CWE-862
Allowed-with-ReviewMissing Authorization
Abstraction: Class · Status: Incomplete
The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
14604 vulnerabilities reference this CWE, most recent first.
CVE-2026-4038 (GCVE-0-2026-4038)
Vulnerability from cvelistv5 – Published: 2026-03-20 03:37 – Updated: 2026-04-08 17:16- CWE-862 - Missing Authorization
| Vendor | Product | Version | |
|---|---|---|---|
| CodeRevolution | Aimogen Pro - All-in-One AI Content Writer, Editor, ChatBot & Automation Toolkit |
Affected:
0 , ≤ 2.7.5
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-4038",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-20T14:28:40.345871Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-20T14:28:46.187Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Aimogen Pro - All-in-One AI Content Writer, Editor, ChatBot \u0026 Automation Toolkit",
"vendor": "CodeRevolution",
"versions": [
{
"lessThanOrEqual": "2.7.5",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Hung Nguyen"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Aimogen Pro plugin for WordPress is vulnerable to Arbitrary Function Call that can lead to privilege escalation due to a missing capability check on the \u0027aiomatic_call_ai_function_realtime\u0027 function in all versions up to, and including, 2.7.5. This makes it possible for unauthenticated attackers to call arbitrary WordPress functions such as \u0027update_option\u0027 to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T17:16:49.699Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b3e45a17-cb41-41ba-ab6c-c83202f0ecfd?source=cve"
},
{
"url": "https://codecanyon.net/item/aimogen-pro-allinone-ai-content-writer-editor-chatbot-automation-toolkit/38877369"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-03-12T13:27:24.000Z",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2026-03-19T15:13:07.000Z",
"value": "Disclosed"
}
],
"title": "Aimogen Pro \u003c= 2.7.5 - Unauthenticated Privilege Escalation via Arbitrary Function Call"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2026-4038",
"datePublished": "2026-03-20T03:37:02.014Z",
"dateReserved": "2026-03-12T06:33:24.393Z",
"dateUpdated": "2026-04-08T17:16:49.699Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-4031 (GCVE-0-2026-4031)
Vulnerability from cvelistv5 – Published: 2026-05-14 12:32 – Updated: 2026-05-14 19:51- CWE-862 - Missing Authorization
| Vendor | Product | Version | |
|---|---|---|---|
| wpengine | Database Backup for WordPress |
Affected:
0 , ≤ 2.5.2
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-4031",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-14T16:02:56.309388Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-14T19:51:56.623Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Database Backup for WordPress",
"vendor": "wpengine",
"versions": [
{
"lessThanOrEqual": "2.5.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Drew Webber"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Database Backup for WordPress plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 2.5.2. This is due to the plugin not restricting access to the wp_db_temp_dir parameter, which controls where database backups are written. This makes it possible for unauthenticated attackers to send a request to wp-cron.php with a poisoned wp_db_temp_dir value pointing to a publicly accessible directory (e.g., wp-content/uploads/), and if a scheduled backup is due, intercept the backup file before it is cleaned up. The backup file has a predictable name based on the database name, table prefix, date, and Swatch Internet Time, making interception reliable. Successful exploitation leads to Sensitive Information Exposure including database credentials, user password hashes, and personally identifiable information. This vulnerability requires that the site administrator has configured scheduled backups."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-14T12:32:02.352Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/36615cae-418f-48b0-ba69-b54515cbe1d7?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/wp-db-backup/trunk/wp-db-backup.php#L121"
},
{
"url": "https://plugins.trac.wordpress.org/browser/wp-db-backup/trunk/wp-db-backup.php#L85"
},
{
"url": "https://plugins.trac.wordpress.org/browser/wp-db-backup/trunk/wp-db-backup.php#L961"
},
{
"url": "https://plugins.trac.wordpress.org/browser/wp-db-backup/trunk/wp-db-backup.php#L1568"
},
{
"url": "https://plugins.trac.wordpress.org/browser/wp-db-backup/tags/2.5.2/wp-db-backup.php#L121"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3510595/"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-05-13T00:00:00.000Z",
"value": "Disclosed"
}
],
"title": "Database Backup for WordPress \u003c= 2.5.2 - Missing Authorization to Unauthenticated Database Backup Interception"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2026-4031",
"datePublished": "2026-05-14T12:32:02.352Z",
"dateReserved": "2026-03-12T00:34:09.270Z",
