CVE Daily
← All tags

Tag: Security Misconfiguration

All CVEs associated with "Security Misconfiguration". Page 18/50 • 5958 CVEs.

Subscribe CVEs: RSS for “Security Misconfiguration”  ·  RSS (High+Critical only)

About “Security Misconfiguration”

A curated feed of “Security Misconfiguration”-related CVEs appears below. We currently track 5958 CVEs for this tag (all time). In the last 365 days, 2192 were published. Average CVSS is 5.9 (all time; 5.8 over 365d), and 26% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-862 - Missing Authorization, CWE-284 - Improper Access Control, CWE-266 - Incorrect Privilege Assignment.

In our taxonomy this topic maps to a LOW impact class. Vendor advisories and release notes are key. Verify compatibility matrices, prefer supported long term versions, and stage rollouts with monitoring. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.

CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).

CVSS ≥ 0.0
2025-07-04
Medium

CVE-2025-24757

Missing Authorization vulnerability in AndonDesign uDesign udesign.This issue affects uDesign: from n/a through <= 4.11.2.

CVSS: 5.3 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2025-24748

Missing Authorization vulnerability in ThemeFusion Avada avada.This issue affects Avada: from n/a through <= 7.11.10.

CVSS: 5.3 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2025-5956

The WP Human Resource Management plugin for WordPress is vulnerable to Arbitrary User Deletion due to a missing authorization within the ajax_delete_employee() function in versions 2.0.0 through 2.2.…

CVSS: 6.5 CWE: CWE-862 - Missing Authorization View on NVD
High

CVE-2025-5953

The WP Human Resource Management plugin for WordPress is vulnerable to Privilege Escalation due to missing authorization in the ajax_insert_employee() and update_empoyee() functions in versions 2.0.0…

CVSS: 8.8 CWE: CWE-862 - Missing Authorization View on NVD
2025-07-03
High

CVE-2025-53501

Improper Access Control vulnerability in Wikimedia Foundation Mediawiki - Scribunto Extension allows : Accessing Functionality Not Properly Constrained by Authorization.This issue affects Mediawiki -…

CVSS: 8.8 CWE: CWE-284 - Improper Access Control View on NVD
Medium

CVE-2025-3702

Missing Authorization vulnerability in Melapress Melapress File Monitor website-file-changes-monitor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Melapre…

CVSS: 5.4 CWE: CWE-862 - Missing Authorization View on NVD
2025-07-02
Medium

CVE-2025-53108

HomeBox is a home inventory and organization system. Prior to 0.20.1, HomeBox contains a missing authorization check in the API endpoints responsible for updating and deleting inventory item attachme…

CVSS: 5.3 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2025-39362

Missing Authorization vulnerability in Mollie Mollie Payments for WooCommerce mollie-payments-for-woocommerce.This issue affects Mollie Payments for WooCommerce: from n/a through <= 8.0.2.

CVSS: 6.5 CWE: CWE-862 - Missing Authorization View on NVD
2025-07-01
Medium

CVE-2025-46259

Missing Authorization vulnerability in POSIMYTH Innovation The Plus Addons for Elementor Pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects The Plus Addons…

CVSS: 5.4 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2025-27153

Escalade GLPI plugin is a ticket escalation process helper for GLPI. Prior to version 2.9.11, there is an improper access control vulnerability. This can lead to data exposure and workflow disruption…

CVSS: 6.5 CWE: CWE-284 - Improper Access Control View on NVD
2025-06-28
Critical

CVE-2025-5304

The PT Project Notebooks plugin for WordPress is vulnerable to Privilege Escalation due to missing authorization in the wpnb_pto_new_users_add() function in versions 1.0.0 through 1.1.3. This makes i…

CVSS: 9.8 CWE: CWE-862 - Missing Authorization View on NVD
2025-06-27
Medium

CVE-2025-53323

Missing Authorization vulnerability in danbriapps Pre-Publish Post Checklist pre-publish-post-checklist allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Pre-…

