CWE-862
Allowed-with-ReviewMissing Authorization
Abstraction: Class · Status: Incomplete
The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
14573 vulnerabilities reference this CWE, most recent first.
CVE-2026-4484 (GCVE-0-2026-4484)
Vulnerability from cvelistv5 – Published: 2026-03-26 01:25 – Updated: 2026-04-08 16:42- CWE-862 - Missing Authorization
| Vendor | Product | Version | |
|---|---|---|---|
| masteriyo | Masteriyo LMS – Online Course Builder for eLearning, LMS & Education |
Affected:
0 , ≤ 2.1.6
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-4484",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-26T17:36:49.719811Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-26T17:51:16.520Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Masteriyo LMS \u2013 Online Course Builder for eLearning, LMS \u0026 Education",
"vendor": "masteriyo",
"versions": [
{
"lessThanOrEqual": "2.1.6",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Hunter Jensen"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Masteriyo LMS plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 2.1.6. This is due to the plugin allowing a user to update the user role through the \u0027InstructorsController::prepare_object_for_database\u0027 function. This makes it possible for authenticated attackers, with Student-level access and above, to elevate their privileges to that of an administrator."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T16:42:43.176Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/265be0af-66a4-4636-ab81-f8e2c5a1282e?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/learning-management-system/tags/2.1.6/includes/RestApi/Controllers/Version1/InstructorsController.php#L305"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3490792/learning-management-system/trunk/includes/RestApi/Controllers/Version1/InstructorsController.php"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-03-20T15:14:38.000Z",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2026-03-25T12:44:04.000Z",
"value": "Disclosed"
}
],
"title": "Masteriyo LMS \u003c= 2.1.6 - Missing Authorization to Authenticated (Student+) Privilege Escalation to Administrator"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2026-4484",
"datePublished": "2026-03-26T01:25:33.967Z",
"dateReserved": "2026-03-20T07:04:46.566Z",
"dateUpdated": "2026-04-08T16:42:43.176Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-4365 (GCVE-0-2026-4365)
Vulnerability from cvelistv5 – Published: 2026-04-14 01:24 – Updated: 2026-04-14 13:48- CWE-862 - Missing Authorization
| Vendor | Product | Version | |
|---|---|---|---|
| thimpress | LearnPress – WordPress LMS Plugin for Create and Sell Online Courses |
Affected:
0 , ≤ 4.3.2.8
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-4365",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-14T13:47:01.056961Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-14T13:48:54.581Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "LearnPress \u2013 WordPress LMS Plugin for Create and Sell Online Courses",
"vendor": "thimpress",
"versions": [
{
"lessThanOrEqual": "4.3.2.8",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Supakiad S."
}
],
"descriptions": [
{
"lang": "en",
"value": "The LearnPress plugin for WordPress is vulnerable to unauthorized data deletion due to a missing capability check on the `delete_question_answer()` function in all versions up to, and including, 4.3.2.8. The plugin exposes a `wp_rest` nonce in public frontend HTML (`lpData`) to unauthenticated visitors, and uses that nonce as the only security gate for the `lp-load-ajax` AJAX dispatcher. The `delete_question_answer` action has no capability or ownership check. This makes it possible for unauthenticated attackers to delete any quiz answer option by sending a crafted POST request with a publicly available nonce."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-14T01:24:59.735Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/021bd566-1663-46ba-a616-ab554b691cbb?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/learnpress/trunk/inc/Ajax/EditQuestionAjax.php#L285"
},
{
"url": "https://plugins.trac.wordpress.org/browser/learnpress/trunk/inc/Ajax/AbstractAjax.php#L33"
},
{
"url": "https://plugins.trac.wordpress.org/browser/learnpress/trunk/inc/class-lp-assets.php#L177"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-03-17T21:00:54.000Z",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2026-04-13T12:59:29.000Z",
"value": "Disclosed"
}
],
"title": "LearnPress \u003c= 4.3.2.8 - Missing Authorization to Unauthenticated Arbitrary Quiz Answer Deletion"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2026-4365",
"datePublished": "2026-04-14T01:24:59.735Z",
"dateReserved": "2026-03-17T20:45:25.774Z",
"dateUpdated": "2026-04-14T13:48:54.581Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-4362 (GCVE-0-2026-4362)
Vulnerability from cvelistv5 – Published: 2026-05-05 04:27 – Updated: 2026-05-05 15:10- CWE-862 - Missing Authorization
| Vendor | Product | Version | |
|---|---|---|---|
| roxnor | ElementsKit Elementor Addons – Advanced Widgets & Templates Addons for Elementor |
Affected:
0 , ≤ 3.8.2
