Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2026-57340

Summary
Assigner-Patchstack
Assigner Org ID-21595511-bba5-4825-b968-b78d1f9984a3
Published At-29 Jun, 2026 | 13:36
Updated At-29 Jun, 2026 | 15:56
Rejected At-
Credits

WordPress Japanized For WooCommerce plugin <= 2.9.12 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in Japanized For WooCommerce <= 2.9.12 versions.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:Patchstack
Assigner Org ID:21595511-bba5-4825-b968-b78d1f9984a3
Published At:29 Jun, 2026 | 13:36
Updated At:29 Jun, 2026 | 15:56
Rejected At:
▼CVE Numbering Authority (CNA)
WordPress Japanized For WooCommerce plugin <= 2.9.12 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in Japanized For WooCommerce <= 2.9.12 versions.

Affected Products
Vendor
shohei.tanaka
Product
Japanized For WooCommerce
Collection URL
https://wordpress.org/plugins
Package Name
woocommerce-for-japan
Default Status
unaffected
Versions
Affected
  • From n/a through 2.9.12 (custom)
    • -> unaffectedfrom2.9.13
Problem Types
TypeCWE IDDescription
CWECWE-862CWE-862 Missing Authorization
Type: CWE
CWE ID: CWE-862
Description: CWE-862 Missing Authorization
Metrics
VersionBase scoreBase severityVector
3.16.5MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
Version: 3.1
Base score: 6.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
Metrics Other Info
Impacts
CAPEC IDDescription
CAPEC-180CAPEC-180 Exploiting Incorrectly Configured Access Control Security Levels
CAPEC ID: CAPEC-180
Description: CAPEC-180 Exploiting Incorrectly Configured Access Control Security Levels
Solutions

Update the WordPress Japanized For WooCommerce Plugin to the latest available version (at least 2.9.13).

Configurations

Workarounds

Exploits

Credits

finder
HaiND | Patchstack Bug Bounty Program
Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://patchstack.com/database/wordpress/plugin/woocommerce-for-japan/vulnerability/wordpress-japanized-for-woocommerce-plugin-2-9-12-broken-access-control-vulnerability?_s_id=cve
vdb-entry
Hyperlink: https://patchstack.com/database/wordpress/plugin/woocommerce-for-japan/vulnerability/wordpress-japanized-for-woocommerce-plugin-2-9-12-broken-access-control-vulnerability?_s_id=cve
Resource:
vdb-entry
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:audit@patchstack.com
Published At:29 Jun, 2026 | 15:16
Updated At:29 Jun, 2026 | 16:16

Unauthenticated Broken Access Control in Japanized For WooCommerce <= 2.9.12 versions.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.16.5MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
N/A
Type: Secondary
Version: 3.1
Base score: 6.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
Type: N/A
Version:
Base score:
Base severity: N/A
Vector:
CPE Matches

Weaknesses
CWE IDTypeSource
CWE-862Secondaryaudit@patchstack.com
CWE ID: CWE-862
Type: Secondary
Source: audit@patchstack.com
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
https://patchstack.com/database/wordpress/plugin/woocommerce-for-japan/vulnerability/wordpress-japanized-for-woocommerce-plugin-2-9-12-broken-access-control-vulnerability?_s_id=cveaudit@patchstack.com
N/A
Hyperlink: https://patchstack.com/database/wordpress/plugin/woocommerce-for-japan/vulnerability/wordpress-japanized-for-woocommerce-plugin-2-9-12-broken-access-control-vulnerability?_s_id=cve
Source: audit@patchstack.com
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

264Records found

CVE-2026-25009
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.24% / 15.25%
||
7 Day CHG~0.00%
Published-25 Mar, 2026 | 16:14
Updated-28 Apr, 2026 | 16:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Education Zone theme <= 1.3.8 - Broken Access Control vulnerability

Missing Authorization vulnerability in raratheme Education Zone education-zone allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Education Zone: from n/a through <= 1.3.8.