CVSS: 4.3 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2025-53318

Missing Authorization vulnerability in WPManiax WP DB Booster wp-db-booster allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP DB Booster: from n/a through…

CVSS: 5.4 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2025-53304

Missing Authorization vulnerability in Rohil Contact Form – 7 : Hide Success Message contact-form-7-hide-success-message allows Accessing Functionality Not Properly Constrained by ACLs.This issue aff…

CVSS: 5.3 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2025-53295

Missing Authorization vulnerability in iCount iCount Payment Gateway icount allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects iCount Payment Gateway: from n/a through…

CVSS: 5.3 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2025-53293

Missing Authorization vulnerability in Morten Dalgaard Johansen Dashboard Widget Sidebar dashboard-widget-sidebar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue af…

CVSS: 4.3 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2025-53288

Missing Authorization vulnerability in Adrian Ladó PlatiOnline Payments plationline allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PlatiOnline Payments: fr…

CVSS: 4.3 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2025-53284

Missing Authorization vulnerability in pankaj.sakaria CMS Blocks cms-blocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CMS Blocks: from n/a through <=…

CVSS: 6.5 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2025-53266

Missing Authorization vulnerability in EdwardBock Cron Logger cron-logger allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Cron Logger: from n/a through <= 1…

CVSS: 4.3 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2025-53255

Missing Authorization vulnerability in Nabil Lemsieh HurryTimer hurrytimer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects HurryTimer: from n/a through <= 2…

CVSS: 5.3 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2025-53200

Missing Authorization vulnerability in QuantumCloud ChatBot chatbot allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ChatBot: from n/a through <= 6.7.3.

CVSS: 4.3 CWE: CWE-862 - Missing Authorization View on NVD
High

CVE-2025-52824

Missing Authorization vulnerability in MDJM Mobile DJ Manager mobile-dj-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Mobile DJ Manager: from n/a…

CVSS: 8.8 CWE: CWE-862 - Missing Authorization View on NVD
High

CVE-2025-52818

Missing Authorization vulnerability in Dejan Jasnic Trusty Whistleblowing trusty-whistleblowing-solution allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tru…

CVSS: 8.2 CWE: CWE-862 - Missing Authorization View on NVD
High

CVE-2025-52817

Missing Authorization vulnerability in ZealousWeb Abandoned Contact Form 7 abandoned-contact-form-7 allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Abandone…

CVSS: 8.2 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2025-47822

Flock Safety LPR (License Plate Reader) devices with firmware through 2.2 have an on-chip debug interface with improper access control.

CVSS: 6.4 CWE: CWE-1191 - On-Chip Debug and Test Interface With Improper Access Control View on NVD
Medium

CVE-2025-47819

Flock Safety Gunshot Detection devices before 1.3 have an on-chip debug interface with improper access control.

CVSS: 6.4 CWE: CWE-1191 - On-Chip Debug and Test Interface With Improper Access Control View on NVD
2025-06-25
High

CVE-2025-6443

Mikrotik RouterOS VXLAN Source IP Improper Access Control Vulnerability. This vulnerability allows remote attackers to bypass access restrictions on affected installations of Mikrotik RouterOS. Authe…

CVSS: 7.2 CWE: CWE-284 - Improper Access Control View on NVD
2025-06-24
Medium

CVE-2025-6532

A vulnerability classified as problematic was found in NOYAFA/Xiami LF9 Pro up to 20250611. Affected by this vulnerability is an unknown functionality of the component RTSP Live Video Stream Endpoint…

CVSS: 4.3 CWE: CWE-266 - Incorrect Privilege Assignment View on NVD
Medium

CVE-2025-6531

A vulnerability was found in SIFUSM/MZZYG BD S1 up to 20250611. It has been declared as problematic. This vulnerability affects unknown code of the component RTSP Live Video Stream Endpoint. The mani…

CVSS: 4.3 CWE: CWE-266 - Incorrect Privilege Assignment View on NVD
2025-06-23
Low

