CVE Daily
← All tags

Tag: Security Misconfiguration

All CVEs associated with "Security Misconfiguration". Page 15/50 • 5958 CVEs.

Subscribe CVEs: RSS for “Security Misconfiguration”  ·  RSS (High+Critical only)

About “Security Misconfiguration”

A curated feed of “Security Misconfiguration”-related CVEs appears below. We currently track 5958 CVEs for this tag (all time). In the last 365 days, 2192 were published. Average CVSS is 5.9 (all time; 5.8 over 365d), and 26% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-862 - Missing Authorization, CWE-284 - Improper Access Control, CWE-266 - Incorrect Privilege Assignment.

In our taxonomy this topic maps to a LOW impact class. Vendor advisories and release notes are key. Verify compatibility matrices, prefer supported long term versions, and stage rollouts with monitoring. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.

CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).

CVSS ≥ 0.0
2025-10-10
Medium

CVE-2025-21049

Improper access control in SecSettings prior to SMR Oct-2025 Release 1 allows local attackers to access sensitive information. User interaction is required for triggering this vulnerability.

CVSS: 5.5 CWE: N/A View on NVD
Medium

CVE-2025-21047

Improper access control in KnoxGuard prior to SMR Oct-2025 Release 1 allows physical attackers to use the privileged APIs.

CVSS: 5.2 CWE: N/A View on NVD
Low

CVE-2025-21046

Improper access control in WindowManager in Samsung DeX prior to SMR Oct-2025 Release 1 allows physical attackers to temporarily access to recent app list.

CVSS: 2.4 CWE: N/A View on NVD
2025-10-09
High

CVE-2025-59968

A Missing Authorization vulnerability in the Juniper Networks Junos Space Security Director allows an unauthenticated network-based attacker to read or modify metadata via the web interface.  Tam…

CVSS: 8.6 CWE: CWE-862 - Missing Authorization View on NVD
2025-10-08
Medium

CVE-2025-36636

In Tenable Security Center versions prior to 6.7.0, an improper access control vulnerability exists where an authenticated user could access areas outside of their authorized scope.

CVSS: 4.3 CWE: CWE-284 - Improper Access Control View on NVD
Medium

CVE-2025-11440

A vulnerability was determined in JhumanJ OpnForm up to 1.9.3. Impacted is an unknown function of the file /edit. Executing manipulation can lead to improper access controls. The attack can be execut…

CVSS: 4.3 CWE: CWE-266 - Incorrect Privilege Assignment View on NVD
Medium

CVE-2025-11439

A vulnerability was found in JhumanJ OpnForm up to 1.9.3. This issue affects some unknown processing of the file /show/integrations. Performing manipulation results in missing authorization. Remote e…

CVSS: 4.3 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2025-11438

A vulnerability has been found in JhumanJ OpnForm up to 1.9.3. This vulnerability affects unknown code of the file /custom-domains of the component API Endpoint. Such manipulation leads to missing au…

CVSS: 6.3 CWE: CWE-862 - Missing Authorization View on NVD
2025-10-05
Medium

CVE-2025-11281

A vulnerability has been found in Frappe LMS 2.35.0. The affected element is an unknown function of the file /courses/ of the component Unpublished Course Handler. Such manipulation leads to improper…

CVSS: 5.0 CWE: CWE-266 - Incorrect Privilege Assignment View on NVD
2025-10-04
Medium

CVE-2025-9029

The WDesignKit – Elementor & Gutenberg Starter Templates, Patterns, Cloud Workspace & Widget Builder plugin for WordPress is vulnerable to missing authorization via the wdkit_handle_review_submission…

CVSS: 4.3 CWE: CWE-862 - Missing Authorization View on NVD
2025-10-03
High

CVE-2025-9561

The AP Background plugin for WordPress is vulnerable to arbitrary file uploads due to missing authorization and insufficient file validation within the advParallaxBackAdminSaveSlider() handler in ver…

CVSS: 8.8 CWE: CWE-434 - Unrestricted Upload of File with Dangerous Type View on NVD
Critical

CVE-2025-9286

The Appy Pie Connect for WooCommerce plugin for WordPress is vulnerable to Privilege Escalation due to missing authorization within the reset_user_password() REST handler in all versions up to, and i…

CVSS: 9.8 CWE: CWE-620 - Unverified Password Change View on NVD
2025-10-02
Medium

CVE-2025-41010

Incorrect Cross-Origin Resource Sharing (CORS) configuration in Hiberus Sintra. Cross-Origin Resource Sharing (CORS) allows browsers to make cross-domain requests in a controlled manner. This request…

CVSS: 5.1 CWE: CWE-942 - Permissive Cross-domain Security Policy with Untrusted Domains View on NVD
2025-10-01
Medium

CVE-2023-50300

IBM Transformation Extender Advanced 10.0.1 could allow a local user to perform unauthorized actions due to improper access controls.