Action-Not Available
Vendor-raratheme
Product-Education Zone
CWE ID-CWE-862
Missing Authorization
CVE-2024-9161
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-6.5||MEDIUM
EPSS-2.04% / 78.84%
||
7 Day CHG~0.00%
Published-05 Oct, 2024 | 11:21
Updated-08 Apr, 2026 | 17:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Rank Math SEO – AI SEO Tools to Dominate SEO Rankings <= 1.0.228 - Missing Authorization to Unauthenticated User and Term Metadata Insert, Update, and Delete

The Rank Math SEO – AI SEO Tools to Dominate SEO Rankings plugin for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check on the 'update_metadata' function in all versions up to, and including, 1.0.228. This makes it possible for unauthenticated attackers to insert new and update existing metadata beginning with 'rank_math', and delete arbitrary existing user metadata and term metadata. Deleting existing usermeta can cause a loss of access to the administrator dashboard for any registered users, including Administrators.

Action-Not Available
Vendor-rankmathrankmath
Product-seoRank Math SEO – AI SEO Tools to Dominate SEO Rankings
CWE ID-CWE-862
Missing Authorization
CVE-2024-7032
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-6.5||MEDIUM
EPSS-0.48% / 38.09%
||
7 Day CHG~0.00%
Published-21 Aug, 2024 | 05:30
Updated-08 Apr, 2026 | 18:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Smart Online Order for Clover <= 1.5.6 - Missing Authorization to Plugin Deactivation and Data Deletion

The Smart Online Order for Clover plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'moo_deactivateAndClean' function in all versions up to, and including, 1.5.6. This makes it possible for unauthenticated attackers to deactivate the plugin and drop all plugin tables from the database.

Action-Not Available
Vendor-zaytechelbanyaouizaytech
Product-smart_online_order_for_cloverSmart Online Order for Cloversmart_online_order_for_clover
CWE ID-CWE-862
Missing Authorization
CVE-2023-1868
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-6.5||MEDIUM
EPSS-0.61% / 45.08%
||
7 Day CHG~0.00%
Published-05 Apr, 2023 | 13:23
Updated-08 Apr, 2026 | 18:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
YourChannel <= 1.2.3 - Missing Authorization to Plugin Cache Reset

The YourChannel plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check when clearing the plugin cache via the yrc_clear_cache GET parameter in versions up to, and including, 1.2.3. This makes it possible for unauthenticated attackers to clear the plugin's cache.

Action-Not Available
Vendor-pluginpluginbuilders
Product-yourchannelYourChannel: Everything you want in a YouTube plugin.
CWE ID-CWE-862
Missing Authorization
CVE-2026-25469
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.24% / 15.25%
||
7 Day CHG~0.00%
Published-25 Mar, 2026 | 16:14
Updated-28 Apr, 2026 | 16:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress ViaBill – WooCommerce plugin <= 1.1.53 - Settings Change vulnerability

Missing Authorization vulnerability in ViaBill for WooCommerce ViaBill – WooCommerce viabill-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ViaBill – WooCommerce: from n/a through <= 1.1.53.

Action-Not Available
Vendor-ViaBill for WooCommerce
Product-ViaBill – WooCommerce
CWE ID-CWE-862
Missing Authorization
CVE-2026-24946
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.20% / 9.88%
||
7 Day CHG~0.00%
Published-20 Feb, 2026 | 15:47
Updated-28 Apr, 2026 | 16:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Print Invoice & Delivery Notes for WooCommerce plugin <= 5.8.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in tychesoftwares Print Invoice & Delivery Notes for WooCommerce woocommerce-delivery-notes allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Print Invoice & Delivery Notes for WooCommerce: from n/a through <= 5.8.0.

Action-Not Available
Vendor-tychesoftwares
Product-Print Invoice & Delivery Notes for WooCommerce
CWE ID-CWE-862
Missing Authorization
CVE-2023-6158
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-6.5||MEDIUM
EPSS-0.57% / 42.81%
||
7 Day CHG~0.00%
Published-10 Jan, 2024 | 14:32
Updated-08 Apr, 2026 | 17:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
EventON - WordPress Virtual Event Calendar Plugin Pro <= 4.5.4 & Free <= 2.2.7 - Missing Authorization to Arbitrary Post Meta Update via evo_eventpost_update_meta

The EventON - WordPress Virtual Event Calendar Plugin plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the evo_eventpost_update_meta function in all versions up to, and including, 4.5.4 (for Pro) and 2.2.7 (for free). This makes it possible for unauthenticated attackers to update and remove arbitrary post metadata. Note that certain parameters may allow for content injection. CVE-2024-0238 appears to be a duplicate of this issue.