"dateUpdated": "2026-05-14T19:51:56.623Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-4030 (GCVE-0-2026-4030)
Vulnerability from cvelistv5 – Published: 2026-05-14 12:32 – Updated: 2026-05-14 18:30- CWE-862 - Missing Authorization
| Vendor | Product | Version | |
|---|---|---|---|
| wpengine | Database Backup for WordPress |
Affected:
0 , ≤ 2.5.2
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-4030",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-14T18:30:06.487780Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-14T18:30:42.046Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Database Backup for WordPress",
"vendor": "wpengine",
"versions": [
{
"lessThanOrEqual": "2.5.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Drew Webber"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Database Backup for WordPress plugin for WordPress is vulnerable to unauthorized arbitrary file read and deletion in all versions up to, and including, 2.5.2. This is due to the plugin not properly enforcing the return value of its authorization check combined with a user-controlled backup directory parameter. This makes it possible for unauthenticated attackers to read and delete arbitrary files on the server, leading to Sensitive Information Exposure and potential site takeover. Note: This vulnerability is only exploitable in WordPress Multisite environments where the deprecated is_site_admin() function exists."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-14T12:32:04.381Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/3e21b550-e1c5-4e23-9999-16c837353da9?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/wp-db-backup/tags/2.5.2/wp-db-backup.php#L1623"
},
{
"url": "https://plugins.trac.wordpress.org/browser/wp-db-backup/trunk/wp-db-backup.php#L157"
},
{
"url": "https://plugins.trac.wordpress.org/browser/wp-db-backup/trunk/wp-db-backup.php#L1632"
},
{
"url": "https://plugins.trac.wordpress.org/browser/wp-db-backup/trunk/wp-db-backup.php#L121"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3510595/"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-05-13T00:00:00.000Z",
"value": "Disclosed"
}
],
"title": "Database Backup for WordPress \u003c= 2.5.2 - Missing Authorization to Unauthenticated Arbitrary File Read and Deletion"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2026-4030",
"datePublished": "2026-05-14T12:32:04.381Z",
"dateReserved": "2026-03-12T00:12:10.495Z",
"dateUpdated": "2026-05-14T18:30:42.046Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-4029 (GCVE-0-2026-4029)
Vulnerability from cvelistv5 – Published: 2026-05-14 12:32 – Updated: 2026-05-14 15:57- CWE-862 - Missing Authorization
| Vendor | Product | Version | |
|---|---|---|---|
| wpengine | Database Backup for WordPress |
Affected:
0 , ≤ 2.5.2
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-4029",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-14T15:57:46.852987Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-14T15:57:55.982Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Database Backup for WordPress",
"vendor": "wpengine",
"versions": [
{
"lessThanOrEqual": "2.5.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Drew Webber"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Database Backup for WordPress plugin for WordPress is vulnerable to unauthorized database export in all versions up to, and including, 2.5.2. This is due to the plugin not properly enforcing the return value of its authorization check. This makes it possible for unauthenticated attackers to export database tables, leading to Sensitive Information Exposure. Note: This vulnerability is only exploitable in WordPress Multisite environments where the deprecated is_site_admin() function exists."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-14T12:32:04.851Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d4a21d0d-f455-4901-a04b-13c891cf8f75?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/wp-db-backup/tags/2.5.2/wp-db-backup.php#L1623"
},
{
"url": "https://plugins.trac.wordpress.org/browser/wp-db-backup/trunk/wp-db-backup.php#L1632"
},
{
"url": "https://plugins.trac.wordpress.org/browser/wp-db-backup/trunk/wp-db-backup.php#L153"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3510595/"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-05-13T00:00:00.000Z",
"value": "Disclosed"
}
],
"title": "Database Backup for WordPress \u003c= 2.5.2 - Missing Authorization to Unauthenticated Database Export"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2026-4029",
"datePublished": "2026-05-14T12:32:04.851Z",
"dateReserved": "2026-03-12T00:07:50.008Z",
"dateUpdated": "2026-05-14T15:57:55.982Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-4024 (GCVE-0-2026-4024)
Vulnerability from cvelistv5 – Published: 2026-05-02 08:27 – Updated: 2026-05-04 14:49- CWE-862 - Missing Authorization
| Vendor | Product | Version | |
|---|---|---|---|