CVSS: 5.1 CWE: CWE-284 - Improper Access Control View on NVD
2025-09-30
Medium

CVE-2025-55797

An improper access control vulnerability in FormCms v0.5.4 in the /api/schemas/history/[schemaId] endpoint allows unauthenticated attackers to access historical schema data if a valid schemaId is kno…

CVSS: 6.5 CWE: CWE-284 - Improper Access Control View on NVD
2025-09-29
Medium

CVE-2025-57197

In the Payeer Android application 2.5.0, an improper access control vulnerability exists in the authentication flow for the PIN change feature. A local attacker with root access to the device can dyn…

CVSS: 6.0 CWE: CWE-284 - Improper Access Control View on NVD
2025-09-26
Medium

CVE-2025-60166

Missing Authorization vulnerability in wpshuffle WP Subscription Forms PRO wp-subscription-forms-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Subs…

CVSS: 4.3 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2025-60165

Missing Authorization vulnerability in HaruTheme Frames frames allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Frames: from n/a through <= 1.5.7.

CVSS: 4.3 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2025-60159

Missing Authorization vulnerability in webmaniabr Nota Fiscal Eletrônica WooCommerce nota-fiscal-eletronica-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This is…

CVSS: 4.3 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2025-60155

Missing Authorization vulnerability in loopus WP Virtual Assistant VirtualAssistant allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Virtual Assistant: fr…

CVSS: 5.3 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2025-60152

Missing Authorization vulnerability in wpshuffle Subscribe To Unlock subscribe-to-unlock allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Subscribe To Unlock…

CVSS: 4.3 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2025-60148

Missing Authorization vulnerability in wpshuffle Subscribe to Download subscribe-to-download allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Subscribe to Do…

CVSS: 4.3 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2025-60143

Missing Authorization vulnerability in netgsm Netgsm netgsm allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Netgsm: from n/a through <= 2.9.69.

CVSS: 4.3 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2025-60130

Missing Authorization vulnerability in wedos.com WEDOS Global wgpwpp allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WEDOS Global: from n/a through <= 1.2.2.

CVSS: 5.3 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2025-60129

Missing Authorization vulnerability in Yext Yext yext allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Yext: from n/a through <= 1.1.3.

CVSS: 5.3 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2025-60128

Missing Authorization vulnerability in WP Delicious Delisho dr-widgets-blocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Delisho: from n/a through <= 1…

CVSS: 4.3 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2025-60127

Missing Authorization vulnerability in ArtistScope CopySafe Web Protection wp-copysafe-web allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CopySafe Web Prot…

CVSS: 5.4 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2025-60123

Missing Authorization vulnerability in HivePress HivePress Claim Listings hivepress-claim-listings allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects HivePress…

CVSS: 4.3 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2025-60122

Missing Authorization vulnerability in HivePress HivePress Claim Listings hivepress-claim-listings allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects HivePress…

CVSS: 4.3 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2025-60121

Missing Authorization vulnerability in Ex-Themes WooEvents woo-events allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WooEvents: from n/a through <= 4.1.7.

CVSS: 5.3 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2025-60120

Missing Authorization vulnerability in WPDirectoryKit WP Directory Kit wpdirectorykit allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Directory Kit: from…

CVSS: 5.3 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2025-60116

Missing Authorization vulnerability in ThemeGoods Grand Conference Theme Custom Post Type grandconference-custom-post allows Exploiting Incorrectly Configured Access Control Security Levels.This issu…

CVSS: 5.4 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2025-60106

Missing Authorization vulnerability in Roxnor EmailKit emailkit allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects EmailKit: from n/a through <= 1.6.0.