Action-Not Available
Vendor-myeventonEventONashanjay
Product-eventon-liteeventonEventON – Events CalendarEventON (Pro) - WordPress Virtual Event Calendar Plugin
CWE ID-CWE-862
Missing Authorization
CVE-2024-5940
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-6.5||MEDIUM
EPSS-0.47% / 37.07%
||
7 Day CHG~0.00%
Published-20 Aug, 2024 | 02:03
Updated-08 Apr, 2026 | 17:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
GiveWP – Donation Plugin and Fundraising Platform <= 3.13.0 - Missing Authorization to Unauthenticated Event Settings Update

The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'handle_request' function in all versions up to, and including, 3.13.0. This makes it possible for unauthenticated attackers to edit event ticket settings if the Events beta feature is enabled.

Action-Not Available
Vendor-The Events Calendar (StellarWP)GiveWP
Product-givewpGiveWP – Donation Plugin and Fundraising Platformgivewp_donation_plugin_and_fundraising_platform
CWE ID-CWE-862
Missing Authorization
CVE-2024-5992
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-6.5||MEDIUM
EPSS-0.54% / 41.24%
||
7 Day CHG~0.00%
Published-09 Jul, 2024 | 08:33
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cliengo - Chatbot <= 3.0.2 - Missing Authorization to Unauthenticated Chatbot Settings Update

The Cliengo – Chatbot plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'update_chatbot_token' and 'update_chatbot_position' functions in all versions up to, and including, 3.0.2. This makes it possible for unauthenticated attackers to change chatbot settings, which can lead to unavailability or other changes to the chatbot.

Action-Not Available
Vendor-cliengocliengo
Product-Cliengo – Chatbotcliengo-chatbot
CWE ID-CWE-862
Missing Authorization
CVE-2024-5861
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-5.3||MEDIUM
EPSS-0.40% / 31.77%
||
7 Day CHG~0.00%
Published-24 Jul, 2024 | 03:17
Updated-08 Apr, 2026 | 16:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WP Easy Pay (Free) <= 4.2.3 - Missing Authorization to Unauthenticated Service Disconnection

The WP EasyPay – Square for WordPress plugin for WordPress is vulnerable to unauthorized modification of datadue to a missing capability check on the wpep_square_disconnect() function in all versions up to, and including, 4.2.3. This makes it possible for unauthenticated attackers to disconnect square.

Action-Not Available
Vendor-wpeasypaysaadiqbalwpeasypay
Product-wp_easypayWP Easy Pay – Payment and Donation form Builder for Squarewp_easypay
CWE ID-CWE-862
Missing Authorization
CVE-2026-25437
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.24% / 15.25%
||
7 Day CHG~0.00%
Published-25 Mar, 2026 | 16:14
Updated-28 Apr, 2026 | 16:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress GZSEO plugin <= 2.0.14 - Broken Access Control vulnerability

Missing Authorization vulnerability in سید محمدامین هاشمی GZSEO gzseo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GZSEO: from n/a through <= 2.0.14.

Action-Not Available
Vendor-سید محمدامین هاشمی
Product-GZSEO
CWE ID-CWE-862
Missing Authorization
CVE-2024-55991
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.33% / 25.33%
||
7 Day CHG+0.01%
Published-31 Dec, 2024 | 12:51
Updated-28 Apr, 2026 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress CRM Plugin – WP-CRM System plugin <= 3.2.9.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in Mario Peshev WP-CRM System wp-crm-system allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP-CRM System: from n/a through <= 3.2.9.1.

Action-Not Available
Vendor-Mario Peshev
Product-WP-CRM System
CWE ID-CWE-862
Missing Authorization
CVE-2024-5468
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-6.5||MEDIUM
EPSS-0.37% / 29.25%
||
7 Day CHG~0.00%
Published-12 Jun, 2024 | 08:33
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Header Builder Plugin – Pearl <= 1.3.7 - Missing Authorization to Unauthenticated Arbitrary Site Options Deletion

The WordPress Header Builder Plugin – Pearl plugin for WordPress is vulnerable to unauthorized site option deletion due to a missing validation and capability checks on the stm_hb_delete() function in all versions up to, and including, 1.3.7. This makes it possible for unauthenticated attackers to delete arbitrary options that can be used to perform a denial of service attack on a site.