| wproyal | Royal Addons for Elementor – Addons and Templates Kit for Elementor |
Affected:
0 , ≤ 1.7.1056
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-4024",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-04T14:47:25.593109Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-04T14:49:17.791Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Royal Addons for Elementor \u2013 Addons and Templates Kit for Elementor",
"vendor": "wproyal",
"versions": [
{
"lessThanOrEqual": "1.7.1056",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Nguyen C"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Royal Addons for Elementor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the `wpr_update_form_action_meta` AJAX action in all versions up to, and including, 1.7.1056. The handler is registered on both `wp_ajax` and `wp_ajax_nopriv` hooks, making it accessible to unauthenticated users. Although a nonce is verified, the nonce (`wpr-addons-js`) is publicly exposed in frontend JavaScript via `WprConfig.nonce` on any page that loads Royal Addons widgets, rendering the protection ineffective. The endpoint also lacks any capability or ownership checks and directly calls `update_post_meta()` with user-controlled input on a whitelisted set of form action meta keys. This makes it possible for unauthenticated attackers to modify form action configuration metadata (email, submissions, Mailchimp, and webhook settings) on any post, potentially leading to webhook/email action tampering and data exfiltration via modified webhook URLs."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-02T08:27:04.649Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/2ecec7d7-d1b2-4ccf-ade6-1f78224968c6?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/royal-elementor-addons/trunk/classes/modules/forms/wpr-actions-status.php#L21"
},
{
"url": "https://plugins.trac.wordpress.org/browser/royal-elementor-addons/tags/1.7.1049/classes/modules/forms/wpr-actions-status.php#L21"
},
{
"url": "https://plugins.trac.wordpress.org/browser/royal-elementor-addons/trunk/classes/modules/forms/wpr-actions-status.php#L73"
},
{
"url": "https://plugins.trac.wordpress.org/browser/royal-elementor-addons/tags/1.7.1049/classes/modules/forms/wpr-actions-status.php#L73"
},
{
"url": "https://plugins.trac.wordpress.org/browser/royal-elementor-addons/trunk/plugin.php#L592"
},
{
"url": "https://plugins.trac.wordpress.org/browser/royal-elementor-addons/tags/1.7.1049/plugin.php#L592"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-03-11T20:46:34.000Z",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2026-05-01T20:11:49.000Z",
"value": "Disclosed"
}
],
"title": "Royal Addons for Elementor \u003c= 1.7.1056 - Missing Authorization to Unauthenticated Form Action Meta Modification"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2026-4024",
"datePublished": "2026-05-02T08:27:04.649Z",
"dateReserved": "2026-03-11T20:30:55.411Z",
"dateUpdated": "2026-05-04T14:49:17.791Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-4019 (GCVE-0-2026-4019)
Vulnerability from cvelistv5 – Published: 2026-04-29 08:27 – Updated: 2026-04-29 13:52- CWE-862 - Missing Authorization
| Vendor | Product | Version | |
|---|---|---|---|
| complianz | Complianz – GDPR/CCPA Cookie Consent |
Affected:
0 , ≤ 7.4.5
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-4019",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-29T13:51:10.434133Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-29T13:52:26.882Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Complianz \u2013 GDPR/CCPA Cookie Consent",
"vendor": "complianz",
"versions": [
{
"lessThanOrEqual": "7.4.5",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Wesley van de Kamp"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Complianz \u2013 GDPR/CCPA Cookie Consent plugin for WordPress is vulnerable to unauthorized data access in all versions up to, and including, 7.4.5 This is due to the REST API endpoint at /wp-json/complianz/v1/consent-area/{post_id}/{block_id} using __return_true as the permission_callback, allowing any unauthenticated user to access it. The cmplz_rest_consented_content() function retrieves a post by ID via get_post() and returns the consentedContent attribute of any complianz/consent-area block found in it, without checking if the post is published or if the user has permission to read it. This makes it possible for unauthenticated attackers to read the consent area block content from private, draft, or unpublished posts."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-29T08:27:43.231Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/3892489e-6ff7-4664-bb06-b8edff6dd659?source=cve"
},
{
"url": "https://github.com/complianz/complianz-gdpr/blob/64c09657bd028f62d7b50a54d83ca19b87df2cef/rest-api/rest-api.php#L61"
},
{
"url": "https://plugins.trac.wordpress.org/browser/complianz-gdpr/tags/7.4.4.2/rest-api/rest-api.php#L54"
},
{
