Security Misconfiguration - 5958 CVEs (Page 14/50)

About “Security Misconfiguration”

A curated feed of “Security Misconfiguration”-related CVEs appears below. We currently track 5958 CVEs for this tag (all time). In the last 365 days, 2192 were published. Average CVSS is 5.9 (all time; 5.8 over 365d), and 26% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-862 - Missing Authorization, CWE-284 - Improper Access Control, CWE-266 - Incorrect Privilege Assignment.

In our taxonomy this topic maps to a LOW impact class. Vendor advisories and release notes are key. Verify compatibility matrices, prefer supported long term versions, and stage rollouts with monitoring. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.

CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).

CVSS ≥ 0.0

2025-10-29

Medium

CVE-2025-64199

Missing Authorization vulnerability in WpEstate wpresidence wpresidence allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects wpresidence: from n/a through <= 5.3…

CVSS: 5.3 CWE: CWE-862 - Missing Authorization View on NVD

Medium

CVE-2025-58711

Missing Authorization vulnerability in solwin Blog Designer PRO blog-designer-pro allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Blog Designer PRO: from n/a throug…

CVSS: 5.3 CWE: CWE-862 - Missing Authorization View on NVD

Medium

CVE-2025-64296

Missing Authorization vulnerability in Facebook Facebook for WooCommerce facebook-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Facebook f…

CVSS: 5.3 CWE: CWE-862 - Missing Authorization View on NVD

2025-10-28

High

CVE-2025-41090

microCLAUDIA in v3.2.0 and prior has an improper access control vulnerability. This flaw allows an authenticated user to perform unauthorized actions on other organizations' systems by sending direc…

CVSS: 7.6 CWE: CWE-306 - Missing Authentication for Critical Function View on NVD

2025-10-27

Medium

CVE-2025-62523

PILOS (Platform for Interactive Live-Online Seminars) is a frontend for BigBlueButton. PILOS before 4.8.0 includes a Cross-Origin Resource Sharing (CORS) misconfiguration in its middleware: it reflec…

CVSS: 6.3 CWE: CWE-942 - Permissive Cross-domain Security Policy with Untrusted Domains View on NVD

Medium

CVE-2025-62980

Missing Authorization vulnerability in MDZ Persian Admnin Fonts persian-admin-fonts allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Persian Admnin Fonts: fr…

CVSS: 5.4 CWE: CWE-862 - Missing Authorization View on NVD

Medium

CVE-2025-62978

Missing Authorization vulnerability in Kiotviet KiotViet Sync kiotvietsync allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects KiotViet Sync: from n/a through <…

CVSS: 4.3 CWE: CWE-862 - Missing Authorization View on NVD

Medium

CVE-2025-62977

Missing Authorization vulnerability in 沃之涛百度站长SEO合集(支持百度/神马/Bing/头条推送) baiduseo allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects 百度站长SEO合集(支持百度/神马/Bing/头条推送): from…

CVSS: 5.3 CWE: CWE-862 - Missing Authorization View on NVD

Medium

CVE-2025-62976

Missing Authorization vulnerability in Joovii Sendle Shipping official-sendle-shipping-method allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Sendle Shipping: from…

CVSS: 5.3 CWE: CWE-862 - Missing Authorization View on NVD

Medium

CVE-2025-62973

Missing Authorization vulnerability in Themekraft BuddyForms buddyforms allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects BuddyForms: from n/a through <= 2.9.0.

CVSS: 5.3 CWE: CWE-862 - Missing Authorization View on NVD

Medium

CVE-2025-62972

Missing Authorization vulnerability in WPWebinarSystem WebinarPress wp-webinarsystem allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WebinarPress: from n/a…

CVSS: 4.3 CWE: CWE-862 - Missing Authorization View on NVD

Medium

CVE-2025-62970

Missing Authorization vulnerability in Spencer Haws Link Whisper Free link-whisper allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Link Whisper Free: from n…

CVSS: 5.3 CWE: CWE-862 - Missing Authorization View on NVD

Medium

CVE-2025-62966

Missing Authorization vulnerability in Apiki GoCache gocache-cdn allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GoCache: from n/a through <= 1.3.6.