Action-Not Available
Vendor-stylemix
Product-Pearl – Header Builder
CWE ID-CWE-862
Missing Authorization
CVE-2025-14172
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-6.5||MEDIUM
EPSS-0.38% / 29.55%
||
7 Day CHG~0.00%
Published-09 Jan, 2026 | 11:15
Updated-08 Apr, 2026 | 17:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WP Page Permalink Extension <= 1.5.4 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Rewrite Rules Flush

The WP Page Permalink Extension plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.5.4. This is due to missing authorization checks on the `cwpp_trigger_flush_rewrite_rules` function hooked to `wp_ajax_cwpp_trigger_flush_rewrite_rules`. This makes it possible for authenticated attackers, with Subscriber-level access and above, to flush the site's rewrite rules via the `action` parameter.

Action-Not Available
Vendor-infosatech
Product-WP Page Permalink Extension
CWE ID-CWE-862
Missing Authorization
CVE-2024-55997
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.45% / 35.83%
||
7 Day CHG~0.00%
Published-18 Dec, 2024 | 11:38
Updated-28 Apr, 2026 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Order Delivery & Pickup Location Date Time plugin <= 1.1.0 - Settings Change vulnerability

Missing Authorization vulnerability in webchunky Order Delivery & Pickup Location Date Time order-delivery-pickup-location-date-time-free-version allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Order Delivery & Pickup Location Date Time: from n/a through <= 1.1.0.

Action-Not Available
Vendor-webchunky
Product-Order Delivery & Pickup Location Date Time
CWE ID-CWE-862
Missing Authorization
CVE-2024-56001
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.43% / 34.36%
||
7 Day CHG~0.00%
Published-16 Dec, 2024 | 14:14
Updated-28 Apr, 2026 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Ksher plugin <= 1.1.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in ksher thailand Ksher ksher-payment allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ksher: from n/a through <= 1.1.1.

Action-Not Available
Vendor-ksher thailand
Product-Ksher
CWE ID-CWE-862
Missing Authorization
CVE-2024-55995
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.30% / 21.59%
||
7 Day CHG+0.01%
Published-31 Dec, 2024 | 13:51
Updated-28 Apr, 2026 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Torod plugin <= 1.7 - Settings Change vulnerability

Missing Authorization vulnerability in Torod Company for Information Technology Torod torod allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Torod: from n/a through <= 1.7.

Action-Not Available
Vendor-Torod Company for Information Technology
Product-Torod
CWE ID-CWE-862
Missing Authorization
CVE-2024-5382
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-6.5||MEDIUM
EPSS-0.32% / 23.78%
||
7 Day CHG~0.00%
Published-07 Jun, 2024 | 12:33
Updated-08 Apr, 2026 | 19:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Master Addons – Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor <= 2.0.6.1 - Missing Authorization to MA Template Creation or Modification

The Master Addons – Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ma-template' REST API route in all versions up to, and including, 2.0.6.1. This makes it possible for unauthenticated attackers to create or modify existing Master Addons templates or make settings modifications related to these templates.

Action-Not Available
Vendor-master-addonslitonice13WordPress.org
Product-master_addonsMaster Addons For Elementor – Widgets, Extensions, Theme Builder, Popup Builder & Template Kitsfree_widgets_for_elementor_plugin
CWE ID-CWE-862
Missing Authorization
CVE-2024-54218
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.30% / 21.56%
||
7 Day CHG~0.00%
Published-09 Dec, 2024 | 13:15
Updated-28 Apr, 2026 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress AIO Contact plugin <= 2.8.1 - Unauthenticated Plugin Settings Change vulnerability

Missing Authorization vulnerability in thehp AIO Contact aio-contact.This issue affects AIO Contact: from n/a through <= 2.8.1.

Action-Not Available
Vendor-thehpthehp
Product-AIO Contactaio_contact
CWE ID-CWE-862
Missing Authorization
CVE-2024-52485
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.33% / 25.29%
||
7 Day CHG~0.00%
Published-18 Dec, 2024 | 11:38
Updated-28 Apr, 2026 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Menu Image plugin <= 2.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in Yudiz Solutions Ltd. WP Menu Image wp-menu-image allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Menu Image: from n/a through <= 2.2.

Action-Not Available
Vendor-Yudiz Solutions Ltd.
Product-WP Menu Image
CWE ID-CWE-862
Missing Authorization
CVE-2022-46795
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.58% / 43.49%
||
7 Day CHG~0.00%
Published-13 Dec, 2024 | 14:22
Updated-28 Apr, 2026 | 19:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Print Invoice & Delivery Notes for WooCommerce plugin <= 4.7.2 - CSRF Plugin Settings Reset vulnerability

Missing Authorization vulnerability in Tyche Softwares Print Invoice & Delivery Notes for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Print Invoice & Delivery Notes for WooCommerce: from n/a through 4.7.2.