"url": "https://plugins.trac.wordpress.org/browser/complianz-gdpr/tags/7.4.4.2/rest-api/rest-api.php#L61"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3508713/complianz-gdpr/trunk/rest-api/rest-api.php"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?old_path=%2Fcomplianz-gdpr/tags/7.4.5\u0026new_path=%2Fcomplianz-gdpr/tags/7.4.6"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-03-11T20:05:04.000Z",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2026-04-28T19:52:18.000Z",
"value": "Disclosed"
}
],
"title": "Complianz \u2013 GDPR/CCPA Cookie Consent \u003c= 7.4.5 - Missing Authorization to Unauthenticated Private Post Content Disclosure via Consent Area REST Endpoint"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2026-4019",
"datePublished": "2026-04-29T08:27:43.231Z",
"dateReserved": "2026-03-11T19:49:54.038Z",
"dateUpdated": "2026-04-29T13:52:26.882Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-4003 (GCVE-0-2026-4003)
Vulnerability from cvelistv5 – Published: 2026-04-08 03:36 – Updated: 2026-04-08 16:42- CWE-862 - Missing Authorization
| Vendor | Product | Version | |
|---|---|---|---|
| felixmartinez | Users manager – PN |
Affected:
0 , ≤ 1.1.15
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-4003",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-08T14:48:48.869485Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T16:14:10.743Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Users manager \u2013 PN",
"vendor": "felixmartinez",
"versions": [
{
"lessThanOrEqual": "1.1.15",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "HA GIA BAO"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Users manager \u2013 PN plugin for WordPress is vulnerable to Privilege Escalation via Arbitrary User Meta Update in all versions up to and including 1.1.15. This is due to a flawed authorization logic check in the userspn_ajax_nopriv_server() function within the \u0027userspn_form_save\u0027 case. The conditional only blocks unauthenticated users when the user_id is empty, but when a non-empty user_id is supplied, execution bypasses this check entirely and proceeds to update arbitrary user meta via update_user_meta() without any authentication or authorization verification. Additionally, the nonce required for this AJAX endpoint (\u0027userspn-nonce\u0027) is exposed to all visitors via wp_localize_script on the public wp_enqueue_scripts hook, rendering the nonce check ineffective as a security control. This makes it possible for unauthenticated attackers to update arbitrary user metadata for any user account, including the userspn_secret_token field."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T16:42:58.430Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/27bb60c1-43fa-4a18-b9ca-059535b0d5b6?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/userspn/trunk/includes/class-userspn-ajax-nopriv.php#L233"
},
{
"url": "https://plugins.trac.wordpress.org/browser/userspn/tags/1.0.31/includes/class-userspn-ajax-nopriv.php#L233"
},
{
"url": "https://plugins.trac.wordpress.org/browser/userspn/trunk/includes/class-userspn-ajax-nopriv.php#L186"
},
{
"url": "https://plugins.trac.wordpress.org/browser/userspn/tags/1.0.31/includes/class-userspn-ajax-nopriv.php#L186"
},
{
"url": "https://plugins.trac.wordpress.org/browser/userspn/trunk/includes/class-userspn-ajax-nopriv.php#L190"
},
{
"url": "https://plugins.trac.wordpress.org/browser/userspn/tags/1.0.31/includes/class-userspn-ajax-nopriv.php#L190"
},
{
"url": "https://plugins.trac.wordpress.org/browser/userspn/trunk/includes/class-userspn-common.php#L168"
},
{
"url": "https://plugins.trac.wordpress.org/browser/userspn/tags/1.0.31/includes/class-userspn-common.php#L168"
},
{
"url": "https://plugins.trac.wordpress.org/browser/userspn/trunk/includes/class-userspn-functions-user.php#L235"
},
{
"url": "https://plugins.trac.wordpress.org/browser/userspn/tags/1.0.31/includes/class-userspn-functions-user.php#L235"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=3491109%40userspn\u0026new=3491109%40userspn\u0026sfp_email=\u0026sfph_mail="
}
],
"timeline": [
{
"lang": "en",
"time": "2026-03-12T22:34:37.000Z",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2026-04-07T15:32:12.000Z",
"value": "Disclosed"
}
],
"title": "Users manager \u2013 PN \u003c= 1.1.15 - Unauthenticated Privilege Escalation via Account Takeover via \u0027userspn_form_save\u0027 AJAX Action"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2026-4003",
"datePublished": "2026-04-08T03:36:08.200Z",
"dateReserved": "2026-03-11T18:52:48.888Z",
"dateUpdated": "2026-04-08T16:42:58.430Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-3977 (GCVE-0-2026-3977)
Vulnerability from cvelistv5 – Published: 2026-03-12 03:02 – Updated: 2026-03-12 16:17 X_Open Source| URL | Tags |
|---|---|
| https://vuldb.com/?id.350412 | vdb-entry |
| https://vuldb.com/?ctiid.350412 | signaturepermissions-required |
| https://github.com/projectsend/projectsend/issues/1525 | issue-tracking |
| https://github.com/projectsend/projectsend/issues… | issue-tracking |