CVSS: 4.9 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2025-60103

Missing Authorization vulnerability in CridioStudio ListingPro listingpro-plugin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ListingPro: from n/a throug…

CVSS: 5.4 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2025-60098

Missing Authorization vulnerability in Jeff Farthing Theme My Login theme-my-login allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Theme My Login: from n/a…

CVSS: 6.5 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2025-60097

Missing Authorization vulnerability in CodexThemes TheGem thegem allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects TheGem: from n/a through <= 5.10.5.

CVSS: 5.4 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2025-60096

Missing Authorization vulnerability in CodexThemes TheGem (Elementor) thegem-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects TheGem (Elementor): f…

CVSS: 5.4 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2025-60094

Missing Authorization vulnerability in Benjamin Intal Stackable stackable-ultimate-gutenberg-blocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Stackabl…

CVSS: 4.3 CWE: CWE-862 - Missing Authorization View on NVD
High

CVE-2025-59011

Missing Authorization vulnerability in shinetheme Traveler traveler allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Traveler: from n/a through < 3.2.3.

CVSS: 7.5 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2025-58919

Missing Authorization vulnerability in guihom Wide Banner wide-banner allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Wide Banner: from n/a through <= 1.0.4.

CVSS: 5.3 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2025-48326

Missing Authorization vulnerability in Acclectic Media Acclectic Media Organizer acclectic-media-organizer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects A…

CVSS: 6.5 CWE: CWE-862 - Missing Authorization View on NVD
2025-09-25
High

CVE-2025-40837

Ericsson Indoor Connect 8855 contains a missing authorization vulnerability which if exploited can allow access to the system as a user with higher privileges than intended.

CVSS: 8.8 CWE: CWE-862 - Missing Authorization View on NVD
High

CVE-2025-10957

This vulnerability exists in the Syrotech SY-GPON-2010-WADONT router due to improper access control in its FTP service. A remote attacker could exploit this vulnerability by establishing an FTP conne…

CVSS: 8.7 CWE: CWE-284 - Improper Access Control View on NVD
2025-09-23
Medium

CVE-2025-7106

danny-avila/librechat is affected by an authorization bypass vulnerability due to improper access control checks. The `checkAccess` function in `api/server/middleware/roles/access.js` uses `permissio…

CVSS: 5.3 CWE: CWE-284 - Improper Access Control View on NVD
2025-09-22
Medium

CVE-2025-59591

Missing Authorization vulnerability in AdvancedCoding wpDiscuz wpdiscuz allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects wpDiscuz: from n/a through <= 7.6.33.

CVSS: 4.3 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2025-59581

Missing Authorization vulnerability in VW THEMES Ibtana ibtana-visual-editor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ibtana: from n/a through <= 1.2…

CVSS: 6.5 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2025-59576

Missing Authorization vulnerability in Stylemix MasterStudy LMS masterstudy-lms-learning-management-system allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects M…

CVSS: 6.5 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2025-59567

Missing Authorization vulnerability in Elliot Sowersby / RelyWP Coupon Affiliates woo-coupon-usage allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Coupon Af…

CVSS: 5.5 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2025-59561

Missing Authorization vulnerability in hashthemes Smart Blocks smart-blocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Smart Blocks: from n/a through <…

CVSS: 4.3 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2025-59559

Missing Authorization vulnerability in payrexx Payrexx Payment Gateway for WooCommerce woo-payrexx-gateway allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects P…

CVSS: 4.3 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2025-59551

Missing Authorization vulnerability in WP Chill Revive.so revive-so allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Revive.so: from n/a through <= 2.0.6.

CVSS: 4.3 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2025-58969

Missing Authorization vulnerability in Greg Winiarski Custom Login URL custom-login-url allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Custom Login URL: fr…

CVSS: 5.3 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2025-58968

Missing Authorization vulnerability in Christiaan Pieterse MaxiBlocks maxi-blocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MaxiBlocks: from n/a throu…

CVSS: 5.0 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2025-58957

Missing Authorization vulnerability in Vikas Ratudi VPSUForm v-form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects VPSUForm: from n/a through <= 3.2.20.