CVE-2025-6527

A vulnerability, which was classified as problematic, was found in 70mai M300 up to 20250611. Affected is an unknown function of the component Web Server. The manipulation leads to improper access co…

CVSS: 3.1 CWE: CWE-266 - Incorrect Privilege Assignment View on NVD
2025-06-20
High

CVE-2025-5121

An issue has been discovered in GitLab CE/EE affecting all versions from 17.11 before 17.11.4 and 18.0 before 18.0.2. A missing authorization check may have allowed compliance frameworks to be applie…

CVSS: 8.5 CWE: CWE-862 - Missing Authorization View on NVD
High

CVE-2025-52802

Missing Authorization vulnerability in enguerranws Import YouTube videos as WP Posts import-youtube-videos-as-wp-post allows Exploiting Incorrectly Configured Access Control Security Levels.This issu…

CVSS: 7.5 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2025-50034

Missing Authorization vulnerability in Mahmudul Hasan Arif Enhanced Blocks – Page Builder Blocks for Gutenberg enhanced-blocks allows Exploiting Incorrectly Configured Access Control Security Levels.…

CVSS: 6.5 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2025-50010

Missing Authorization vulnerability in Zapier Zapier for WordPress zapier allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Zapier for WordPress: from n/a thr…

CVSS: 5.4 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2025-50009

Missing Authorization vulnerability in Climax Themes Kata Plus kata-plus allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Kata Plus: from n/a through <= 1.5.…

CVSS: 5.4 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2025-50008

Missing Authorization vulnerability in cscode WooCommerce Manager – Customize and Control Cart page, Add to Cart button, Checkout fields easily innovs-woo-manager allows Exploiting Incorrectly Config…

CVSS: 5.4 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2025-49998

Missing Authorization vulnerability in Wetail WooCommerce Fortnox Integration woocommerce-fortnox-integration allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affect…

CVSS: 5.4 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2025-49997

Missing Authorization vulnerability in Syed Balkhi Giveaways and Contests by RafflePress rafflepress allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Giveaways and C…

CVSS: 5.3 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2025-49996

Missing Authorization vulnerability in osama.esh WP Visitor Statistics (Real Time Traffic) wp-stats-manager allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WP Visit…

CVSS: 5.3 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2025-49993

Missing Authorization vulnerability in csarturas Cookie-Script.com cookie-script-com allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Cookie-Script.com: from…

CVSS: 5.3 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2025-49991

Missing Authorization vulnerability in tggfref WP-Recall allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects WP-Recall: from n/a through 16.26.14.

CVSS: 5.3 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2025-49990

Missing Authorization vulnerability in contentstudio Contentstudio contentstudio allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Contentstudio: from n/a through <=…

CVSS: 5.3 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2025-49989

Missing Authorization vulnerability in App Cheap App Builder app-builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects App Builder: from n/a through <= 5.…

CVSS: 5.3 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2025-49988

Missing Authorization vulnerability in Renzo Johnson Contact Form 7 AWeber Extension integrate-contact-form-7-and-aweber allows Exploiting Incorrectly Configured Access Control Security Levels.This i…

CVSS: 5.3 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2025-49987

Missing Authorization vulnerability in WPFactory CRM ERP Business Solution crm-erp-business-solution allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CRM ERP…

CVSS: 5.3 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2025-49986

Missing Authorization vulnerability in thanhtungtnt Video List Manager video-list-manager allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Video List Manager: from n…

CVSS: 5.3 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2025-49982

Missing Authorization vulnerability in aguilatechnologies WP Customer Area customer-area allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Customer Area: f…

CVSS: 4.3 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2025-49981

Missing Authorization vulnerability in mahabub81 User Roles and Capabilities user-roles-and-capabilities allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Use…

CVSS: 4.3 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2025-49980

Missing Authorization vulnerability in WP Event Manager WP User Profile Avatar wp-user-profile-avatar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Use…

CVSS: 4.3 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2025-49979

Missing Authorization vulnerability in slui Media Hygiene media-hygiene allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Media Hygiene: from n/a through <= 4…

CVSS: 4.3 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2025-49976

Missing Authorization vulnerability in WANotifier Notifier notifier allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Notifier: from n/a through <= 2.7.12.