CVSS: 5.4 CWE: CWE-862 - Missing Authorization View on NVD

Medium

CVE-2025-62965

Missing Authorization vulnerability in wpseek Admin Management Xtended admin-management-xtended allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Admin Manag…

CVSS: 5.5 CWE: CWE-862 - Missing Authorization View on NVD

Medium

CVE-2025-62964

Missing Authorization vulnerability in RealMag777 MDTF wp-meta-data-filter-and-taxonomy-filter allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MDTF: from n/…

CVSS: 5.3 CWE: CWE-862 - Missing Authorization View on NVD

Medium

CVE-2025-62954

Missing Authorization vulnerability in rsocial Revive Old Posts tweet-old-post allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Revive Old Posts: from n/a th…

CVSS: 4.3 CWE: CWE-862 - Missing Authorization View on NVD

Medium

CVE-2025-62953

Missing Authorization vulnerability in info@welcart Welcart e-Commerce usc-e-shop allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Welcart e-Commerce: from n…

CVSS: 4.3 CWE: CWE-862 - Missing Authorization View on NVD

Medium

CVE-2025-62952

Missing Authorization vulnerability in QuantumCloud ChatBot chatbot allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ChatBot: from n/a through <= 7.7.3.

CVSS: 4.3 CWE: CWE-862 - Missing Authorization View on NVD

Medium

CVE-2025-62946

Missing Authorization vulnerability in everestthemes Everest Backup everest-backup allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Everest Backup: from n/a…

CVSS: 5.3 CWE: CWE-862 - Missing Authorization View on NVD

Medium

CVE-2025-62944

Missing Authorization vulnerability in Mark O'Donnell MSTW CSV EXPORTER mstw-csv-exporter allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MSTW CSV EXPORTER:…

CVSS: 5.3 CWE: CWE-862 - Missing Authorization View on NVD

Medium

CVE-2025-62938

Missing Authorization vulnerability in Reoon Technology Reoon Email Verifier reoon-email-verifier allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Reoon Emai…

CVSS: 4.3 CWE: CWE-862 - Missing Authorization View on NVD

Medium

CVE-2025-62935

Missing Authorization vulnerability in StackWC Open Close WooCommerce Store woc-open-close allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Open Close WooCom…

CVSS: 4.3 CWE: CWE-862 - Missing Authorization View on NVD

Medium

CVE-2025-62932

Missing Authorization vulnerability in wprio Table Block by RioVizual riovizual allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Table Block by RioVizual: fr…

CVSS: 4.3 CWE: CWE-862 - Missing Authorization View on NVD

Medium

CVE-2025-62931

Missing Authorization vulnerability in microsoftstart MSN Partner Hub microsoft-start allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MSN Partner Hub: from…

CVSS: 4.3 CWE: CWE-862 - Missing Authorization View on NVD

Medium

CVE-2025-62929

Missing Authorization vulnerability in PickPlugins Testimonial Slider testimonial allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Testimonial Slider: from n…

CVSS: 6.5 CWE: CWE-862 - Missing Authorization View on NVD

Medium

CVE-2025-62928

Missing Authorization vulnerability in Joby Joseph SEO Meta Description Updater seo-meta-description-updater allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects…

CVSS: 4.3 CWE: CWE-862 - Missing Authorization View on NVD

Medium

CVE-2025-62927

Missing Authorization vulnerability in Nelio Software Nelio Content nelio-content allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Nelio Content: from n/a th…

CVSS: 6.5 CWE: CWE-862 - Missing Authorization View on NVD

Medium

CVE-2025-62925

Missing Authorization vulnerability in Conversios Conversios.io enhanced-e-commerce-for-woocommerce-store allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Co…

CVSS: 5.4 CWE: CWE-862 - Missing Authorization View on NVD

Medium

CVE-2025-62924

Missing Authorization vulnerability in PickPlugins Post Grid and Gutenberg Blocks post-grid allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Post Grid and Gu…