CVSS: 4.3 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2025-58685

Missing Authorization vulnerability in cecabank Cecabank WooCommerce Plugin cecabank-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Cecabank Wo…

CVSS: 5.3 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2025-58681

Missing Authorization vulnerability in Jürgen Müller Easy Quotes easy-quotes allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Quotes: from n/a through <…

CVSS: 5.3 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2025-58680

Missing Authorization vulnerability in gutentor Gutentor gutentor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Gutentor: from n/a through <= 3.5.2.

CVSS: 6.5 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2025-58679

Missing Authorization vulnerability in AppMySite AppMySite appmysite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AppMySite: from n/a through <= 3.15.0.

CVSS: 5.3 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2025-58678

Missing Authorization vulnerability in PickPlugins Accordion accordions allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Accordion: from n/a through <= 2.3.1…

CVSS: 6.5 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2025-58672

Missing Authorization vulnerability in weDevs WP User Frontend wp-user-frontend allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP User Frontend: from n/a t…

CVSS: 5.4 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2025-58668

Missing Authorization vulnerability in VibeThemes WPLMS wplms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPLMS : from n/a through <= 4.970.

CVSS: 4.3 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2025-58667

Missing Authorization vulnerability in CridioStudio ListingPro Reviews listingpro-reviews allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ListingPro Reviews…

CVSS: 5.4 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2025-58666

Missing Authorization vulnerability in Kommo Website Chat Button: Kommo integration website-chat-button-kommo-integration allows Exploiting Incorrectly Configured Access Control Security Levels.This…

CVSS: 4.3 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2025-58664

Missing Authorization vulnerability in Azizul Hasan Text To Speech TTS Accessibility text-to-audio allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Text To S…

CVSS: 4.3 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2025-58663

Missing Authorization vulnerability in Themeum Qubely qubely allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Qubely: from n/a through <= 1.8.14.

CVSS: 4.3 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2025-58660

Missing Authorization vulnerability in brandexponents Oshine Core oshine-core allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Oshine Core: from n/a through…

CVSS: 5.4 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2025-58650

Missing Authorization vulnerability in Syed Balkhi All In One SEO Pack all-in-one-seo-pack allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects All In One SEO Pa…

CVSS: 5.4 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2025-58258

Missing Authorization vulnerability in nK Lazy Blocks lazy-blocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Lazy Blocks: from n/a through <= 4.1.0.

CVSS: 4.3 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2025-58251

Missing Authorization vulnerability in POSIMYTH Sticky Header Effects for Elementor sticky-header-effects-for-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This is…

CVSS: 4.3 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2025-58247

Missing Authorization vulnerability in templateinvaders TI WooCommerce Wishlist ti-woocommerce-wishlist allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects TI W…

CVSS: 5.3 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2025-58222

Missing Authorization vulnerability in Maidul Team Manager wp-team-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Team Manager: from n/a through <=…

CVSS: 5.3 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2025-58221

Missing Authorization vulnerability in ONTRAPORT PilotPress pilotpress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PilotPress: from n/a through <= 2.0.3…

CVSS: 4.3 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2025-58029

Missing Authorization vulnerability in Sumit Singh Classic Widgets with Block-based Widgets classic-widgets-with-block-based-widgets allows Accessing Functionality Not Properly Constrained by ACLs.Th…

CVSS: 5.3 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2025-58016

Missing Authorization vulnerability in Codexpert, Inc CF7 Submissions cf7-submissions allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CF7 Submissions: from…

CVSS: 4.3 CWE: CWE-862 - Missing Authorization View on NVD
Low

CVE-2025-58009

Missing Authorization vulnerability in codepeople CP Multi View Event Calendar cp-multi-view-calendar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CP Mu…

CVSS: 3.8 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2025-58004

Missing Authorization vulnerability in SmartDataSoft DriCub dricub-driving-school allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects DriCub: from n/a through <…

CVSS: 5.3 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2025-58003

Missing Authorization vulnerability in javothemes Javo Core javo-core allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Javo Core: from n/a through <= 3.0.0.2…

CVSS: 5.3 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2025-58000

Missing Authorization vulnerability in memberful Memberful - Membership Plugin memberful-wp allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Memberful - Membership P…

CVSS: 5.3 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2025-57997

Missing Authorization vulnerability in Trustpilot Trustpilot Reviews trustpilot-reviews allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Trustpilot Reviews:…

CVSS: 4.3 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2025-57995

Missing Authorization vulnerability in Detheme DethemeKit For Elementor dethemekit-for-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects DethemeKit…

CVSS: 4.3 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2025-57991

Missing Authorization vulnerability in Clariti Clariti clariti allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Clariti: from n/a through <= 1.2.1.