Action-Not Available
Vendor-tychesoftwaresTyche Softwares
Product-print_invoice_\&_delivery_notes_for_woocommercePrint Invoice & Delivery Notes for WooCommerce
CWE ID-CWE-862
Missing Authorization
CVE-2022-45830
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.37% / 29.09%
||
7 Day CHG~0.00%
Published-02 Jan, 2025 | 15:02
Updated-28 Apr, 2026 | 16:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Analytify - Google Analytics Dashboard plugin <= 4.2.3 - Privilege Escalation vulnerability

Missing Authorization vulnerability in Analytify.This issue affects Analytify: from n/a through 4.2.3.

Action-Not Available
Vendor-analytifyAnalytify
Product-analytify_-_google_analytics_dashboardAnalytify
CWE ID-CWE-862
Missing Authorization
CVE-2022-4555
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-6.5||MEDIUM
EPSS-0.66% / 47.22%
||
7 Day CHG~0.00%
Published-16 Dec, 2022 | 13:54
Updated-08 Apr, 2026 | 18:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WP Shamsi <= 4.1.0 - Missing Authorization to Arbitrary Plugin Deactivation

The WP Shamsi plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the deactivate() function hooked via init() in versions up to, and including, 4.1.0. This makes it possible for unauthenticated attackers to deactivate arbitrary plugins on the site. This can be used to deactivate security plugins that aids in exploiting other vulnerabilities.

Action-Not Available
Vendor-wpvarwpvar
Product-wp_shamsiWP Shamsi – افزونه تاریخ شمسی و فارسی ساز وردپرس
CWE ID-CWE-862
Missing Authorization
CVE-2022-41650
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.26% / 17.61%
||
7 Day CHG~0.00%
Published-17 Feb, 2026 | 14:56
Updated-28 Apr, 2026 | 19:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Custom Content by Country plugin <= 3.1.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in Paul Custom Content by Country (by Shield Security) custom-content-by-country.This issue affects Custom Content by Country (by Shield Security): from n/a through 3.1.2.

Action-Not Available
Vendor-Paul
Product-Custom Content by Country (by Shield Security)
CWE ID-CWE-862
Missing Authorization
CVE-2022-41698
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.48% / 37.67%
||
7 Day CHG~0.00%
Published-17 Apr, 2024 | 10:13
Updated-28 Apr, 2026 | 19:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress If Menu – Visibility control for Menus plugin <= 0.16.3 - Broken Access Control

Missing Authorization vulnerability in Layered If Menu.This issue affects If Menu: from n/a through 0.16.3.

Action-Not Available
Vendor-LayeredWordPress.org
Product-If Menuadserve
CWE ID-CWE-862
Missing Authorization
CVE-2022-4169
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-6.5||MEDIUM
EPSS-0.66% / 47.22%
||
7 Day CHG~0.00%
Published-28 Nov, 2022 | 17:33
Updated-08 Apr, 2026 | 18:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Theme and plugin translation for Polylang <= 3.2.16 - Missing Authorization

The Theme and plugin translation for Polylang is vulnerable to authorization bypass in versions up to, and including, 3.2.16 due to missing capability checks in the process_polylang_theme_translation_wp_loaded() function. This makes it possible for unauthenticated attackers to update plugin and theme translation settings and to import translation strings.

Action-Not Available
Vendor-theme_and_plugin_translation_for_polylang_projectmarcinkazmierski
Product-theme_and_plugin_translation_for_polylangTheme and plugin translation for Polylang (TTfP)
CWE ID-CWE-862
Missing Authorization
CVE-2024-47308
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-1.70% / 74.34%
||
7 Day CHG~0.00%
Published-01 Nov, 2024 | 14:17
Updated-28 Apr, 2026 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Templately plugin <= 3.1.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in WPDeveloper Templately templately.This issue affects Templately: from n/a through <= 3.1.2.

Action-Not Available
Vendor-TemplatelyWPDeveloper
Product-templatelyTemplatelytemplately
CWE ID-CWE-862
Missing Authorization
CVE-2022-40218
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.49% / 38.35%
||
7 Day CHG~0.00%
Published-08 May, 2024 | 11:57
Updated-28 Apr, 2026 | 16:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress TH Advance Product Search plugin <= 1.1.4 - Unauthenticated Plugin Settings Change vulnerability

Missing Authorization vulnerability in ThemeHunk Advance WordPress Search Plugin.This issue affects Advance WordPress Search Plugin: from n/a through 1.1.4.

