CWE-862 CVEs and Security Vulnerabilities

Filtered by CWE-862

Search

Switch to Advanced Search (Beta)

Total 7840 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2026-35179	1 Wwbn	1 Avideo	2026-04-23	5.3 Medium
WWBN AVideo is an open source video platform. In versions 26.0 and prior, the SocialMediaPublisher plugin exposes a publishInstagram.json.php endpoint that acts as an unauthenticated proxy to the Facebook/Instagram Graph API. The endpoint accepts user-controlled parameters including an access token, container ID, and Instagram account ID, and passes them directly to the Graph API via InstagramUploader::publishMediaIfIsReady(). This allows any unauthenticated user to make arbitrary Graph API calls through the server, potentially using stolen tokens or abusing the platform's own credentials.
CVE-2025-49937	1 Wordpress	1 Wordpress	2026-04-23	4.3 Medium
Missing Authorization vulnerability in Syed Balkhi Smash Balloon Social Post Feed custom-facebook-feed allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Smash Balloon Social Post Feed: from n/a through <= 4.3.2.
CVE-2025-49920	1 Wordpress	1 Wordpress	2026-04-23	5.4 Medium
Missing Authorization vulnerability in accessiBe Web Accessibility By accessiBe accessibe allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Web Accessibility By accessiBe: from n/a through <= 2.10.
CVE-2025-49916	2 Multivendorx, Wordpress	2 Multivendorx, Wordpress	2026-04-23	8.6 High
Missing Authorization vulnerability in MultiVendorX MultiVendorX dc-woocommerce-multi-vendor allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects MultiVendorX: from n/a through <= 4.2.23.
CVE-2025-49913	2 Coschedule, Wordpress	2 Coschedule, Wordpress	2026-04-23	5.3 Medium
Missing Authorization vulnerability in CoSchedule CoSchedule coschedule-by-todaymade allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CoSchedule: from n/a through <= 3.4.0.
CVE-2025-49907	1 Wordpress	1 Wordpress	2026-04-23	4.3 Medium
Missing Authorization vulnerability in RealMag777 MDTF wp-meta-data-filter-and-taxonomy-filter allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MDTF: from n/a through <= 1.3.3.9.
CVE-2025-49906	1 Wordpress	1 Wordpress	2026-04-23	5.3 Medium
Missing Authorization vulnerability in StellarWP WPComplete wpcomplete allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WPComplete: from n/a through <= 2.9.5.3.
CVE-2025-49903	2 Bdthemes, Wordpress	2 Zoloblocks, Wordpress	2026-04-23	5.3 Medium
Missing Authorization vulnerability in bdthemes ZoloBlocks zoloblocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ZoloBlocks: from n/a through <= 2.3.11.
CVE-2025-49899	2 Whydonate, Wordpress	2 Wp Whydonate, Wordpress	2026-04-23	5.3 Medium
Missing Authorization vulnerability in jjlemstra Whydonate wp-whydonate allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Whydonate: from n/a through <= 4.0.15.
CVE-2025-49888			2026-04-23	7.1 High
Missing Authorization vulnerability in pimwick PW WooCommerce On Sale! pw-woocommerce-on-sale allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PW WooCommerce On Sale!: from n/a through <= 1.39.
CVE-2025-49884	1 Wordpress	1 Wordpress	2026-04-23	6.5 Medium
Missing Authorization vulnerability in alexvtn Internal Linking of Related Contents internal-linking-of-related-contents allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Internal Linking of Related Contents: from n/a through <= 1.1.8.
CVE-2025-49880			2026-04-23	4.3 Medium
Missing Authorization vulnerability in Imran Tauqeer CubeWP Forms cubewp-forms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CubeWP Forms: from n/a through <= 1.1.5.
CVE-2025-49874	1 Tychesoftwares	1 Arconix Faq	2026-04-23	4.3 Medium
Missing Authorization vulnerability in tychesoftwares Arconix FAQ arconix-faq allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Arconix FAQ: from n/a through <= 1.9.6.
CVE-2025-49872			2026-04-23	5.3 Medium
Missing Authorization vulnerability in Saad Iqbal myCred mycred allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects myCred: from n/a through <= 2.9.4.2.
CVE-2025-49864			2026-04-23	5.3 Medium
Missing Authorization vulnerability in AFS Analytics AFS Analytics addfreestats allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects AFS Analytics: from n/a through <= 4.21.
CVE-2025-49860	2 Majesticsupport, Wordpress	2 Majestic Support, Wordpress	2026-04-23	5.3 Medium
Missing Authorization vulnerability in Majestic Support Majestic Support majestic-support.This issue affects Majestic Support: from n/a through <= 1.1.0.
CVE-2025-49857			2026-04-23	4.3 Medium
Missing Authorization vulnerability in Saad Iqbal myCred mycred allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects myCred: from n/a through <= 2.9.4.2.
CVE-2025-49441			2026-04-23	5.3 Medium
Missing Authorization vulnerability in WP Map Plugins Interactive Regional Map of Florida interactive-map-of-florida allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Interactive Regional Map of Florida: from n/a through <= 1.0.
CVE-2025-49432	1 Wordpress	1 Wordpress	2026-04-23	5.3 Medium
Missing Authorization vulnerability in FWDesign Ultimate Video Player fwduvp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ultimate Video Player: from n/a through <= 10.1.
CVE-2025-49431			2026-04-23	6.5 Medium
Missing Authorization vulnerability in Gnuget MF Plus WPML mf-plus-wpml allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MF Plus WPML: from n/a through <= 1.1.

« first previous Page 87 of 392. next last »