Weaknesses of type CWE-862

6,730 results

CVE-2021-41238HIGHMissing Authorization with Default Settings in Dashboard UIEPSS 0.9%CVE-2022-23621MEDIUMMissing authorization in xwiki-platformEPSS 0.9%CVE-2021-44795MEDIUMModifying User Permissions via Unauthorized Access in Single ConnectEPSS 0.9%CVE-2025-13956MEDIUMLearnPress – WordPress LMS Plugin <= 4.3.1 - Missing Authorization to Unauthenticated Orders Statistics ExposureEPSS 0.9%CVE-2025-1639HIGHAnimation Addons for Elementor Pro <= 1.6 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Installation/ActivationEPSS 0.9%CVE-2024-3895HIGHWP Datepicker <= 2.1.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options UpdateEPSS 0.9%CVE-2024-3295MEDIUMUser Registration – Custom Registration Form, Login Form, and User Profile WordPress Plugin <= 3.1.5 - Missing Authorization to Unauthenticated Media DeletionEPSS 0.9%CVE-2024-0593MEDIUMSimple Job Board <= 2.10.8 - Missing Authorization to Unauthenticated Information DisclosureEPSS 0.9%CVE-2025-50171CRITICALRemote Desktop Spoofing VulnerabilityEPSS 0.9%CVE-2024-54679MEDIUMCyberPanel (aka Cyber Panel) before 6778ad1 does not require the FilemanagerAdmin capability for restartMySQL actions.EPSS 0.9%CVE-2026-32230MEDIUMUptime Kuma is Missing Authorization Checks on Ping Badge Endpoint, Leaks Ping times of monitors without needing to be on a status pageEPSS 0.9%CVE-2020-1996MEDIUMPAN-OS: Panorama management server log injectionEPSS 0.9%CVE-2023-2448MEDIUMUserPro <= 5.1.4 - Missing Authorization to Arbitrary Shortcode Execution via userpro_shortcode_templateEPSS 0.9%CVE-2024-11270HIGHWordPress Webinar Plugin – WebinarPress <= 1.33.24 - Missing Authorization to Authenticated (Subscriber+) Arbitrary File CreationEPSS 0.9%CVE-2026-1314MEDIUM3D FlipBook – PDF Embedder, PDF Flipbook Viewer, Flipbook Image Gallery <= 1.16.17 - Missing Authorization to Unauthenticated Private/Draft Flipbook Data ExposureEPSS 0.9%CVE-2025-5888MEDIUMjsnjfz WebStack-Guns cross-site request forgeryEPSS 0.9%CVE-2024-1991HIGHRegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login <= 5.3.0.0 - Authenticated (Subscriber+) Privilege EscalationEPSS 0.9%CVE-2022-25810—Transposh WordPress Translation <= 1.0.8 - Subscriber+ Unauthorised CallsEPSS 0.9%CVE-2026-4003CRITICALUsers manager – PN <= 1.1.15 - Unauthenticated Privilege Escalation via Account Takeover via 'userspn_form_save' AJAX ActionEPSS 0.9%CVE-2024-10486MEDIUMGoogle for WooCommerce <= 2.8.6 - Information Disclosure via Publicly Accessible PHP Info FileEPSS 0.9%

← previouspage 15 / 337next →