CVSS: 5.4 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2025-57990

Missing Authorization vulnerability in solwininfotech Blog Designer blog-designer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Blog Designer: from n/a th…

CVSS: 5.4 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2025-57987

Missing Authorization vulnerability in ThimPress WP Events Manager wp-events-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Events Manager: from…

CVSS: 5.3 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2025-57985

Missing Authorization vulnerability in MantraBrain Ultimate Watermark ultimate-watermark allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ultimate Watermark:…

CVSS: 4.3 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2025-57976

Missing Authorization vulnerability in CardCom CardCom Payment Gateway woo-cardcom-payment-gateway allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CardCom P…

CVSS: 5.3 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2025-57975

Missing Authorization vulnerability in RadiusTheme Team tlp-team allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Team: from n/a through <= 5.0.6.

CVSS: 4.3 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2025-57972

Missing Authorization vulnerability in WPFactory Helpdesk Support Ticket System for WooCommerce support-ticket-system-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security…

CVSS: 4.3 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2025-57971

Missing Authorization vulnerability in SALESmanago SALESmanago & Leadoo salesmanago allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SALESmanago & Leadoo: fr…

CVSS: 5.3 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2025-57969

Missing Authorization vulnerability in Jeremy Saxey Hide WP Toolbar hide-wp-toolbar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Hide WP Toolbar: from n/…

CVSS: 4.3 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2025-57961

Missing Authorization vulnerability in Codexpert, Inc CoDesigner woolementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CoDesigner: from n/a through <=…

CVSS: 4.3 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2025-57958

Missing Authorization vulnerability in WPXPO WowAddons product-addons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WowAddons: from n/a through <= 1.6.3.

CVSS: 5.3 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2025-57957

Missing Authorization vulnerability in wpcraft WooMS wooms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WooMS: from n/a through <= 9.12.

CVSS: 5.3 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2025-57955

Missing Authorization vulnerability in Plugin Devs Post Carousel Slider for Elementor post-carousel-slider-for-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This i…

CVSS: 6.5 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2025-57949

Missing Authorization vulnerability in oggix Ongkoskirim.id ongkoskirim-id allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ongkoskirim.id: from n/a through…

CVSS: 5.4 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2025-57944

Missing Authorization vulnerability in Skimlinks Skimlinks Affiliate Marketing Tool skimlinks allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Skimlinks Affiliate Ma…

CVSS: 5.3 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2025-57939

Missing Authorization vulnerability in Blocksera Image Hover Effects – Elementor Addon image-hover-effects-addon-for-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.…

CVSS: 5.3 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2025-57936

Missing Authorization vulnerability in Meitar Subresource Integrity (SRI) Manager wp-sri allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Subresource Integri…

CVSS: 4.3 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2025-57921

Missing Authorization vulnerability in N-Media Frontend File Manager nmedia-user-file-uploader allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Frontend File…

CVSS: 5.3 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2025-57917

Missing Authorization vulnerability in printcart Printcart Web to Print Product Designer for WooCommerce printcart-integration allows Exploiting Incorrectly Configured Access Control Security Levels.…

CVSS: 4.3 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2025-57909

Missing Authorization vulnerability in Rouergue Création Editor Custom Color Palette editor-custom-color-palette allows Exploiting Incorrectly Configured Access Control Security Levels.This issue aff…

CVSS: 6.5 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2025-57907

Missing Authorization vulnerability in Heureka Group Heureka heureka allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Heureka: from n/a through <= 1.1.0.

CVSS: 5.3 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2025-57899

Missing Authorization vulnerability in AresIT WP Compress wp-compress-image-optimizer allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WP Compress: from n/a through…

CVSS: 5.3 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2025-53452

Missing Authorization vulnerability in Barry Event Rocket allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Event Rocket: from n/a through 3.3.