CVSS: 4.3 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2025-49974

Missing Authorization vulnerability in upstreamplugin UpStream: a Project Management Plugin for WordPress upstream allows Exploiting Incorrectly Configured Access Control Security Levels.This issue a…

CVSS: 4.3 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2025-49973

Missing Authorization vulnerability in GrandPlugins Image Sizes Controller, Create Custom Image Sizes, Disable Image Sizes image-sizes-controller allows Exploiting Incorrectly Configured Access Contr…

CVSS: 4.3 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2025-49971

Missing Authorization vulnerability in aThemeArt Translations eDS Responsive Menu eds-responsive-menu allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects eDS Re…

CVSS: 4.3 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2025-49970

Missing Authorization vulnerability in sparklewpthemes Hello FSE Blog hello-fse-blog allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Hello FSE Blog: from n/…

CVSS: 4.3 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2025-49969

Missing Authorization vulnerability in Zara 4 Zara 4 Image Compression zara-4 allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Zara 4 Image Compression: from…

CVSS: 4.3 CWE: CWE-862 - Missing Authorization View on NVD
Critical

CVE-2024-53298

Dell PowerScale OneFS, versions 9.5.0.0 through 9.10.0.1, contains a missing authorization vulnerability in the NFS export. An unauthenticated attacker with remote access could potentially exploit th…

CVSS: 9.8 CWE: CWE-862 - Missing Authorization View on NVD
2025-06-18
Medium

CVE-2025-23999

Missing Authorization vulnerability in Cloudways Breeze breeze allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Breeze: from n/a through <= 2.2.13.

CVSS: 4.3 CWE: CWE-862 - Missing Authorization View on NVD
2025-06-17
Medium

CVE-2025-49880

Missing Authorization vulnerability in Imran Tauqeer CubeWP Forms cubewp-forms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CubeWP Forms: from n/a throug…

CVSS: 4.3 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2025-49874

Missing Authorization vulnerability in tychesoftwares Arconix FAQ arconix-faq allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Arconix FAQ: from n/a through…

CVSS: 4.3 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2025-49872

Missing Authorization vulnerability in Saad Iqbal myCred mycred allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects myCred: from n/a through <= 2.9.4.2.

CVSS: 5.3 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2025-49864

Missing Authorization vulnerability in AFS Analytics AFS Analytics addfreestats allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects AFS Analytics: from n/a through <= 4…

CVSS: 5.3 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2025-49857

Missing Authorization vulnerability in Saad Iqbal myCred mycred allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects myCred: from n/a through <= 2.9.4.2.

CVSS: 4.3 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2025-49234

Missing Authorization vulnerability in Deepak anand WP Dummy Content Generator wp-dummy-content-generator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP…

CVSS: 6.5 CWE: CWE-862 - Missing Authorization View on NVD
High

CVE-2025-5349

Improper access control on the NetScaler Management Interface in NetScaler ADC and NetScaler Gateway

CVSS: 8.8 CWE: CWE-1284 - Improper Validation of Specified Quantity in Input View on NVD
2025-06-13
Medium

CVE-2025-48916

Missing Authorization vulnerability in Drupal Bookable Calendar allows Forceful Browsing.This issue affects Bookable Calendar: from 0.0.0 before 2.2.13.

CVSS: 6.5 CWE: CWE-862 - Missing Authorization View on NVD
Low

CVE-2025-4227

An improper access control vulnerability in the Endpoint Traffic Policy Enforcement https://docs.paloaltonetworks.com/globalprotect/6-0/globalprotect-app-new-features/new-features-released-in-gp-app…

CVSS: 3.5 CWE: CWE-319 - Cleartext Transmission of Sensitive Information View on NVD
2025-06-12
High

CVE-2025-27689

Dell iDRAC Tools, version(s) prior to 11.3.0.0, contain(s) an Improper Access Control vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading…

CVSS: 7.8 CWE: CWE-284 - Improper Access Control View on NVD
High

CVE-2025-49184

A remote unauthorized attacker may gather sensitive information of the application, due to missing authorization of configuration settings of the product.

