Weaknesses of type CWE-862
6,783 resultsCVE-2020-9009LOWThe ShipStation.com plugin 1.1 and earlier for CS-Cart allows remote attackers to insert arbitrary information into the database (via actionEPSS 0.6%CVE-2023-27310MEDIUMA vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.2). The client query handler of the affected application fails EPSS 0.6%CVE-2022-36340MEDIUMWordPress MailOptin plugin <= 1.2.49.0 - Unauthenticated Optin Campaign Cache Deletion vulnerabilityEPSS 0.6%CVE-2023-39544—CLUSTERPRO X Ver5.1 and earlier and EXPRESSCLUSTER X 5.1 and earlier, CLUSTERPRO X SingleServerSafe 5.1 and earlier, EXPRESSCLUSTER X SingleEPSS 0.6%CVE-2024-6069HIGHPie Register - Basic <= 3.8.3.4 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin InstallationEPSS 0.6%CVE-2025-2266CRITICALCheckout Mestres do WP for WooCommerce 8.6.5 - 8.7.5 - Unauthenticated Arbitrary Options UpdateEPSS 0.6%CVE-2025-21416HIGHAzure Virtual Desktop Elevation of Privilege VulnerabilityEPSS 0.6%CVE-2024-49367MEDIUMNginx UI's log path can be controlledEPSS 0.6%CVE-2023-25454MEDIUMWordPress Protected Posts Logout Button plugin <= 1.4.5 - Broken Access Control vulnerabilityEPSS 0.6%CVE-2023-1843MEDIUMMetform Elementor Contact Form Builder <= 3.3.0 - Missing AuthorizationEPSS 0.6%CVE-2023-43700HIGHMissing Authorization in RDT400 in SICK APU allows an unprivileged remote attacker to modify data via HTTP requests that no not require authEPSS 0.6%CVE-2026-38329CRITICALBludit CMS before version 3.18.4 allows Remote Code Execution (RCE) via the API Plugin. The POST /api/files/{key} endpoint in bl-plugins/apiEPSS 0.6%CVE-2022-35293CRITICALDue to insecure session management, SAP Enable Now allows an unauthenticated attacker to gain access to user's account. On successful exploiEPSS 0.6%CVE-2026-4812MEDIUMAdvanced Custom Fields (ACF®) <= 6.7.0 - Unauthenticated Missing Authorization to Arbitrary Post/Page Disclosure via AJAX Field Query ParametersEPSS 0.6%CVE-2024-7475CRITICALImproper Access Control in lunary-ai/lunaryEPSS 0.6%CVE-2024-7031HIGHFile Manager Pro – Filester <= 1.8.2 - Authenticated Plugin Settings UpdateEPSS 0.6%CVE-2024-10575CRITICALCWE-862: Missing Authorization vulnerability exists that could cause unauthorized access when enabled on
the network and potentially impactiEPSS 0.6%CVE-2023-41875MEDIUMWordPress WP Directory Kit plugin <= 1.2.6 - Broken Access Control vulnerabilityEPSS 0.6%CVE-2023-3713HIGHProfileGrid <= 5.5.1 - Authenticated (Subscriber+) Arbitrary Option UpdateEPSS 0.6%CVE-2024-10008HIGHMasteriyo LMS – eLearning and Online Course Builder for WordPress <= 1.13.3 - Authenticated (Student+) Missing Authorization to Privilege EscalationEPSS 0.6%