CWE-862 CVEs and Security Vulnerabilities

Filtered by CWE-862

Search

Switch to Advanced Search (Beta)

Total 7854 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2026-24540	2 Prince, Wordpress	2 Integrate Google Drive, Wordpress	2026-04-24	5.4 Medium
Missing Authorization vulnerability in princeahmed Integrate Google Drive integrate-google-drive allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Integrate Google Drive: from n/a through <= 1.5.6.
CVE-2026-24543	1 Wordpress	1 Wordpress	2026-04-24	4.3 Medium
Missing Authorization vulnerability in Horea Radu Materialis Companion materialis-companion allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Materialis Companion: from n/a through <= 1.3.52.
CVE-2026-24551	1 Wordpress	1 Wordpress	2026-04-24	5.4 Medium
Missing Authorization vulnerability in monetagwp Monetag Official Plugin monetag-official allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Monetag Official Plugin: from n/a through <= 1.1.3.
CVE-2026-24556	1 Wordpress	1 Wordpress	2026-04-24	5.3 Medium
Missing Authorization vulnerability in wpdive ElementCamp element-camp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ElementCamp: from n/a through <= 2.3.2.
CVE-2026-2826	2 Stellarwp, Wordpress	2 Kadence Blocks — Page Builder Toolkit For Gutenberg Editor, Wordpress	2026-04-24	4.3 Medium
The Kadence Blocks — Page Builder Toolkit for Gutenberg Editor plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.6.3. This is due to the plugin not properly verifying that a user has the `upload_files` capability in the `process_pattern` REST API endpoint. This makes it possible for authenticated attackers, with contributor level access and above, to upload images to the WordPress Media Library by supplying remote image URLs that the server downloads and creates as media attachments.
CVE-2026-3445	2 Properfraction, Wordpress	2 Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – Profilepress, Wordpress	2026-04-24	7.1 High
The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to unauthorized membership payment bypass in all versions up to, and including, 4.16.11. This is due to a missing ownership verification on the `change_plan_sub_id` parameter in the `process_checkout()` function. This makes it possible for authenticated attackers, with subscriber level access and above, to reference another user's active subscription during checkout to manipulate proration calculations, allowing them to obtain paid lifetime membership plans without payment via the `ppress_process_checkout` AJAX action.
CVE-2026-3571	2 Genetechproducts, Wordpress	2 Pie Register – User Registration, Profiles & Content Restriction, Wordpress	2026-04-24	6.5 Medium
The Pie Register – User Registration, Profiles & Content Restriction plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the pie_main() function in all versions up to, and including, 3.8.4.8. This makes it possible for unauthenticated attackers to change registration form status.
CVE-2026-3831	2 Crmperks, Wordpress	2 Database For Contact Form 7, Wpforms, Elementor Forms, Wordpress	2026-04-24	4.3 Medium
The Database for Contact Form 7, WPforms, Elementor forms plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the entries_shortcode() function in all versions up to, and including, 1.4.9. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract all form submissions - including names, emails, phone numbers.
CVE-2026-1797	2 Themetechmount, Wordpress	2 Truebooker-appointment-booking, Wordpress	2026-04-24	5.3 Medium
The Appointment Booking and Scheduler Plugin – Truebooker plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.1.4 through views php files. This makes it possible for unauthenticated attackers to view potentially sensitive information contained in the exposed views php files via direct access.
CVE-2026-39505	2 Craig Hewitt, Wordpress	2 Seriously Simple Podcasting, Wordpress	2026-04-24	5.3 Medium
Missing Authorization vulnerability in Craig Hewitt Seriously Simple Podcasting seriously-simple-podcasting allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Seriously Simple Podcasting: from n/a through <= 3.14.2.
CVE-2026-39476	2 Syed Balkhi, Wordpress	2 User Feedback, Wordpress	2026-04-24	4.3 Medium
Missing Authorization vulnerability in Syed Balkhi User Feedback userfeedback-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects User Feedback: from n/a through <= 1.10.1.
CVE-2026-39485	2 Embedplus, Wordpress	2 Youtube Embed Plus, Wordpress	2026-04-24	4.3 Medium
Missing Authorization vulnerability in embedplus Youtube Embed Plus youtube-embed-plus allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Youtube Embed Plus: from n/a through <= 14.2.4.
CVE-2026-39501	2 Realmag777, Wordpress	2 Fox, Wordpress	2026-04-24	5.3 Medium
Missing Authorization vulnerability in RealMag777 FOX woocommerce-currency-switcher allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects FOX: from n/a through <= 1.4.5.
CVE-2026-39509	2 Wordpress, Wpwax	2 Wordpress, Directorist	2026-04-24	5.3 Medium
Missing Authorization vulnerability in wpWax Directorist directorist allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Directorist: from n/a through <= 8.5.10.
CVE-2026-34899	2 Eniture Technology, Wordpress	2 Ltl Freight Quotes – Worldwide Express Edition, Wordpress	2026-04-24	5.3 Medium
Missing Authorization vulnerability in Eniture technology LTL Freight Quotes – Worldwide Express Edition allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LTL Freight Quotes – Worldwide Express Edition: from n/a through 5.2.1.
CVE-2026-34903	2 Oceanwp, Wordpress	2 Ocean Extra, Wordpress	2026-04-24	5.4 Medium
Missing Authorization vulnerability in OceanWP Ocean Extra allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ocean Extra: from n/a through 2.5.3.
CVE-2026-39569	2 Aa Web Servant, Wordpress	2 12 Step Meeting List, Wordpress	2026-04-24	6.5 Medium
Missing Authorization vulnerability in AA Web Servant 12 Step Meeting List 12-step-meeting-list allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects 12 Step Meeting List: from n/a through <= 3.19.9.
CVE-2026-39528	2 Wordpress, Wpdelicious	2 Wordpress, Wp Delicious	2026-04-24	5.3 Medium
Missing Authorization vulnerability in WP Delicious WP Delicious delicious-recipes allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Delicious: from n/a through <= 1.9.5.
CVE-2026-39588	2 Nmerii, Wordpress	2 Nm Gift Registry And Wishlist Lite, Wordpress	2026-04-24	5.3 Medium
Missing Authorization vulnerability in nmerii NM Gift Registry and Wishlist Lite nm-gift-registry-and-wishlist-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects NM Gift Registry and Wishlist Lite: from n/a through <= 5.13.
CVE-2026-39562	2 Boldgrid, Wordpress	2 Client Invoicing By Sprout Invoices, Wordpress	2026-04-24	5.3 Medium
Missing Authorization vulnerability in BoldGrid Client Invoicing by Sprout Invoices sprout-invoices allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Client Invoicing by Sprout Invoices: from n/a through <= 20.8.10.

« first previous Page 62 of 393. next last »