CVSS: 7.5 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
High

CVE-2025-49181

Due to missing authorization of an API endpoint, unauthorized users can send HTTP GET requests to gather sensitive information. An attacker could also send HTTP POST requests to modify the log files’…

CVSS: 8.6 CWE: CWE-862 - Missing Authorization View on NVD
2025-06-11
Medium

CVE-2025-48444

Missing Authorization vulnerability in Drupal Quick Node Block allows Forceful Browsing.This issue affects Quick Node Block: from 0.0.0 before 2.0.0.

CVSS: 5.3 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2025-48013

Missing Authorization vulnerability in Drupal Quick Node Block allows Forceful Browsing.This issue affects Quick Node Block: from 0.0.0 before 2.0.0.

CVSS: 5.3 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2025-1055

A vulnerability in the K7RKScan.sys driver, part of the K7 Security Anti-Malware suite, allows a local low-privilege user to send crafted IOCTL requests to terminate a wide range of processes running…

CVSS: 5.6 CWE: CWE-862 - Missing Authorization View on NVD
2025-06-10
Medium

CVE-2025-46889

Adobe Experience Manager versions 6.5.22 and earlier are affected by an Improper Access Control vulnerability that could result in privilege escalation. A low privileged attacker could leverage this…

CVSS: 5.4 CWE: CWE-284 - Improper Access Control View on NVD
High

CVE-2025-47962

Improper access control in Windows SDK allows an authorized attacker to elevate privileges locally.

CVSS: 7.8 CWE: CWE-284 - Improper Access Control View on NVD
High

CVE-2025-33073

Improper access control in Windows SMB allows an authorized attacker to elevate privileges over a network.

CVSS: 8.8 CWE: CWE-284 - Improper Access Control View on NVD
High

CVE-2025-33056

Improper access control in Microsoft Local Security Authority Server (lsasrv) allows an unauthorized attacker to deny service over a network.

CVSS: 7.5 CWE: CWE-284 - Improper Access Control View on NVD
Medium

CVE-2025-32722

Improper access control in Windows Storage Port Driver allows an authorized attacker to disclose information locally.

CVSS: 5.5 CWE: CWE-284 - Improper Access Control View on NVD
High

CVE-2025-32714

Improper access control in Windows Installer allows an authorized attacker to elevate privileges locally.

CVSS: 7.8 CWE: CWE-284 - Improper Access Control View on NVD
Medium

CVE-2025-22256

A improper handling of insufficient permissions or privileges in Fortinet FortiPAM 1.4.0 through 1.4.1, 1.3.0, 1.2.0, 1.1.0 through 1.1.2, 1.0.0 through 1.0.3, FortiSRA 1.4.0 through 1.4.1 allows att…

CVSS: 6.3 CWE: CWE-280 - Improper Handling of Insufficient Permissions or Privileges View on NVD
High

CVE-2025-43586

Adobe Commerce versions 2.4.8, 2.4.7-p5, 2.4.6-p10, 2.4.5-p12, 2.4.4-p13 and earlier are affected by an Improper Access Control vulnerability that could result in privilege escalation. A low privileg…

CVSS: 8.1 CWE: CWE-284 - Improper Access Control View on NVD
Medium

CVE-2025-27207

Adobe Commerce versions 2.4.8, 2.4.7-p5, 2.4.6-p10, 2.4.5-p12, 2.4.4-p13 and earlier are affected by an Improper Access Control vulnerability that could result in privilege escalation. A low privileg…