| https://github.com/projectsend/projectsend/commit… | patch |
| https://github.com/projectsend/projectsend/ | product |
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | projectsend |
Affected:
r1945
cpe:2.3:a:projectsend:projectsend:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-3977",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-12T13:55:16.667473Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-12T16:17:36.867Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:projectsend:projectsend:*:*:*:*:*:*:*:*"
],
"modules": [
"AJAX Endpoints"
],
"product": "projectsend",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "r1945"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "tool",
"value": "VulDB GitHub Commit Analyzer"
}
],
"descriptions": [
{
"lang": "en",
"value": "A security vulnerability has been detected in projectsend up to r1945. The affected element is an unknown function of the component AJAX Endpoints. The manipulation leads to missing authorization. The attack can be initiated remotely. The identifier of the patch is 35dfd6f08f7d517709c77ee73e57367141107e6b. To fix this issue, it is recommended to deploy a patch."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:ND/RL:OF/RC:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-12T03:02:08.383Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-350412 | projectsend AJAX Endpoints authorization",
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/?id.350412"
},
{
"name": "VDB-350412 | CTI Indicators (IOB, IOC)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.350412"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/projectsend/projectsend/issues/1525"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/projectsend/projectsend/issues/1525#issuecomment-3957109914"
},
{
"tags": [
"patch"
],
"url": "https://github.com/projectsend/projectsend/commit/35dfd6f08f7d517709c77ee73e57367141107e6b"
},
{
"tags": [
"product"
],
"url": "https://github.com/projectsend/projectsend/"
}
],
"tags": [
"x_open-source"
],
"timeline": [
{
"lang": "en",
"time": "2026-03-11T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-03-11T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-03-11T15:25:43.000Z",
"value": "VulDB entry last update"
}
],
"title": "projectsend AJAX Endpoints authorization"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-3977",
"datePublished": "2026-03-12T03:02:08.383Z",
"dateReserved": "2026-03-11T14:20:26.569Z",
"dateUpdated": "2026-03-12T16:17:36.867Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-3906 (GCVE-0-2026-3906)
Vulnerability from cvelistv5 – Published: 2026-03-11 09:25 – Updated: 2026-03-11 13:18- CWE-862 - Missing Authorization
| Vendor | Product | Version | |
|---|---|---|---|
| WordPress Foundation | WordPress |
Affected:
6.9 , ≤ 6.9.1
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-3906",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-11T13:18:15.777023Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-11T13:18:53.880Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "WordPress",
"vendor": "WordPress Foundation",
"versions": [
{
"lessThanOrEqual": "6.9.1",
"status": "affected",
"version": "6.9",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "kaminuma"
}
],
"descriptions": [
{
"lang": "en",
"value": "WordPress core is vulnerable to unauthorized access in versions 6.9 through 6.9.1. The Notes feature (block-level collaboration annotations) was introduced in WordPress 6.9 to allow editorial comments directly on posts in the block editor. However, the REST API `create_item_permissions_check()` method in the comments controller did not verify that the authenticated user has `edit_post` permission on the target post when creating a note. This makes it possible for authenticated attackers with Subscriber-level access to create notes on any post, including posts authored by other users, private posts, and posts in any status."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-11T09:25:44.130Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a69782f0-aa61-4049-8339-7f27f4b6c36b?source=cve"
},
{
"url": "https://core.trac.wordpress.org/changeset/61888"
},
{
"url": "https://core.trac.wordpress.org/browser/trunk/src/wp-includes/rest-api/endpoints/class-wp-rest-comments-controller.php#L562"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-03-10T00:00:00.000Z",
"value": "Disclosed"
}
],
"title": "WordPress 6.9 - 6.9.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Note Creation via REST API"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2026-3906",
"datePublished": "2026-03-11T09:25:44.130Z",
"dateReserved": "2026-03-10T19:52:58.673Z",
"dateUpdated": "2026-03-11T13:18:53.880Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-3897 (GCVE-0-2026-3897)
Vulnerability from cvelistv5 – Published: 2026-05-27 06:46 – Updated: 2026-05-27 10:30- CWE-862 - Missing Authorization
| Vendor | Product | Version | |
|---|---|---|---|
