Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by CWE-862
Total 4661 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2025-31841 2025-04-07 N/A 6.3 MEDIUM
Missing Authorization vulnerability in Frank P. Walentynowicz FPW Category Thumbnails allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects FPW Category Thumbnails: from n/a through 1.9.5.
CVE-2025-31768 2025-04-07 N/A 6.5 MEDIUM
Missing Authorization vulnerability in OTWthemes Widget Manager Light allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Widget Manager Light: from n/a through 1.18.
CVE-2025-31739 2025-04-07 N/A 6.4 MEDIUM
Missing Authorization vulnerability in Manuel Schmalstieg Minimalistic Event Manager allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Minimalistic Event Manager: from n/a through 1.1.1.
CVE-2025-32237 2025-04-07 N/A 4.3 MEDIUM
Missing Authorization vulnerability in Stylemix MasterStudy LMS allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects MasterStudy LMS: from n/a through 3.5.23.
CVE-2025-32225 2025-04-07 N/A 5.3 MEDIUM
Missing Authorization vulnerability in WP Event Manager WP Event Manager allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP Event Manager: from n/a through 3.1.47.
CVE-2025-2075 2025-04-07 N/A 8.8 HIGH
The Uncanny Automator – Easy Automation, Integration, Webhooks & Workflow Builder Plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 6.3.0.2. This is due to add_role() and user_role() functions missing proper capability checks performed through the validate_rest_call() function. This makes it possible for unauthenticated attackers to set the role of arbitrary users to administrator granting full access to the site, though privilege escalation requires an active account on the site so this is considered an authenticated privilege escalation.
CVE-2025-31381 2025-04-07 N/A 6.5 MEDIUM
Missing Authorization vulnerability in shiptrack Booking Calendar and Notification allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Booking Calendar and Notification: from n/a through 4.0.3.
CVE-2025-32224 2025-04-07 N/A 5.4 MEDIUM
Missing Authorization vulnerability in shivammani Privyr CRM allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Privyr CRM: from n/a through 1.0.1.
CVE-2025-32252 2025-04-07 N/A 5.3 MEDIUM
Missing Authorization vulnerability in blackandwhitedigital WP Genealogy – Your Family History Website allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP Genealogy – Your Family History Website: from n/a through 0.1.9.
CVE-2025-32219 2025-04-07 N/A 5.4 MEDIUM
Missing Authorization vulnerability in Syntactics, Inc. eaSYNC allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects eaSYNC: from n/a through 1.3.19.
CVE-2025-32233 2025-04-07 N/A 4.3 MEDIUM
Missing Authorization vulnerability in WP Chill Revive.so – Bulk Rewrite and Republish Blog Posts allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Revive.so – Bulk Rewrite and Republish Blog Posts: from n/a through 2.0.3.
CVE-2025-32232 2025-04-07 N/A 4.3 MEDIUM
Missing Authorization vulnerability in ERA404 StaffList allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects StaffList: from n/a through 3.2.6.
CVE-2025-32229 2025-04-07 N/A 4.3 MEDIUM
Missing Authorization vulnerability in Bowo Variable Inspector allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Variable Inspector: from n/a through 2.6.3.
CVE-2025-32239 2025-04-07 N/A 4.3 MEDIUM
Missing Authorization vulnerability in Joao Romao Social Share Buttons & Analytics Plugin – GetSocial.io allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Social Share Buttons & Analytics Plugin – GetSocial.io: from n/a through 4.5.
CVE-2025-32256 2025-04-07 N/A 5.3 MEDIUM
Missing Authorization vulnerability in devsoftbaltic SurveyJS allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects SurveyJS: from n/a through 1.12.20.
CVE-2025-32246 2025-04-07 N/A 5.4 MEDIUM
Missing Authorization vulnerability in Tim Nguyen 1-Click Backup & Restore Database allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects 1-Click Backup & Restore Database: from n/a through 1.0.3.
CVE-2025-32258 2025-04-07 N/A 5.3 MEDIUM
Missing Authorization vulnerability in InfoGiants Simple Website Logo allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Simple Website Logo: from n/a through 1.1.
CVE-2025-32226 2025-04-07 N/A 4.3 MEDIUM
Missing Authorization vulnerability in Anzar Ahmed Display product variations dropdown on shop page allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Display product variations dropdown on shop page: from n/a through 1.1.3.
CVE-2025-22285 2025-04-07 N/A 6.5 MEDIUM
Missing Authorization vulnerability in Eniture Technology Pallet Packaging for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Pallet Packaging for WooCommerce: from n/a through 1.1.15.
CVE-2025-32254 2025-04-07 N/A 5.3 MEDIUM
Missing Authorization vulnerability in Iqonic Design WPBookit allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects WPBookit: from n/a through 1.0.1.