CVSS: 6.5 CWE: CWE-284 - Improper Access Control View on NVD
Medium

CVE-2025-27206

Adobe Commerce versions 2.4.8, 2.4.7-p5, 2.4.6-p10, 2.4.5-p12, 2.4.4-p13 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attack…

CVSS: 5.3 CWE: CWE-284 - Improper Access Control View on NVD
Medium

CVE-2025-49509

Missing Authorization vulnerability in Roland Beaussant Audio Editor & Recorder audio-editor-recorder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Audio…

CVSS: 5.3 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2025-42993

Due to a missing authorization check vulnerability in SAP S/4HANA (Enterprise Event Enablement), an attacker with access to the Inbound Binding Configuration could create an RFC destination and assig…

CVSS: 6.7 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2025-42987

SAP Manage Processing Rules (For Bank Statement) allows an attacker with basic privileges to edit shared rules of any user by tampering the request parameter. Due to missing authorization check, the…

CVSS: 4.3 CWE: CWE-862 - Missing Authorization View on NVD
2025-06-09
High

CVE-2025-49651

Missing Authorization in Lablup's BackendAI allows attackers to takeover all active sessions; Accessing, stealing, or altering any data accessible in the session. This vulnerability exists in all cur…

CVSS: 8.1 CWE: CWE-862 - Missing Authorization View on NVD
High

CVE-2025-49265

Missing Authorization vulnerability in WP Swings Membership For WooCommerce membership-for-woocommerce allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Membership Fo…

CVSS: 7.5 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2025-48147

Missing Authorization vulnerability in Crypto Cloud CryptoCloud - Crypto Payment Gateway cryptocloud-crypto-payment-gateway allows Exploiting Incorrectly Configured Access Control Security Levels.Thi…

CVSS: 6.5 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2025-48139

Missing Authorization vulnerability in relentlo StyleAI relentlosoftware allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects StyleAI: from n/a through <= 1.0.4.

CVSS: 6.5 CWE: CWE-862 - Missing Authorization View on NVD
High

CVE-2025-47527

Missing Authorization vulnerability in Icegram Icegram Collect icegram-rainmaker allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Icegram Collect: from n/a t…

CVSS: 7.1 CWE: CWE-862 - Missing Authorization View on NVD
High

CVE-2025-47463

Missing Authorization vulnerability in Fahad Mahmood Stock Locations for WooCommerce stock-locations-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue…

CVSS: 7.1 CWE: CWE-862 - Missing Authorization View on NVD
High

CVE-2025-32308

Missing Authorization vulnerability in looks_awesome Team Builder a-team-showcase allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Team Builder: from n/a thr…

CVSS: 7.6 CWE: CWE-862 - Missing Authorization View on NVD
High

CVE-2025-5894

Smart Parking Management System from Honding Technology has a Missing Authorization vulnerability, allowing remote attackers with regular privileges to access a specific functionality to create admin…

CVSS: 8.8 CWE: CWE-862 - Missing Authorization View on NVD
2025-06-07
High

CVE-2025-47601

Missing Authorization vulnerability in Christiaan Pieterse MaxiBlocks maxi-blocks allows Privilege Escalation.This issue affects MaxiBlocks: from n/a through <= 2.1.0.

CVSS: 8.8 CWE: CWE-862 - Missing Authorization View on NVD
2025-06-06
Medium

CVE-2025-49441

Missing Authorization vulnerability in WP Map Plugins Interactive Regional Map of Florida interactive-map-of-florida allows Exploiting Incorrectly Configured Access Control Security Levels.This issue…

CVSS: 5.3 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2025-49324

Missing Authorization vulnerability in PickPlugins Job Board Manager job-board-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Job Board Manager: fr…

CVSS: 5.3 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2025-49320

Missing Authorization vulnerability in fraudlabspro FraudLabs Pro for WooCommerce fraudlabs-pro-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affe…

CVSS: 5.3 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2025-49293

Missing Authorization vulnerability in CodeRevolution Crawlomatic Multisite Scraper Post Generator crawlomatic-multipage-scraper-post-generator allows Exploiting Incorrectly Configured Access Control…

CVSS: 4.3 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2025-49289

Missing Authorization vulnerability in add-ons.org PDF for WPForms pdf-for-wpforms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PDF for WPForms: from n/a…

CVSS: 5.0 CWE: CWE-862 - Missing Authorization View on NVD
High

CVE-2025-49288

Missing Authorization vulnerability in Rustaurius Ultimate WP Mail ultimate-wp-mail allows Authentication Bypass.This issue affects Ultimate WP Mail: from n/a through <= 1.3.5.