CVSS: 6.5 CWE: CWE-862 - Missing Authorization View on NVD

Medium

CVE-2025-62922

Missing Authorization vulnerability in Shambhu Patnaik Export Categories export-categories allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Export Categories: from n…

CVSS: 5.3 CWE: CWE-862 - Missing Authorization View on NVD

Medium

CVE-2025-62919

Missing Authorization vulnerability in themeshopy TS Demo Importer ts-demo-importer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects TS Demo Importer: from n…

CVSS: 5.4 CWE: CWE-862 - Missing Authorization View on NVD

Medium

CVE-2025-62918

Missing Authorization vulnerability in ignitionwp IgnitionDeck ignitiondeck allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects IgnitionDeck: from n/a through <…

CVSS: 5.4 CWE: CWE-862 - Missing Authorization View on NVD

Medium

CVE-2025-62916

Missing Authorization vulnerability in Travon WP Flights & Hotels Booking WP Plugin adiaha-hotel allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Flights & H…

CVSS: 5.4 CWE: CWE-862 - Missing Authorization View on NVD

Medium

CVE-2025-62915

Missing Authorization vulnerability in clicksend SMS Contact Form 7 Notifications by ClickSend clicksend-contactform7 allows Exploiting Incorrectly Configured Access Control Security Levels.This issu…

CVSS: 4.3 CWE: CWE-862 - Missing Authorization View on NVD

Medium

CVE-2025-62909

Missing Authorization vulnerability in mrityunjay Smart WeTransfer smart-wetransfer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Smart WeTransfer: from n…

CVSS: 4.3 CWE: CWE-862 - Missing Authorization View on NVD

Critical

CVE-2025-62908

Missing Authorization vulnerability in gerritvanaaken Podlove Web Player podlove-web-player allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Podlove Web Player: from…

CVSS: 9.8 CWE: CWE-862 - Missing Authorization View on NVD

Medium

CVE-2025-62906

Missing Authorization vulnerability in epiphanyit321 Referral Link Tracker referral-link-tracker allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Referral Li…

CVSS: 4.3 CWE: CWE-862 - Missing Authorization View on NVD

Medium

CVE-2025-62892

Missing Authorization vulnerability in sunshinephotocart Sunshine Photo Cart sunshine-photo-cart allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Sunshine Photo Cart…

CVSS: 5.3 CWE: CWE-862 - Missing Authorization View on NVD

Medium

CVE-2025-62889

Missing Authorization vulnerability in KingAddons.com King Addons for Elementor king-addons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects King Addons for…

CVSS: 6.5 CWE: CWE-862 - Missing Authorization View on NVD

Medium

CVE-2025-62884

Missing Authorization vulnerability in Elliot Sowersby / RelyWP Coupon Affiliates woo-coupon-usage allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Coupon Affiliates…

CVSS: 5.3 CWE: CWE-862 - Missing Authorization View on NVD

Medium

CVE-2025-62883

Missing Authorization vulnerability in Premmerce Premmerce User Roles premmerce-user-roles allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Premmerce User Ro…

CVSS: 4.3 CWE: CWE-862 - Missing Authorization View on NVD

Medium

CVE-2025-62882

Missing Authorization vulnerability in Craig Hewitt Seriously Simple Podcasting seriously-simple-podcasting allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects…

CVSS: 4.3 CWE: CWE-862 - Missing Authorization View on NVD

Medium

CVE-2025-62881

Missing Authorization vulnerability in WP Lab WP-Lister Lite for eBay wp-lister-for-ebay allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP-Lister Lite for…

CVSS: 4.3 CWE: CWE-862 - Missing Authorization View on NVD

2025-10-24

Medium

CVE-2025-36361

IBM App Connect Enterprise 13.0.1.0 through 13.0.4.2, and 12.0.1.0 through 12.0.12.17 could allow an authenticated user to perform unauthorized actions on customer defined resources due to missing au…

CVSS: 6.3 CWE: CWE-862 - Missing Authorization View on NVD

2025-10-23

High

CVE-2025-59500

Improper access control in Azure Notification Service allows an authorized attacker to elevate privileges over a network.