CVSS: 4.3 CWE: CWE-862 - Missing Authorization View on NVD
2025-09-18
High

CVE-2025-55912

An issue in ClipBucket 5.5.0 and prior versions allows an unauthenticated attacker can exploit the plupload endpoint in photo_uploader.php to upload arbitrary files without any authentication, due to…

CVSS: 7.3 CWE: CWE-434 - Unrestricted Upload of File with Dangerous Type View on NVD
2025-09-17
Medium

CVE-2025-10608

A vulnerability was detected in Portabilis i-Educar up to 2.10. The affected element is an unknown function of the file /enrollment-history/. Performing manipulation results in improper access contro…

CVSS: 6.3 CWE: CWE-266 - Incorrect Privilege Assignment View on NVD
2025-09-11
Medium

CVE-2025-10247

A security vulnerability has been detected in JEPaaS 7.2.8. This vulnerability affects the function doFilterInternal of the component Filter Handler. Such manipulation leads to improper access contro…

CVSS: 6.3 CWE: CWE-266 - Incorrect Privilege Assignment View on NVD
Low

CVE-2025-6088

In version 0.7.8 of danny-avila/librechat, improper authorization controls in the conversation sharing feature allow unauthorized access to other users' conversations if the conversation ID is known.…

CVSS: 3.1 CWE: CWE-285 - Improper Authorization View on NVD
2025-09-10
Medium

CVE-2025-43784

Improper Access Control vulnerability in Liferay Portal 7.4.0 through 7.4.3.124, and Liferay DXP 2024.Q2.0 through 2024.Q2.8, 2024.Q1.1 through 2024.Q1.12 and 7.4 GA through update 92 allows guest u…

CVSS: 6.5 CWE: CWE-863 - Incorrect Authorization View on NVD
Medium

CVE-2025-36756

A problem with missing authorization on SolaX Cloud platform allows taking over any SolaX solarpanel inverter of which the serial number is known.

CVSS: 5.8 CWE: CWE-306 - Missing Authentication for Critical Function View on NVD
Medium

CVE-2025-9979

The Maspik plugin for WordPress is vulnerable to Missing Authorization in version 2.5.6 and prior. This is due to missing capability checks on the Maspik_spamlog_download_csv function. This makes it…

CVSS: 4.3 CWE: CWE-862 - Missing Authorization View on NVD
2025-09-09
High

CVE-2025-49459

Missing authorization in the installer for Zoom Workplace for Windows on ARM before version 6.5.0 may allow an authenticated user to conduct an escalation of privilege via local access.

CVSS: 7.8 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2025-59005

Missing Authorization vulnerability in frenify Categorify categorify allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Categorify: from n/a through <= 1.0.7.5.

CVSS: 4.3 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2025-58981

Missing Authorization vulnerability in Equalize Digital Accessibility Checker by Equalize Digital accessibility-checker allows Exploiting Incorrectly Configured Access Control Security Levels.This is…

CVSS: 5.4 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2025-58980

Missing Authorization vulnerability in recorp Export WP Page to Static HTML/CSS export-wp-page-to-static-html allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Export…

CVSS: 5.3 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2025-58979

Missing Authorization vulnerability in BerqWP BerqWP searchpro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects BerqWP: from n/a through <= 2.2.53.

CVSS: 5.3 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2025-58978

Missing Authorization vulnerability in WP Swings PDF Generator for WordPress pdf-generator-for-wp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PDF Genera…

CVSS: 5.3 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2025-58976

Missing Authorization vulnerability in Equalize Digital Accessibility Checker by Equalize Digital accessibility-checker allows Exploiting Incorrectly Configured Access Control Security Levels.This is…

CVSS: 4.3 CWE: CWE-862 - Missing Authorization View on NVD
High

CVE-2025-54116

Improper access control in Windows MultiPoint Services allows an authorized attacker to elevate privileges locally.

CVSS: 7.3 CWE: CWE-284 - Improper Access Control View on NVD
High

CVE-2025-54098

Improper access control in Windows Hyper-V allows an authorized attacker to elevate privileges locally.

CVSS: 7.8 CWE: CWE-284 - Improper Access Control View on NVD
Medium

CVE-2025-53348

Missing Authorization vulnerability in Laborator Kalium kalium allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Kalium: from n/a through <= 3.18.3.

CVSS: 5.3 CWE: CWE-862 - Missing Authorization View on NVD