W788-1 RJ45SCALANCE M816-1 ADSL-RouterSCALANCE W1788-1 M12SCALANCE W786-2 RJ45SCALANCE XP208 (Ethernet/IP)RUGGEDCOM RM1224 LTE(4G) EUSCALANCE XB205-3 (ST, PN)SCALANCE XB216 (E/IP)SCALANCE XC208G PoESCALANCE XC216-4C G (EIP Def.)SCALANCE W788-2 M12SCALANCE WAM766-1 (US)SCALANCE XC206-2 (ST/BFOC)SCALANCE XP208PoE EECSCALANCE XR524-8C, 2x230V (L3 int.)SCALANCE M804PBSCALANCE W788-1 M12SCALANCE XC206-2G PoE EEC (54 V DC)SCALANCE M876-3SCALANCE XR552-12M (2HR2)SCALANCE M876-4SCALANCE SC636-2CSCALANCE XC206-2SFPSCALANCE XM408-8C (L3 int.)SCALANCE XM416-4C (L3 int.)SCALANCE W788-2 M12 EECSCALANCE XB216 (PN)SCALANCE XC216SCALANCE XF204SIPLUS NET SCALANCE XC216-4CSCALANCE XB205-3LD (SC, PN)SCALANCE SC622-2CSCALANCE WUM763-1SCALANCE MUM856-1 (RoW)SIPLUS NET SCALANCE XC206-2SFPSCALANCE W778-1 M12SCALANCE XB213-3 (ST, PN)SCALANCE XC208EECSCALANCE XC208G EECRUGGEDCOM RM1224 LTE(4G) NAMSCALANCE XR328-4C WG (28xGE, AC 230V)
CWE ID-CWE-862
Missing Authorization
CVE-2026-22683
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.7||HIGH
EPSS-0.40% / 60.86%
||
7 Day CHG+0.05%
Published-07 Apr, 2026 | 16:50
Updated-24 Apr, 2026 | 16:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windmill < 1.615.0 Operator Role Missing Authorization Checks RCE

Windmill versions 1.56.0 through 1.614.0 contain a missing authorization vulnerability that allows users with the Operator role to perform prohibited entity creation and modification actions via the backend API. Although Operators are documented and priced as unable to create or modify entities, the API does not enforce the Operator restriction on workspace endpoints, allowing an Operator to create and update scripts, flows, apps, and raw_apps. Since Operators can also execute scripts via the jobs API, this allows direct privilege escalation to remote code execution within the Windmill deployment. This vulnerability has existed since the introduction of the Operator role in version 1.56.0.

Action-Not Available
Vendor-windmillWindmill LabsNextcloud GmbH
Product-windmillflowFlowWindmill CE (Community Edition)Windmill EE (Enterprise Edition)
CWE ID-CWE-862
Missing Authorization
CVE-2026-22765
Matching Score-4
Assigner-Dell
ShareView Details
Matching Score-4
Assigner-Dell
CVSS Score-8.8||HIGH
EPSS-0.06% / 19.04%
||
7 Day CHG~0.00%
Published-24 Feb, 2026 | 19:24
Updated-20 Mar, 2026 | 19:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Wyse Management Suite, versions prior to WMS 5.5, contain a Missing Authorization vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Elevation of Privileges.

Action-Not Available
Vendor-Dell Inc.
Product-Wyse Management Suite
CWE ID-CWE-862
Missing Authorization
CVE-2025-52824
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-8.8||HIGH
EPSS-0.25% / 48.64%
||
7 Day CHG~0.00%
Published-27 Jun, 2025 | 11:52
Updated-12 May, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Mobile DJ Manager plugin <= 1.7.8.3 - Privilege Escalation vulnerability

Missing Authorization vulnerability in MDJM Mobile DJ Manager mobile-dj-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Mobile DJ Manager: from n/a through <= 1.7.8.3.