CVSS: 7.7 CWE: CWE-284 - Improper Access Control View on NVD

High

CVE-2025-59273

Improper access control in Azure Event Grid allows an unauthorized attacker to elevate privileges over a network.

CVSS: 7.3 CWE: CWE-284 - Improper Access Control View on NVD

2025-10-22

Medium

CVE-2025-62247

Missing Authorization in Collection Provider component in the Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q2.0 through 2025.Q2.9, 2025.Q1.0 through 2025.Q1.16, 2024.Q4.0 through 2024…

CVSS: 6.5 CWE: CWE-862 - Missing Authorization View on NVD

Medium

CVE-2025-62073

Missing Authorization vulnerability in Sovlix MeetingHub meetinghub.This issue affects MeetingHub: from n/a through <= 1.23.9.

CVSS: 4.3 CWE: CWE-862 - Missing Authorization View on NVD

Medium

CVE-2025-62072

Missing Authorization vulnerability in Rustaurius Front End Users front-end-only-users.This issue affects Front End Users: from n/a through <= 3.2.33.

CVSS: 4.3 CWE: CWE-862 - Missing Authorization View on NVD

Medium

CVE-2025-62071

Missing Authorization vulnerability in Repuso Social proof testimonials and reviews by Repuso social-testimonials-and-reviews-widget.This issue affects Social proof testimonials and reviews by Repuso…

CVSS: 4.3 CWE: CWE-862 - Missing Authorization View on NVD

Medium

CVE-2025-62070

Missing Authorization vulnerability in WPXPO WowRevenue revenue.This issue affects WowRevenue: from n/a through <= 1.2.13.

CVSS: 4.3 CWE: CWE-862 - Missing Authorization View on NVD

Medium

CVE-2025-62052

Missing Authorization vulnerability in Horea Radu One Page Express Companion one-page-express-companion.This issue affects One Page Express Companion: from n/a through <= 1.6.43.

CVSS: 4.3 CWE: CWE-862 - Missing Authorization View on NVD

Medium

CVE-2025-62048

Missing Authorization vulnerability in WPMU DEV - Your All-in-One WordPress Platform SmartCrawl smartcrawl-seo.This issue affects SmartCrawl: from n/a through <= 3.14.3.

CVSS: 5.4 CWE: CWE-862 - Missing Authorization View on NVD

Medium

CVE-2025-62027

Missing Authorization vulnerability in StellarWP Event Tickets event-tickets.This issue affects Event Tickets: from n/a through <= 5.26.3.

CVSS: 5.4 CWE: CWE-862 - Missing Authorization View on NVD

High

CVE-2025-62022

Missing Authorization vulnerability in BuddyPress BuddyPress buddypress.This issue affects BuddyPress: from n/a through <= 14.3.4.

CVSS: 7.5 CWE: CWE-862 - Missing Authorization View on NVD

Medium

CVE-2025-62021

Missing Authorization vulnerability in Made Neat Acknowledgify acknowledgify.This issue affects Acknowledgify: from n/a through <= 1.1.3.

CVSS: 4.3 CWE: CWE-862 - Missing Authorization View on NVD

Medium

CVE-2025-62019

Missing Authorization vulnerability in WPZOOM Recipe Card Blocks for Gutenberg & Elementor recipe-card-blocks-by-wpzoom.This issue affects Recipe Card Blocks for Gutenberg & Elementor: from n/a throu…

CVSS: 6.5 CWE: CWE-862 - Missing Authorization View on NVD

Medium

CVE-2025-62013

Missing Authorization vulnerability in POSIMYTH UiChemy uichemy.This issue affects UiChemy: from n/a through <= 4.0.0.