| livemesh | Livemesh Addons for Beaver Builder |
Affected:
0 , ≤ 3.9.2
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-3897",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-27T10:20:14.869980Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-27T10:30:09.616Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Livemesh Addons for Beaver Builder",
"vendor": "livemesh",
"versions": [
{
"lessThanOrEqual": "3.9.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Muhammad Yudha - DJ"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Livemesh Addons for Beaver Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `labb_admin_ajax` AJAX action in all versions up to, and including, 3.9.2 due to missing authorization checks and insufficient input sanitization. The AJAX handler verifies a nonce but does not check user capabilities. This makes it possible for authenticated attackers with Subscriber-level access and above to modify plugin settings and inject malicious scripts that execute when administrators access the plugin settings page or when any user visits the frontend."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-27T06:46:16.655Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/8bc41c61-1d8a-445f-bd70-3b14a40c89d4?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/addons-for-beaver-builder/tags/3.9.2/admin/admin-ajax.php#L64"
},
{
"url": "https://plugins.trac.wordpress.org/browser/addons-for-beaver-builder/tags/3.9.2/includes/helper-functions.php#L248"
},
{
"url": "https://plugins.trac.wordpress.org/browser/addons-for-beaver-builder/tags/3.9.2/admin/views/settings.php#L137"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-05-26T17:34:25.000Z",
"value": "Disclosed"
}
],
"title": "Livemesh Addons for Beaver Builder \u003c= 3.9.2 - Authenticated (Subscriber+) Stored Cross-Site Scripting via Missing Authorization"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2026-3897",
"datePublished": "2026-05-27T06:46:16.655Z",
"dateReserved": "2026-03-10T17:35:10.486Z",
"dateUpdated": "2026-05-27T10:30:09.616Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
Mitigation
- Divide the product into anonymous, normal, privileged, and administrative areas. Reduce the attack surface by carefully mapping roles with data and functionality. Use role-based access control (RBAC) [REF-229] to enforce the roles at the appropriate boundaries.
- Note that this approach may not protect against horizontal authorization, i.e., it will not protect a user from attacking others with the same role.
Mitigation
Ensure that access control checks are performed related to the business logic. These checks may be different than the access control checks that are applied to more generic resources such as files, connections, processes, memory, and database records. For example, a database may restrict access for medical records to a specific database user, but each record might only be intended to be accessible to the patient and the patient's doctor [REF-7].
Mitigation MIT-4.4
Strategy: Libraries or Frameworks
- Use a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.
- For example, consider using authorization frameworks such as the JAAS Authorization Framework [REF-233] and the OWASP ESAPI Access Control feature [REF-45].
Mitigation
- For web applications, make sure that the access control mechanism is enforced correctly at the server side on every page. Users should not be able to access any unauthorized functionality or information by simply requesting direct access to that page.
- One way to do this is to ensure that all pages containing sensitive information are not cached, and that all such pages restrict access to requests that are accompanied by an active and authenticated session token associated with a user who has the required permissions to access that page.
Mitigation
Use the access control capabilities of your operating system and server environment and define your access control lists accordingly. Use a "default deny" policy when defining these ACLs.
CAPEC-665: Exploitation of Thunderbolt Protection Flaws
An adversary leverages a firmware weakness within the Thunderbolt protocol, on a computing device to manipulate Thunderbolt controller firmware in order to exploit vulnerabilities in the implementation of authorization and verification schemes within Thunderbolt protection mechanisms. Upon gaining physical access to a target device, the adversary conducts high-level firmware manipulation of the victim Thunderbolt controller SPI (Serial Peripheral Interface) flash, through the use of a SPI Programing device and an external Thunderbolt device, typically as the target device is booting up. If successful, this allows the adversary to modify memory, subvert authentication mechanisms, spoof identities and content, and extract data and memory from the target device. Currently 7 major vulnerabilities exist within Thunderbolt protocol with 9 attack vectors as noted in the Execution Flow.