Action-Not Available
Vendor-MDJM
Product-Mobile DJ Manager
CWE ID-CWE-862
Missing Authorization
CVE-2025-49288
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-8.8||HIGH
EPSS-0.19% / 40.99%
||
7 Day CHG~0.00%
Published-06 Jun, 2025 | 12:53
Updated-28 Apr, 2026 | 16:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Ultimate WP Mail plugin <= 1.3.5 - Account Takeover via Email Log Leak Vulnerability

Missing Authorization vulnerability in Rustaurius Ultimate WP Mail ultimate-wp-mail allows Authentication Bypass.This issue affects Ultimate WP Mail: from n/a through <= 1.3.5.

Action-Not Available
Vendor-Rustaurius
Product-Ultimate WP Mail
CWE ID-CWE-862
Missing Authorization
CVE-2025-48998
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.3||HIGH
EPSS-0.60% / 69.52%
||
7 Day CHG~0.00%
Published-03 Jun, 2025 | 18:27
Updated-09 Jun, 2025 | 15:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Dataease MYSQL JDBC File Reading Vulnerability

DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.6, a bypass of the patch for CVE-2025-27103 allows authenticated users to read and deserialize arbitrary files through the background JDBC connection. The vulnerability has been fixed in v2.10.10. No known workarounds are available.

Action-Not Available
Vendor-DataEase (FIT2CLOUD Inc.)
Product-dataeasedataease
CWE ID-CWE-862
Missing Authorization
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2021-39232
Matching Score-4
Assigner-Apache Software Foundation
ShareView Details
Matching Score-4
Assigner-Apache Software Foundation
CVSS Score-8.8||HIGH
EPSS-0.53% / 67.09%
||
7 Day CHG~0.00%
Published-19 Nov, 2021 | 09:20
Updated-04 Aug, 2024 | 01:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Missing admin check for SCM related admin commands

In Apache Ozone versions prior to 1.2.0, certain admin related SCM commands can be executed by any authenticated users, not just by admins.

Action-Not Available
Vendor-The Apache Software Foundation
Product-ozoneApache Ozone
CWE ID-CWE-862
Missing Authorization
CVE-2021-39236
Matching Score-4
Assigner-Apache Software Foundation
ShareView Details
Matching Score-4
Assigner-Apache Software Foundation
CVSS Score-8.8||HIGH
EPSS-0.64% / 70.60%
||
7 Day CHG~0.00%
Published-19 Nov, 2021 | 09:20
Updated-04 Aug, 2024 | 02:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Owners of the S3 tokens are not validated

In Apache Ozone before 1.2.0, Authenticated users with valid Ozone S3 credentials can create specific OM requests, impersonating any other user.

Action-Not Available
Vendor-The Apache Software Foundation
Product-ozoneApache Ozone
CWE ID-CWE-862
Missing Authorization
CVE-2025-48138
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.25% / 48.64%
||
7 Day CHG~0.00%
Published-16 May, 2025 | 15:45
Updated-12 May, 2026 | 00:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress BERTHA AI plugin <= 1.13 - Broken Access Control Vulnerability

Missing Authorization vulnerability in Bertha AI – Andrew Palmer BERTHA AI bertha-ai-free allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects BERTHA AI: from n/a through <= 1.13.

Action-Not Available
Vendor-berthaBertha AI – Andrew Palmer
Product-bertha_aiBERTHA AI
CWE ID-CWE-862
Missing Authorization
CVE-2025-47690
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-8.8||HIGH
EPSS-0.25% / 48.64%
||
7 Day CHG~0.00%
Published-23 May, 2025 | 12:43
Updated-28 Apr, 2026 | 16:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Lead Form Data Collection to CRM plugin <= 3.1 - Arbitrary Option Update to Privilege Escalation vulnerability

Missing Authorization vulnerability in Smackcoders Inc., Lead Form Data Collection to CRM wp-leads-builder-any-crm allows Privilege Escalation.This issue affects Lead Form Data Collection to CRM: from n/a through <= 3.1.