CVSS: 4.3 CWE: CWE-862 - Missing Authorization View on NVD

Medium

CVE-2025-62006

Missing Authorization vulnerability in VeronaLabs WP SMS wp-sms.This issue affects WP SMS: from n/a through <= 7.0.1.

CVSS: 5.4 CWE: CWE-862 - Missing Authorization View on NVD

Medium

CVE-2025-53424

Missing Authorization vulnerability in vanquish WooCommerce Orders & Customers Exporter woocommerce-orders-ei allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affect…

CVSS: 6.5 CWE: CWE-862 - Missing Authorization View on NVD

Medium

CVE-2025-53421

Missing Authorization vulnerability in PickPlugins Accordion accordions allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Accordion: from n/a through <= 2.3.1…

CVSS: 6.5 CWE: CWE-862 - Missing Authorization View on NVD

Medium

CVE-2025-53236

Missing Authorization vulnerability in AndonDesign UDesign Core u-design-core allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects UDesign Core: from n/a through…

CVSS: 6.3 CWE: CWE-862 - Missing Authorization View on NVD

Medium

CVE-2025-52757

Missing Authorization vulnerability in FantasticPlugins SUMO Memberships for WooCommerce sumomemberships allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SUM…

CVSS: 6.5 CWE: CWE-862 - Missing Authorization View on NVD

Medium

CVE-2025-52738

Missing Authorization vulnerability in Wikimedia Foundation Wikipedia Preview wikipedia-preview allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Wikipedia Pr…

CVSS: 6.5 CWE: CWE-862 - Missing Authorization View on NVD

Medium

CVE-2025-49961

Missing Authorization vulnerability in Breeze Team Breeze Checkout breeze-checkout allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Breeze Checkout: from n/a…

CVSS: 6.5 CWE: CWE-862 - Missing Authorization View on NVD

High

CVE-2025-49950

Missing Authorization vulnerability in billingo Official Integration for Billingo billingo allows Privilege Escalation.This issue affects Official Integration for Billingo: from n/a through <= 4.3.0.

CVSS: 7.2 CWE: CWE-862 - Missing Authorization View on NVD

Medium

CVE-2025-49949

Missing Authorization vulnerability in templazee Templazee templazee allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Templazee: from n/a through <= 1.0.2.

CVSS: 5.4 CWE: CWE-862 - Missing Authorization View on NVD

Medium

CVE-2025-49937

Missing Authorization vulnerability in Syed Balkhi Smash Balloon Social Post Feed custom-facebook-feed allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Smash…

CVSS: 4.3 CWE: CWE-862 - Missing Authorization View on NVD

High

CVE-2025-49925

Missing Authorization vulnerability in VibeThemes WPLMS wplms_plugin allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WPLMS: from n/a through <= 1.9.9.7.

CVSS: 7.5 CWE: CWE-862 - Missing Authorization View on NVD

Medium

CVE-2025-49922

Missing Authorization vulnerability in etruel WPeMatico RSS Feed Fetcher wpematico allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPeMatico RSS Feed Fetche…

CVSS: 4.3 CWE: CWE-862 - Missing Authorization View on NVD

Medium

CVE-2025-49920

Missing Authorization vulnerability in accessiBe Web Accessibility By accessiBe accessibe allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Web Accessibility…

CVSS: 5.4 CWE: CWE-862 - Missing Authorization View on NVD

High

CVE-2025-49916

Missing Authorization vulnerability in MultiVendorX MultiVendorX dc-woocommerce-multi-vendor allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects MultiVendorX: from n/a…

CVSS: 8.6 CWE: CWE-862 - Missing Authorization View on NVD

Medium

CVE-2025-49913

Missing Authorization vulnerability in CoSchedule CoSchedule coschedule-by-todaymade allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CoSchedule: from n/a th…

CVSS: 5.3 CWE: CWE-862 - Missing Authorization View on NVD

High

CVE-2025-49910

Missing Authorization vulnerability in AmentoTech Private Limited WPGuppy wpguppy-lite allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WPGuppy: from n/a through <=…

CVSS: 8.2 CWE: CWE-862 - Missing Authorization View on NVD

Medium

CVE-2025-49907

CVSS: 4.3 CWE: CWE-862 - Missing Authorization View on NVD

Medium

CVE-2025-49906

Missing Authorization vulnerability in StellarWP WPComplete wpcomplete allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WPComplete: from n/a through <= 2.9.5.3.