Action-Not Available
Vendor-themehunkThemeHunkthemehunk
Product-advance_product_searchAdvance WordPress Search Pluginadvanced_wordpress_search
CWE ID-CWE-862
Missing Authorization
CVE-2024-47321
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.40% / 32.35%
||
7 Day CHG~0.00%
Published-01 Nov, 2024 | 14:17
Updated-28 Apr, 2026 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Datepicker plugin <= 2.1.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in Fahad Mahmood WP Datepicker wp-datepicker.This issue affects WP Datepicker: from n/a through <= 2.1.1.

Action-Not Available
Vendor-androidbubblesFahad Mahmoodandroidbubbles
Product-wp_datepickerWP Datepickerwp_datepicker
CWE ID-CWE-862
Missing Authorization
CVE-2025-64215
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.20% / 9.55%
||
7 Day CHG~0.00%
Published-15 Jun, 2026 | 13:03
Updated-15 Jun, 2026 | 16:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress MasterStudy LMS Pro plugin < 4.7.16 - Broken Access Control vulnerability

Missing Authorization vulnerability in StylemixThemes MasterStudy LMS Pro allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects MasterStudy LMS Pro: from n/a before 4.7.16.

Action-Not Available
Vendor-StylemixThemes
Product-MasterStudy LMS Pro
CWE ID-CWE-862
Missing Authorization
CVE-2024-43974
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.51% / 39.63%
||
7 Day CHG~0.00%
Published-01 Nov, 2024 | 14:17
Updated-28 Apr, 2026 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress ReviveNews theme <= 1.0.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in CozyThemes ReviveNews allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects ReviveNews: from n/a through 1.0.2.

Action-Not Available
Vendor-cozythemesCozyThemescozythemes
Product-revivenewsReviveNewsrevivenews
CWE ID-CWE-862
Missing Authorization
CVE-2024-43998
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-1.44% / 70.03%
||
7 Day CHG~0.00%
Published-01 Nov, 2024 | 14:17
Updated-28 Apr, 2026 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Blogpoet theme <= 1.0.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in WebsiteinWP Blogpoet allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Blogpoet: from n/a through 1.0.3.

Action-Not Available
Vendor-websiteinwpWebsiteinWPwebsiteinwp
Product-blogpoetBlogpoetblogpoet
CWE ID-CWE-862
Missing Authorization
CVE-2024-43940
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.36% / 27.48%
||
7 Day CHG~0.00%
Published-29 Aug, 2024 | 15:07
Updated-28 Apr, 2026 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Z Y N I T H plugin <= 7.4.9 - Unauthenticated Plugin Settings Change vulnerability

Missing Authorization vulnerability in VIICTORY MEDIA LLC Z Y N I T H allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Z Y N I T H: from n/a through 7.4.9.

Action-Not Available
Vendor-zynithVIICTORY MEDIA LLCvictory_media_llc
Product-zynithZ Y N I T Hzynith
CWE ID-CWE-862
Missing Authorization
CVE-2024-43979
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.48% / 37.89%
||
7 Day CHG~0.00%
Published-01 Nov, 2024 | 14:17
Updated-28 Apr, 2026 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Blockbooster theme <= 1.0.10 - Broken Access Control vulnerability

Missing Authorization vulnerability in CozyThemes Blockbooster allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Blockbooster: from n/a through 1.0.10.

Action-Not Available
Vendor-cozythemesCozyThemescozythemes
Product-blockboosterBlockboosterblockbooster
CWE ID-CWE-862
Missing Authorization
CVE-2024-43980
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.51% / 39.45%
||
7 Day CHG~0.00%
Published-01 Nov, 2024 | 14:17
Updated-28 Apr, 2026 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress FotaWP theme <= 1.4.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in CozyThemes Fota WP allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Fota WP: from n/a through 1.4.1.