Action-Not Available
Vendor-Smackcoders Inc.,
Product-Lead Form Data Collection to CRM
CWE ID-CWE-862
Missing Authorization
CVE-2025-47628
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.25% / 48.64%
||
7 Day CHG~0.00%
Published-07 May, 2025 | 14:20
Updated-28 Apr, 2026 | 16:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress QS Dark Mode plugin <= 3.0 - Broken Access Control Vulnerability

Missing Authorization vulnerability in quomodosoft QS Dark Mode qs-dark-mode allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects QS Dark Mode: from n/a through <= 3.0.

Action-Not Available
Vendor-quomodosoftquomodosoft
Product-qs_dark_modeQS Dark Mode
CWE ID-CWE-862
Missing Authorization
CVE-2023-51524
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.58% / 69.02%
||
7 Day CHG~0.00%
Published-12 Jun, 2024 | 09:09
Updated-28 Apr, 2026 | 16:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress weForms plugin <= 1.6.18 - Broken Access Control vulnerability

Missing Authorization vulnerability in weForms.This issue affects weForms: from n/a through 1.6.18.

Action-Not Available
Vendor-weForms (InMotion Hosting, Inc.)
Product-weformsweFormsweforms
CWE ID-CWE-862
Missing Authorization
CVE-2025-47612
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.25% / 48.64%
||
7 Day CHG~0.00%
Published-07 May, 2025 | 14:20
Updated-28 Apr, 2026 | 16:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress ClickWhale plugin <= 2.4.6 - Broken Access Control Vulnerability

Missing Authorization vulnerability in ClickWhale ClickWhale clickwhale allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ClickWhale: from n/a through <= 2.4.6.

Action-Not Available
Vendor-flowdeeClickWhale
Product-clickwhaleClickWhale
CWE ID-CWE-862
Missing Authorization
CVE-2025-46232
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.19% / 41.11%
||
7 Day CHG~0.00%
Published-22 Apr, 2025 | 09:53
Updated-28 Apr, 2026 | 16:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Download Alt Text AI plugin <= 1.9.93 - Broken Access Control Vulnerability

Missing Authorization vulnerability in alttextai Download Alt Text AI alttext-ai allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Download Alt Text AI: from n/a through <= 1.9.93.

Action-Not Available
Vendor-alttextalttextai
Product-alt_text_aiDownload Alt Text AI
CWE ID-CWE-862
Missing Authorization
CVE-2021-38388
Matching Score-4
Assigner-LY Corporation
ShareView Details
Matching Score-4
Assigner-LY Corporation
CVSS Score-8.8||HIGH
EPSS-0.30% / 53.24%
||
7 Day CHG~0.00%
Published-08 Sep, 2021 | 17:50
Updated-12 May, 2025 | 01:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Central Dogma allows privilege escalation with mirroring to the internal dogma repository that has a file managing the authorization of the project.

Action-Not Available
Vendor-linecorpLINE Corporation
Product-central_dogmaCentral Dogma
CWE ID-CWE-862
Missing Authorization
CVE-2025-42982
Matching Score-4
Assigner-SAP SE
ShareView Details
Matching Score-4
Assigner-SAP SE
CVSS Score-8.8||HIGH
EPSS-0.25% / 48.64%
||
7 Day CHG~0.00%
Published-10 Jun, 2025 | 00:10
Updated-26 Feb, 2026 | 17:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Information Disclosure in SAP GRC (AC Plugin)

SAP GRC allows a non-administrative user to access and initiate transaction which could allow them to modify or control the transmitted system credentials. This causes high impact on confidentiality, integrity and availability of the application.