CVSS: 5.3 CWE: CWE-862 - Missing Authorization View on NVD

Medium

CVE-2025-49903

Missing Authorization vulnerability in bdthemes ZoloBlocks zoloblocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ZoloBlocks: from n/a through <= 2.3.11.

CVSS: 5.3 CWE: CWE-862 - Missing Authorization View on NVD

Medium

CVE-2025-49899

Missing Authorization vulnerability in jjlemstra Whydonate wp-whydonate allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Whydonate: from n/a through <= 4.0.15.

CVSS: 5.3 CWE: CWE-862 - Missing Authorization View on NVD

Medium

CVE-2025-49377

Missing Authorization vulnerability in Themefic Hydra Booking hydra-booking allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Hydra Booking: from n/a through…

CVSS: 6.3 CWE: CWE-862 - Missing Authorization View on NVD

Medium

CVE-2025-49376

Missing Authorization vulnerability in DELUCKS DELUCKS SEO delucks-seo allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects DELUCKS SEO: from n/a through <= 2.5.9.

CVSS: 5.3 CWE: CWE-862 - Missing Authorization View on NVD

Medium

CVE-2025-48096

Missing Authorization vulnerability in FRESHFACE Custom CSS custom-css-editor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Custom CSS: from n/a through <…

CVSS: 6.5 CWE: CWE-862 - Missing Authorization View on NVD

High

CVE-2025-30944

Missing Authorization vulnerability in Essekia Tablesome Table Premium tablesome-premium allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Tablesome Table Premium: fr…

CVSS: 7.5 CWE: CWE-862 - Missing Authorization View on NVD

Medium

CVE-2025-10570

The Flexible Refund and Return Order for WooCommerce plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.0.38 via the save_refund_request() function. T…

CVSS: 4.3 CWE: CWE-639 - Authorization Bypass Through User-Controlled Key View on NVD

2025-10-21

High

CVE-2025-52079

The administrator password setting of the D-Link DIR-820L 1.06B02 is has Improper Access Control and is vulnerable to Unverified Password Change via crafted POST request to /get_set.ccp.

CVSS: 8.8 CWE: CWE-284 - Improper Access Control View on NVD

Medium

CVE-2025-12031

HTTP Security Misconfiguration - Lacking Secure and HTTPOnly Attribute may allow reading the sensitive cookies from the javascript contextThis issue affects BLU-IC2: through 1.19.5; BLU-IC4: through…

CVSS: 5.3 CWE: CWE-1004 - Sensitive Cookie Without 'HttpOnly' Flag View on NVD

High

CVE-2025-9133

A missing authorization vulnerability in Zyxel ATP series firmware versions from V4.32 through V5.40, USG FLEX series firmware versions from V4.50 through V5.40, USG FLEX 50(W) series firmware versio…

CVSS: 8.1 CWE: CWE-862 - Missing Authorization View on NVD

2025-10-20

Medium

CVE-2025-48025

In Samsung Mobile Processor and Wearable Processor Exynos 980, 850, 1280, 1330, 1380, 1480, 1580, W920, W930, and W1000, there is an improper access control vulnerability related to a log file.