Action-Not Available
Vendor-cozythemesCozyThemescozythemes
Product-fotawpFota WPfotawp
CWE ID-CWE-862
Missing Authorization
CVE-2023-51495
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.36% / 27.48%
||
7 Day CHG~0.00%
Published-14 Jun, 2024 | 05:42
Updated-28 Apr, 2026 | 16:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WooCommerce Warranty Requests plugin <= 2.2.7 - Broken Access Control vulnerability

Missing Authorization vulnerability in Woo WooCommerce Warranty Requests.This issue affects WooCommerce Warranty Requests: from n/a through 2.2.7.

Action-Not Available
Vendor-WooCommerce
Product-WooCommerce Warranty Requests
CWE ID-CWE-862
Missing Authorization
CVE-2024-43341
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.46% / 37.00%
||
7 Day CHG~0.00%
Published-01 Nov, 2024 | 14:17
Updated-28 Apr, 2026 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Hello Agency theme <= 1.0.5 - Broken Access Control vulnerability

Missing Authorization vulnerability in CozyThemes Hello Agency allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Hello Agency: from n/a through 1.0.5.

Action-Not Available
Vendor-cozythemesCozyThemescozythemes
Product-hello_agencyHello Agencyhello_agency
CWE ID-CWE-862
Missing Authorization
CVE-2023-52229
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.50% / 39.02%
||
7 Day CHG~0.00%
Published-20 Mar, 2024 | 11:26
Updated-28 Apr, 2026 | 16:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Word Replacer Pro plugin <= 1.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in Save as PDF plugin by Pdfcrowd Word Replacer Pro.This issue affects Word Replacer Pro: from n/a through 1.0.

Action-Not Available
Vendor-Save as PDF plugin by Pdfcrowdpdfcrowd
Product-Word Replacer Proword_replacer_pro
CWE ID-CWE-862
Missing Authorization
CVE-2024-43209
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.42% / 33.74%
||
7 Day CHG~0.00%
Published-01 Nov, 2024 | 14:17
Updated-28 Apr, 2026 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Bitly's WordPress Plugin plugin <= 2.7.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in Bitly allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Bitly: from n/a through 2.7.2.

Action-Not Available
Vendor-Bitlybitly
Product-Bitlybitly
CWE ID-CWE-862
Missing Authorization
CVE-2022-36340
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.63% / 45.84%
||
7 Day CHG~0.00%
Published-23 Sep, 2022 | 18:31
Updated-28 Apr, 2026 | 16:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress MailOptin plugin <= 1.2.49.0 - Unauthenticated Optin Campaign Cache Deletion vulnerability

Unauthenticated Optin Campaign Cache Deletion vulnerability in MailOptin plugin <= 1.2.49.0 at WordPress.

Action-Not Available
Vendor-mailoptinMailOptin Popup Builder Team
Product-mailoptinMailOptin (WordPress plugin)
CWE ID-CWE-862
Missing Authorization
CVE-2024-6755
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-6.5||MEDIUM
EPSS-0.32% / 23.50%
||
7 Day CHG~0.00%
Published-24 Jul, 2024 | 02:33
Updated-08 Apr, 2026 | 17:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Social Auto Poster <= 5.3.14 - Missing Authorization to Unauthenticated Arbitrary Post Deletion

The Social Auto Poster plugin for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check on the ‘wpw_auto_poster_quick_delete_multiple’ function in all versions up to, and including, 5.3.14. This makes it possible for unauthenticated attackers to delete arbitrary posts.

Action-Not Available
Vendor-WPWeb Elite
Product-social_auto_posterSocial Auto Postersocial_auto_poster
CWE ID-CWE-862
Missing Authorization
CVE-2022-36418
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.66% / 46.89%
||
7 Day CHG~0.00%
Published-17 Jan, 2024 | 15:51
Updated-28 Apr, 2026 | 19:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress HREFLANG Tags Lite Plugin <= 2.0.0 is vulnerable to Broken Authentication

Missing Authorization vulnerability in Vagary Digital HREFLANG Tags Lite.This issue affects HREFLANG Tags Lite: from n/a through 2.0.0.

Action-Not Available
Vendor-dcgwsVagary Digital
Product-hreflang_tags_liteHREFLANG Tags Lite
CWE ID-CWE-862
Missing Authorization
CVE-2024-39640
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.42% / 34.11%
||
7 Day CHG~0.00%
Published-01 Nov, 2024 | 14:17
Updated-28 Apr, 2026 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Social Feed Gallery plugin <= 4.3.9 - Broken Access Control vulnerability

Missing Authorization vulnerability in QuadLayers WP Social Feed Gallery allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Social Feed Gallery: from n/a through 4.3.9.