Action-Not Available
Vendor-SAP SE
Product-SAP GRC (AC Plugin)
CWE ID-CWE-862
Missing Authorization
CVE-2021-36909
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-8.8||HIGH
EPSS-1.21% / 79.08%
||
7 Day CHG~0.00%
Published-18 Nov, 2021 | 14:41
Updated-28 Apr, 2026 | 16:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Reset PRO Premium plugin <= 5.98 - Authenticated Database Reset vulnerability

Authenticated Database Reset vulnerability in WordPress WP Reset PRO Premium plugin (versions <= 5.98) allows any authenticated user to wipe the entire database regardless of their authorization. It leads to a complete website reset and takeover.

Action-Not Available
Vendor-webfactoryltdWebFactory Ltd.
Product-wp_reset_proWP Reset PRO
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-862
Missing Authorization
CVE-2021-36232
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.58% / 69.04%
||
7 Day CHG~0.00%
Published-31 Aug, 2021 | 17:37
Updated-04 Aug, 2024 | 00:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper Authorization in multiple functions in MIK.starlight 7.9.5.24363 allows an authenticated attacker to escalate privileges.

Action-Not Available
Vendor-unit4n/a
Product-mik.starlightn/a
CWE ID-CWE-862
Missing Authorization
CVE-2025-3876
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-8.8||HIGH
EPSS-0.34% / 56.96%
||
7 Day CHG~0.00%
Published-10 May, 2025 | 11:22
Updated-08 Apr, 2026 | 16:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SMS Alert Order Notifications – WooCommerce <= 3.8.1 - Authenticated (Subscriber+) Privilege Escalation via handleWpLoginCreateUserAction Function

The SMS Alert Order Notifications – WooCommerce plugin for WordPress is vulnerable to Privilege Escalation due to insufficient user OTP validation in the handleWpLoginCreateUserAction() function in all versions up to, and including, 3.8.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to impersonate any account by supplying its username or email and elevate their privileges to that of an administrator.

Action-Not Available
Vendor-cozyvision1
Product-SMS Alert – SMS & OTP for WooCommerce, Order Notifications & Abandoned Cart Recovery
CWE ID-CWE-862
Missing Authorization
CVE-2025-39413
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.19% / 41.11%
||
7 Day CHG~0.00%
Published-30 Apr, 2025 | 17:18
Updated-28 Apr, 2026 | 16:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Simple Sitemap – Create a Responsive HTML Sitemap plugin <= 3.6.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in David Gwyer Simple Sitemap – Create a Responsive HTML Sitemap simple-sitemap.This issue affects Simple Sitemap – Create a Responsive HTML Sitemap: from n/a through <= 3.6.0.

Action-Not Available
Vendor-wpgopluginsDavid Gwyer
Product-simple_sitemapSimple Sitemap – Create a Responsive HTML Sitemap
CWE ID-CWE-862
Missing Authorization
CVE-2025-3906
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-8.8||HIGH
EPSS-0.33% / 56.02%
||
7 Day CHG~0.00%
Published-26 Apr, 2025 | 05:34
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Integração entre Eduzz e Woocommerce 1.5.0 - 1.7.5 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation

The Integração entre Eduzz e Woocommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wep_opcoes' function in all versions up to, and including, 1.7.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to edit the default registration role within the plugin's registration flow to Administrator, which allows any user to create an Administrator account.

Action-Not Available
Vendor-felipe152
Product-Integração entre Eduzz e Woocommerce
CWE ID-CWE-862
Missing Authorization
CVE-2021-36225
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.36% / 58.02%
||
7 Day CHG~0.00%
Published-06 Feb, 2023 | 00:00
Updated-26 Mar, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Western Digital My Cloud devices before OS5 allow REST API access by low-privileged accounts, as demonstrated by API commands for firmware uploads and installation.

Action-Not Available
Vendor-n/aWestern Digital Corp.
Product-my_cloud_pr4100my_cloud_osn/a
CWE ID-CWE-862
Missing Authorization
  • Previous
  • 1
  • 2
  • ...
  • 5
  • 6
  • 7
  • ...
  • 10
  • 11
  • Next
Details not found