CVSS: 4.3 CWE: CWE-284 - Improper Access Control View on NVD

2025-10-18

Medium

CVE-2020-36854

The Async JavaScript plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.19.07.14. This is due to missing authorization checks on the aj_steps AJAX…

CVSS: 6.4 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD

2025-10-16

Medium

CVE-2025-11853

A vulnerability was determined in Sismics Teedy up to 1.11. This affects an unknown function of the file /api/file of the component API Endpoint. Executing a manipulation can lead to improper access…

CVSS: 6.3 CWE: CWE-266 - Incorrect Privilege Assignment View on NVD

Medium

CVE-2025-53092

Strapi is an open source headless content management system. Strapi versions prior to 5.20.0 contain a CORS misconfiguration vulnerability in default installations. By default, Strapi reflects the va…

CVSS: 6.5 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD

Medium

CVE-2025-9955

An improper access control vulnerability exists in WSO2 Enterprise Integrator product due to insufficient permission restrictions on internal SOAP admin services related to system logs and user-store…

CVSS: 5.7 CWE: CWE-863 - Incorrect Authorization View on NVD

Critical

CVE-2025-9804

An improper access control vulnerability exists in multiple WSO2 products due to insufficient permission enforcement in certain internal SOAP Admin Services and System REST APIs. A low-privileged use…

CVSS: 9.6 CWE: CWE-284 - Improper Access Control View on NVD

Medium

CVE-2025-0275

HCL BigFix Mobile 3.3 and earlier is affected by improper access control. Unauthorized users can access a small subset of endpoint actions, potentially allowing access to select internal functions.

CVSS: 5.3 CWE: CWE-306 - Missing Authentication for Critical Function View on NVD

Medium

CVE-2025-0274

HCL BigFix Modern Client Management (MCM) 3.3 and earlier is affected by improper access control. Unauthorized users can access a small subset of endpoint actions, potentially allowing access to sel…

CVSS: 5.3 CWE: CWE-306 - Missing Authentication for Critical Function View on NVD

2025-10-15

Medium

CVE-2025-11692

The Zip Attachments plugin for WordPress is vulnerable to unauthorized loss of data due to a missing authorization and capability checks on the download.php file in all versions up to, and including,…

CVSS: 5.3 CWE: CWE-862 - Missing Authorization View on NVD

2025-10-14

High

CVE-2025-59494

Improper access control in Azure Monitor Agent allows an authorized attacker to elevate privileges locally.

CVSS: 7.8 CWE: CWE-284 - Improper Access Control View on NVD

Medium

CVE-2025-59253

Improper access control in Microsoft Windows Search Component allows an authorized attacker to deny service locally.

CVSS: 5.5 CWE: CWE-284 - Improper Access Control View on NVD

High

CVE-2025-59230

Improper access control in Windows Remote Access Connection Manager allows an authorized attacker to elevate privileges locally.

CVSS: 7.8 CWE: CWE-284 - Improper Access Control View on NVD

High

CVE-2025-59201

Improper access control in Network Connection Status Indicator (NCSI) allows an authorized attacker to elevate privileges locally.

CVSS: 7.8 CWE: CWE-284 - Improper Access Control View on NVD

High

CVE-2025-59199

Improper access control in Software Protection Platform (SPP) allows an authorized attacker to elevate privileges locally.

CVSS: 7.8 CWE: CWE-284 - Improper Access Control View on NVD

High

CVE-2025-58726

Improper access control in Windows SMB Server allows an authorized attacker to elevate privileges over a network.

CVSS: 7.5 CWE: CWE-284 - Improper Access Control View on NVD

High

CVE-2025-58724

Improper access control in Azure Connected Machine Agent allows an authorized attacker to elevate privileges locally.

CVSS: 7.8 CWE: CWE-284 - Improper Access Control View on NVD

High

CVE-2025-58714

Improper access control in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.

CVSS: 7.8 CWE: CWE-284 - Improper Access Control View on NVD

High

CVE-2025-55694

Improper access control in Windows Error Reporting allows an authorized attacker to elevate privileges locally.

CVSS: 7.8 CWE: CWE-284 - Improper Access Control View on NVD

High

CVE-2025-55240

Improper access control in Visual Studio allows an authorized attacker to elevate privileges locally.

CVSS: 7.3 CWE: CWE-284 - Improper Access Control View on NVD

High

CVE-2025-47989

Improper access control in Azure Connected Machine Agent allows an authorized attacker to elevate privileges locally.