Action-Not Available
Vendor-QuadLayersquadlayers
Product-WP Social Feed Gallerywp_social_feed_gallery
CWE ID-CWE-862
Missing Authorization
CVE-2023-41651
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.41% / 33.06%
||
7 Day CHG~0.00%
Published-08 May, 2024 | 08:56
Updated-28 Apr, 2026 | 16:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Multi-column Tag Map plugin <= 17.0.26 - Broken Access Control vulnerability

Missing Authorization vulnerability in Multi-column Tag Map.This issue affects Multi-column Tag Map: from n/a through 17.0.26.

Action-Not Available
Vendor-Multi-Column Tag Map
Product-Multi-column Tag Mapmulti-column_tag_map
CWE ID-CWE-862
Missing Authorization
CVE-2024-37510
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.44% / 35.52%
||
7 Day CHG~0.00%
Published-01 Nov, 2024 | 14:18
Updated-28 Apr, 2026 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Donation Forms by Charitable plugin <= 1.8.1.7 - Broken Access Control vulnerability

Missing Authorization vulnerability in Charitable Donations & Fundraising Team Charitable allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Charitable: from n/a through 1.8.1.7.

Action-Not Available
Vendor-WP Charitable LLC.
Product-Charitablecharitable
CWE ID-CWE-862
Missing Authorization
CVE-2023-50884
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.54% / 41.31%
||
7 Day CHG~0.00%
Published-09 Dec, 2024 | 11:29
Updated-29 Apr, 2026 | 10:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress LA-Studio Element Kit for Elementor plugin <= 1.1.5 - Broken Access Control vulnerability

Missing Authorization vulnerability in LA-Studio LA-Studio Element Kit for Elementor lastudio-element-kit allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LA-Studio Element Kit for Elementor: from n/a through <= 1.1.5.

Action-Not Available
Vendor-LA-Studiolastudio
Product-LA-Studio Element Kit for Elementorla-studio_element_kit_for_elementor
CWE ID-CWE-862
Missing Authorization
CVE-2023-49857
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.51% / 39.88%
||
7 Day CHG~0.00%
Published-09 Dec, 2024 | 11:30
Updated-29 Apr, 2026 | 10:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Awesome Support plugin <= 6.1.7 - Broken Access Control vulnerability

Missing Authorization vulnerability in awesomesupport Awesome Support awesome-support allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Awesome Support: from n/a through <= 6.1.7.

Action-Not Available
Vendor-getawesomesupportawesomesupportawesomesupport
Product-awesome_supportAwesome Supportawesome_support_wordpress_helpdesk_\&_support
CWE ID-CWE-862
Missing Authorization
CVE-2024-35660
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.40% / 31.65%
||
7 Day CHG~0.00%
Published-09 Jun, 2024 | 11:56
Updated-28 Apr, 2026 | 16:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Master Addons for Elementor plugin <= 2.0.5.4.1 - Broken Access Control on API vulnerability

Missing Authorization vulnerability in Jewel Theme Master Addons for Elementor.This issue affects Master Addons for Elementor: from n/a through 2.0.5.4.1.

Action-Not Available
Vendor-master-addonsJewel Themejeweltheme
Product-master_addonsMaster Addons for Elementormaster_addons_for_elementor
CWE ID-CWE-862
Missing Authorization
CVE-2024-34820
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.44% / 35.11%
||
7 Day CHG~0.00%
Published-11 Jun, 2024 | 14:57
Updated-28 Apr, 2026 | 16:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress If-So Dynamic Content Personalization plugin <= 1.7.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in If So Plugin If-So Dynamic Content Personalization.This issue affects If-So Dynamic Content Personalization: from n/a through 1.7.1.

Action-Not Available
Vendor-If So Plugin
Product-If-So Dynamic Content Personalization
CWE ID-CWE-862
Missing Authorization
CVE-2024-33919
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.44% / 35.13%
||
7 Day CHG~0.00%
Published-03 May, 2024 | 08:31
Updated-28 Apr, 2026 | 16:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress RomethemeKit For Elementor plugin <= 1.4.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in Rometheme RomethemeKit For Elementor.This issue affects RomethemeKit For Elementor: from n/a through 1.4.1.

Action-Not Available
Vendor-Romethemerometheme
Product-RomethemeKit For Elementorromethemekit_for_elementor
CWE ID-CWE-862
Missing Authorization
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • Next
Details not found