CVSS: 8.8 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2025-49287

Missing Authorization vulnerability in WebToffee Product Feed for WooCommerce webtoffee-product-feed allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Product…

CVSS: 4.3 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2025-49272

Missing Authorization vulnerability in sergiotrinity Trinity Audio trinity-audio allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Trinity Audio: from n/a thr…

CVSS: 4.3 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2025-49270

Missing Authorization vulnerability in Mario Peshev WP-CRM System wp-crm-system allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WP-CRM System: from n/a through <= 3…

CVSS: 5.3 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2025-49268

Missing Authorization vulnerability in Soft8Soft LLC Verge3D verge3d allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Verge3D: from n/a through <= 4.9.4.

CVSS: 5.3 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2025-49248

Missing Authorization vulnerability in cmoreira Team Showcase team-showcase-cm allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Team Showcase: from n/a throu…

CVSS: 4.3 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2025-49246

Missing Authorization vulnerability in cmoreira Testimonials Showcase testimonials-showcase allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Testimonials Sho…

CVSS: 4.3 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2025-49241

Missing Authorization vulnerability in bobbingwide oik oik allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects oik: from n/a through <= 4.15.1.

CVSS: 5.3 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2025-49240

Missing Authorization vulnerability in nK DocsPress docspress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects DocsPress: from n/a through <= 2.5.2.

CVSS: 4.3 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2025-49236

Missing Authorization vulnerability in raychat Raychat raychat allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Raychat: from n/a through <= 2.1.0.

CVSS: 5.3 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2025-31000

Missing Authorization vulnerability in Miguel Fuentes Payment QR WooCommerce payment-qr-woo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Payment QR WooCo…

CVSS: 5.3 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2025-30990

Missing Authorization vulnerability in ThemeHunk ThemeHunk themehunk-megamenu-plus allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ThemeHunk: from n/a throu…

CVSS: 4.3 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2025-30978

Missing Authorization vulnerability in Dor Zuberi Slack Notifications by dorzki dorzki-notifications-to-slack allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affect…

CVSS: 4.3 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2025-30974

Missing Authorization vulnerability in Akhtarujjaman Shuvo Post Grid Master ajax-filter-posts allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Post Grid Mast…

CVSS: 4.3 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2025-30958

Missing Authorization vulnerability in onOffice GmbH onOffice for WP-Websites onoffice-for-wp-websites allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects onOff…

CVSS: 5.4 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2025-30957

Missing Authorization vulnerability in BuddyDev Activity Plus Reloaded for BuddyPress bp-activity-plus-reloaded allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affe…

CVSS: 5.4 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2025-30945

Missing Authorization vulnerability in taskbuilder Taskbuilder taskbuilder allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Taskbuilder: from n/a through <= 4.0.7.

CVSS: 5.3 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2025-30934

Missing Authorization vulnerability in OLIVESYSTEM 診断ジェネレータ作成プラグイン os-diagnosis-generator allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects 診断ジェネレータ作成プラグイン: from n/a…

CVSS: 5.3 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2025-30932

Missing Authorization vulnerability in WP Compress WP Compress for MainWP wp-compress-mainwp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Compress for…

CVSS: 5.4 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2025-30927

Missing Authorization vulnerability in Wordapp Team Wordapp wordapp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Wordapp: from n/a through <= 1.7.0.

CVSS: 4.3 CWE: CWE-862 - Missing Authorization View on NVD