CVSS: 7.0 CWE: CWE-284 - Improper Access Control View on NVD

High

CVE-2025-25004

Improper access control in Microsoft PowerShell allows an authorized attacker to elevate privileges locally.

CVSS: 7.3 CWE: CWE-284 - Improper Access Control View on NVD

Medium

CVE-2025-0033

Improper access control within AMD SEV-SNP could allow an admin privileged attacker to write to the RMP during SNP initialization, potentially resulting in a loss of SEV-SNP guest memory integrity.

CVSS: 6.0 CWE: CWE-284 - Improper Access Control View on NVD

Medium

CVE-2025-10732

The SureForms – Drag and Drop Form Builder for WordPress plugin for WordPress is vulnerable to Sensitive Information Disclosure in all versions up to, and including, 1.12.1. This is due to improper a…

CVSS: 4.3 CWE: CWE-862 - Missing Authorization View on NVD

Medium

CVE-2025-42939

SAP S/4HANA (Manage Processing Rules - For Bank Statements) allows an authenticated attacker with basic privileges to delete conditions from any shared rule of any user by tampering the request param…

CVSS: 4.3 CWE: CWE-863 - Incorrect Authorization View on NVD

2025-10-13

Medium

CVE-2025-31996

HCL Unica Platform is affected by unprotected files due to improper access controls. These files may contain sensitive information such as private or system information that can be exploited by att…

CVSS: 5.3 CWE: CWE-552 - Files or Directories Accessible to External Parties View on NVD

2025-10-12

Medium

CVE-2025-11646

A vulnerability was detected in Tomofun Furbo 360 and Furbo Mini. This vulnerability affects unknown code of the component GATT Service. The manipulation results in improper access controls. The atta…

CVSS: 6.3 CWE: CWE-266 - Incorrect Privilege Assignment View on NVD

Low

CVE-2025-11641

A vulnerability was determined in Tomofun Furbo 360 and Furbo Mini. This impacts an unknown function of the component Trial Restriction Handler. This manipulation causes improper access controls. It…

CVSS: 3.9 CWE: CWE-266 - Incorrect Privilege Assignment View on NVD

2025-10-10

Medium

CVE-2025-9549

Missing Authorization vulnerability in Drupal Facets allows Forceful Browsing.This issue affects Facets: from 0.0.0 before 2.0.10, from 3.0.0 before 3.0.1.

CVSS: 6.5 CWE: CWE-862 - Missing Authorization View on NVD

Medium

CVE-2025-11581

A security vulnerability has been detected in PowerJob up to 5.1.2. This vulnerability affects unknown code of the file /openApi/runJob of the component OpenAPIController. Such manipulation leads to…

CVSS: 5.3 CWE: CWE-862 - Missing Authorization View on NVD

Medium

CVE-2025-11580

A weakness has been identified in PowerJob up to 5.1.2. This affects the function list of the file /user/list. This manipulation causes missing authorization. The attack can be initiated remotely. Th…

CVSS: 5.3 CWE: CWE-862 - Missing Authorization View on NVD

Medium

CVE-2025-8887

Authorization Bypass Through User-Controlled Key, Missing Authorization, Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Usta Information Systems Inc. Aybs Interaktif allo…

CVSS: 6.1 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD

Medium

CVE-2025-8886

Incorrect Permission Assignment for Critical Resource, Exposure of Sensitive Information to an Unauthorized Actor, Missing Authorization, Incorrect Authorization vulnerability in Usta Information Sys…

CVSS: 6.7 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD

Medium

CVE-2025-21063

Improper access control in Samsung Voice Recorder prior to version 21.5.73.12 in Android 15 and 21.5.81.40 in Android 16 allows physical attackers to access recording files on the lock screen.

CVSS: 4.6 CWE: N/A View on NVD

High

CVE-2025-21058

Improper access control in Routines prior to version 4.8.7.1 in Android 15 and 4.9.6.0 in Android 16 allows local attackers to potentially execute arbitrary code with SystemUI privilege.

CVSS: 7.3 CWE: N/A View on NVD