CWE-862 CVEs and Security Vulnerabilities

Filtered by CWE-862

Search

Switch to Advanced Search (Beta)

Total 7806 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2026-1906	2 Wordpress, Wpovernight	2 Wordpress, Pdf Invoices & Packing Slips For Woocommerce	2026-04-16	4.3 Medium
The PDF Invoices & Packing Slips for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.6.0 via the `wpo_ips_edi_save_order_customer_peppol_identifiers` AJAX action due to missing capability checks and order ownership validation. This makes it possible for authenticated attackers, with Subscriber-level access and above, to modify Peppol/EDI endpoint identifiers (`peppol_endpoint_id`, `peppol_endpoint_eas`) for any customer by specifying an arbitrary `order_id` parameter on systems using Peppol invoicing. This can affect order routing on the Peppol network and may result in payment disruptions and data leakage.
CVE-2026-27056	2 Stellarwp, Wordpress	2 Ithemes Sync, Wordpress	2026-04-16	4.3 Medium
Missing Authorization vulnerability in StellarWP iThemes Sync ithemes-sync allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects iThemes Sync: from n/a through <= 3.2.8.
CVE-2026-24375	2 Wordpress, Wpswings	2 Wordpress, Ultimate Gift Cards For Woocommerce	2026-04-16	5.3 Medium
Missing Authorization vulnerability in WP Swings Ultimate Gift Cards For WooCommerce woo-gift-cards-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ultimate Gift Cards For WooCommerce: from n/a through <= 3.2.4.
CVE-2026-24999	2 Almapay, Wordpress	2 Alma, Wordpress	2026-04-16	5.3 Medium
Missing Authorization vulnerability in Alma Alma alma-gateway-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Alma: from n/a through <= 5.16.1.
CVE-2026-25000	2 Kraftplugins, Wordpress	2 Wheel Of Life, Wordpress	2026-04-16	5.3 Medium
Missing Authorization vulnerability in Kraft Plugins Wheel of Life wheel-of-life allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Wheel of Life: from n/a through <= 1.2.0.
CVE-2026-25003	2 Madalin.ungureanu, Wordpress	2 Client Portal, Wordpress	2026-04-16	4.3 Medium
Missing Authorization vulnerability in madalin.ungureanu Client Portal client-portal allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Client Portal: from n/a through <= 1.2.1.
CVE-2026-25308	2 Wordpress, Wp.insider	2 Wordpress, Simple Membership	2026-04-16	4.3 Medium
Missing Authorization vulnerability in wp.insider Simple Membership simple-membership allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simple Membership: from n/a through <= 4.6.9.
CVE-2026-25311	2 10up, Wordpress	2 Autoshare For Twitter, Wordpress	2026-04-16	5.4 Medium
Missing Authorization vulnerability in 10up Autoshare for Twitter autoshare-for-twitter allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Autoshare for Twitter: from n/a through <= 2.3.1.
CVE-2026-25313	2 Shahjahan Jewel, Wordpress	2 Fluentform, Wordpress	2026-04-16	4.3 Medium
Missing Authorization vulnerability in Shahjahan Jewel FluentForm fluentform allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects FluentForm: from n/a through <= 6.1.14.
CVE-2026-25314	2 Wordpress, Wp Messiah	2 Wordpress, Top Table Of Contents	2026-04-16	4.3 Medium
Missing Authorization vulnerability in WP Messiah TOP Table Of Contents top-table-of-contents allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects TOP Table Of Contents: from n/a through <= 1.3.31.
CVE-2026-25320	2 Cool Plugins, Wordpress	2 Elementor Contact Form Db, Wordpress	2026-04-16	5.3 Medium
Missing Authorization vulnerability in Cool Plugins Elementor Contact Form DB sb-elementor-contact-form-db allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Elementor Contact Form DB: from n/a through <= 2.1.3.
CVE-2026-25323	2 Mika, Wordpress	2 Osm, Wordpress	2026-04-16	4.3 Medium
Missing Authorization vulnerability in MiKa OSM osm allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects OSM: from n/a through <= 6.1.12.
CVE-2026-25329	2 Expresstech, Wordpress	2 Quiz And Survey Master, Wordpress	2026-04-16	4.3 Medium
Missing Authorization vulnerability in ExpressTech Systems Quiz And Survey Master quiz-master-next allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Quiz And Survey Master: from n/a through <= 10.3.4.
CVE-2026-25330	2 Publishpress, Wordpress	2 Publishpress Authors, Wordpress	2026-04-16	4.3 Medium
Missing Authorization vulnerability in PublishPress PublishPress Authors publishpress-authors allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PublishPress Authors: from n/a through <= 4.10.1.
CVE-2026-25332	2 Fahad Mahmood, Wordpress	2 Endless Posts Navigation, Wordpress	2026-04-16	5.3 Medium
Missing Authorization vulnerability in Fahad Mahmood Endless Posts Navigation endless-posts-navigation allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Endless Posts Navigation: from n/a through <= 2.2.9.
CVE-2026-25335	2 Ays-pro, Wordpress	2 Secure Copy Content Protection And Content Locking, Wordpress	2026-04-16	4.3 Medium
Missing Authorization vulnerability in Ays Pro Secure Copy Content Protection and Content Locking secure-copy-content-protection allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Secure Copy Content Protection and Content Locking: from n/a through <= 5.0.0.
CVE-2026-25338	2 Ays Pro, Wordpress	2 Ai Chatbot With Chatgpt And Content Generator By Ays, Wordpress	2026-04-16	5.3 Medium
Missing Authorization vulnerability in Ays Pro AI ChatBot with ChatGPT and Content Generator by AYS ays-chatgpt-assistant allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AI ChatBot with ChatGPT and Content Generator by AYS: from n/a through <= 2.7.4.
CVE-2026-25348	2 Alttextai, Wordpress	2 Download Alt Text Ai, Wordpress	2026-04-16	5.3 Medium
Missing Authorization vulnerability in alttextai Download Alt Text AI alttext-ai allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Download Alt Text AI: from n/a through <= 1.10.15.
CVE-2026-25363	2 Fooplugins, Wordpress	2 Foogallery, Wordpress	2026-04-16	4.3 Medium
Missing Authorization vulnerability in FooPlugins FooGallery foogallery allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects FooGallery: from n/a through <= 3.1.11.
CVE-2026-25364	2 Boldgrid, Wordpress	2 Client Invoicing By Sprout Invoices, Wordpress	2026-04-16	5.3 Medium
Missing Authorization vulnerability in BoldGrid Client Invoicing by Sprout Invoices sprout-invoices allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Client Invoicing by Sprout Invoices: from n/a through <= 20.8.8.

« first previous Page 160 of 391. next last »