CWE-862 CVEs and Security Vulnerabilities

Filtered by CWE-862

Search

Switch to Advanced Search (Beta)

Total 7867 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2025-43358	1 Apple	7 Ios, Ipados, Iphone Os and 4 more	2026-04-28	8.8 High
A permissions issue was addressed with additional sandbox restrictions. This issue is fixed in iOS 18.7 and iPadOS 18.7, iOS 26 and iPadOS 26, macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26. A shortcut may be able to bypass sandbox restrictions.
CVE-2025-43329	1 Apple	6 Ios, Ipados, Iphone Os and 3 more	2026-04-28	8.8 High
A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 26 and iPadOS 26, macOS Tahoe 26, tvOS 26, watchOS 26. An app may be able to break out of its sandbox.
CVE-2026-6393	2 Wordpress, Wpdevteam	2 Wordpress, Betterdocs – Knowledge Base Docs & Faq Solution For Elementor & Block Editor	2026-04-27	4.3 Medium
The BetterDocs plugin for WordPress is vulnerable to Missing Authorization in versions up to and including 4.3.11. This is due to a missing capability check in the generate_openai_content_callback() function, which relies solely on a nonce rather than verifying user permissions. This makes it possible for authenticated attackers, with subscriber-level access and above, to trigger OpenAI API calls using the site's configured API key with arbitrary user-controlled prompts, leading to unauthorized consumption of the site owner's paid AI API quota.
CVE-2025-43497	1 Apple	1 Macos	2026-04-27	5.2 Medium
An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Tahoe 26.1. An app may be able to break out of its sandbox.
CVE-2026-5488	2 Smub, Wordpress	2 Exactmetrics – Google Analytics Dashboard For Wordpress (website Stats Plugin), Wordpress	2026-04-27	5.3 Medium
The ExactMetrics – Google Analytics Dashboard for WordPress plugin for WordPress is vulnerable to Missing Authorization in versions up to and including 9.1.2. This is due to missing capability checks in the get_ads_access_token() and reset_experience() AJAX handlers. While the mi-admin-nonce is localized on all admin pages (including profile.php which subscribers can access), and while other similar AJAX endpoints in the same class properly check for the exactmetrics_save_settings capability, these two endpoints only verify the nonce. This makes it possible for authenticated attackers, with subscriber-level access and above, to retrieve valid Google Ads access tokens and reset Google Ads integration settings.
CVE-2025-69027	2 Tychesoftwares, Wordpress	2 Product Delivery Date For Woocommerce Lite, Wordpress	2026-04-27	5.3 Medium
Missing Authorization vulnerability in tychesoftwares Product Delivery Date for WooCommerce – Lite product-delivery-date-for-woocommerce-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Product Delivery Date for WooCommerce – Lite: from n/a through <= 3.2.0.
CVE-2025-49949	1 Wordpress	1 Wordpress	2026-04-27	5.4 Medium
Missing Authorization vulnerability in templazee Templazee templazee allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Templazee: from n/a through <= 1.0.2.
CVE-2025-49925	2 Vibethemes, Wordpress	2 Wordpress Learning Management System, Wordpress	2026-04-27	7.5 High
Missing Authorization vulnerability in VibeThemes WPLMS wplms_plugin allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WPLMS: from n/a through <= 1.9.9.7.
CVE-2025-49922	2 Etruel, Wordpress	2 Wpematico Rss Feed Fetcher, Wordpress	2026-04-27	4.3 Medium
Missing Authorization vulnerability in etruel WPeMatico RSS Feed Fetcher wpematico allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPeMatico RSS Feed Fetcher: from n/a through <= 2.8.3.
CVE-2025-49394	2 Bplugins, Wordpress	2 Image Gallery Block, Wordpress	2026-04-27	7.1 High
Missing Authorization vulnerability in bPlugins Image Gallery block – Create and display photo gallery/photo album. 3d-image-gallery allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Image Gallery block – Create and display photo gallery/photo album.: from n/a through <= 1.0.7.
CVE-2025-49375	1 Wordpress	1 Wordpress	2026-04-27	5.4 Medium
Missing Authorization vulnerability in cozythemes HomeLancer homelancer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects HomeLancer: from n/a through <= 1.0.1.
CVE-2025-49376	2 Delucks, Wordpress	2 Delucks Seo, Wordpress	2026-04-27	5.3 Medium
Missing Authorization vulnerability in DELUCKS DELUCKS SEO delucks-seo allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects DELUCKS SEO: from n/a through <= 2.5.9.
CVE-2025-58986	1 Wordpress	1 Wordpress	2026-04-27	6.5 Medium
Missing Authorization vulnerability in ganddser Jock On Air Now (JOAN) joan allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Jock On Air Now (JOAN): from n/a through <= 6.0.4.
CVE-2025-69385	2 Agnihd, Wordpress	2 Cartify - Woocommerce Gutenberg Wordpress Theme, Wordpress	2026-04-27	6.5 Medium
Missing Authorization vulnerability in AgniHD Cartify - WooCommerce Gutenberg WordPress Theme cartify allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Cartify - WooCommerce Gutenberg WordPress Theme: from n/a through <= 1.3.
CVE-2025-68980	2 Designthemes, Wordpress	2 Wedesigntech-portfolio, Wordpress	2026-04-27	5.3 Medium
Missing Authorization vulnerability in designthemes WeDesignTech Portfolio wedesigntech-portfolio allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WeDesignTech Portfolio: from n/a through <= 1.0.2.
CVE-2025-68608	1 Wordpress	1 Wordpress	2026-04-27	7.5 High
Missing Authorization vulnerability in DeluxeThemes Userpro userpro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Userpro: from n/a through <= 5.1.9.
CVE-2025-68603	2 Marketing Fire, Wordpress	2 Editorial Calendar, Wordpress	2026-04-27	5.4 Medium
Missing Authorization vulnerability in Marketing Fire Editorial Calendar editorial-calendar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Editorial Calendar: from n/a through <= 3.8.8.
CVE-2025-68595	2 Trustindex, Wordpress	2 Widgets For Social Photo Feed, Wordpress	2026-04-27	5.3 Medium
Missing Authorization vulnerability in Trustindex Widgets for Social Photo Feed social-photo-feed-widget allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Widgets for Social Photo Feed: from n/a through <= 1.8.
CVE-2025-68594	1 Wordpress	1 Wordpress	2026-04-27	5.3 Medium
Missing Authorization vulnerability in Opinion Stage Poll, Survey & Quiz Maker Plugin by Opinion Stage social-polls-by-opinionstage allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Poll, Survey & Quiz Maker Plugin by Opinion Stage: from n/a through <= 19.12.0.
CVE-2025-68593	1 Wordpress	1 Wordpress	2026-04-27	5.4 Medium
Missing Authorization vulnerability in Liton Arefin WP Adminify adminify allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Adminify: from n/a through <= 4.0.6.1.

« first previous Page 50 of 394. next last »