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-4362",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-05T15:09:46.346182Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-05T15:10:20.480Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ElementsKit Elementor Addons \u2013 Advanced Widgets \u0026 Templates Addons for Elementor",
"vendor": "roxnor",
"versions": [
{
"lessThanOrEqual": "3.8.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Jack Pas"
}
],
"descriptions": [
{
"lang": "en",
"value": "The ElementsKit Elementor Addons plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the `Live_Action::reset()` function in all versions up to, and including, 3.8.2 The function is hooked to the WordPress `init` action and triggers when both `post` and `action=elementor` GET parameters are present, with no authentication or nonce verification. This makes it possible for unauthenticated attackers to overwrite the Elementor content (`_elementor_data`) of any `elementskit_widget` custom post type by visiting a specially crafted URL. The widget\u0027s custom designs, text, and configurations are permanently replaced with a blank template."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-05T04:27:56.288Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/7740fdfb-65b2-4d27-935f-b0e73487f0c4?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/elementskit-lite/tags/3.8.0/modules/widget-builder/live-action.php#L27"
},
{
"url": "https://plugins.trac.wordpress.org/browser/elementskit-lite/tags/3.8.0/modules/widget-builder/live-action.php#L10"
},
{
"url": "https://plugins.trac.wordpress.org/browser/elementskit-lite/tags/3.8.0/modules/widget-builder/init.php#L37"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3499543/elementskit-lite/trunk/modules/widget-builder/live-action.php"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?old_path=%2Felementskit-lite/tags/3.8.2\u0026new_path=%2Felementskit-lite/tags/3.9.0"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-03-17T20:33:02.000Z",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2026-05-04T16:06:48.000Z",
"value": "Disclosed"
}
],
"title": "ElementsKit Elementor Addons \u003c= 3.8.2 - Missing Authorization to Unauthenticated Widget Content Overwrite"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2026-4362",
"datePublished": "2026-05-05T04:27:56.288Z",
"dateReserved": "2026-03-17T20:15:55.299Z",
"dateUpdated": "2026-05-05T15:10:20.480Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-4331 (GCVE-0-2026-4331)
Vulnerability from cvelistv5 – Published: 2026-03-26 03:37 – Updated: 2026-04-08 17:02- CWE-862 - Missing Authorization
| Vendor | Product | Version | |
|---|---|---|---|
| pr-gateway | Blog2Social: Social Media Auto Post & Scheduler |
Affected:
0 , ≤ 8.8.2
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-4331",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-26T13:58:57.835307Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-26T13:59:06.700Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Blog2Social: Social Media Auto Post \u0026 Scheduler",
"vendor": "pr-gateway",
"versions": [
{
"lessThanOrEqual": "8.8.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Mariusz Maik"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Blog2Social: Social Media Auto Post \u0026 Scheduler plugin for WordPress is vulnerable to unauthorized data loss in all versions up to, and including, 8.8.2. This is due to the resetSocialMetaTags() function only verifying that the user has the \u0027read\u0027 capability and a valid b2s_security_nonce, both of which are available to Subscriber-level users, as the plugin grants \u0027blog2social_access\u0027 capability to all roles upon activation, allowing them to access the plugin\u0027s admin pages where the nonce is output. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete all _b2s_post_meta records from the wp_postmeta table, permanently removing all custom social media meta tags for every post on the site."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T17:02:57.800Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/7dc46bc4-ecfb-438f-b951-7b957489cd96?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/blog2social/trunk/includes/Ajax/Post.php#L1290"
},
{
"url": "https://plugins.trac.wordpress.org/browser/blog2social/tags/8.8.2/includes/Ajax/Post.php#L1290"
},
{
"url": "https://plugins.trac.wordpress.org/browser/blog2social/trunk/includes/Ajax/Post.php#L1281"
},
{
"url": "https://plugins.trac.wordpress.org/browser/blog2social/tags/8.8.2/includes/Ajax/Post.php#L1281"
},
{
"url": "https://plugins.trac.wordpress.org/browser/blog2social/trunk/includes/Ajax/Post.php#L37"
},
{
"url": "https://plugins.trac.wordpress.org/browser/blog2social/tags/8.8.2/includes/Ajax/Post.php#L37"
},
{
"url": "https://plugins.trac.wordpress.org/browser/blog2social/trunk/includes/Loader.php#L2202"
},
{
"url": "https://plugins.trac.wordpress.org/browser/blog2social/tags/8.8.2/includes/Loader.php#L2202"
},
{
"url": "https://plugins.trac.wordpress.org/browser/blog2social/tags/8.8.3/includes/Ajax/Post.php#L1301"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-03-17T14:08:09.000Z",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2026-03-25T14:26:40.000Z",
"value": "Disclosed"
}
],
"title": "Blog2Social: Social Media Auto Post \u0026 Scheduler \u003c= 8.8.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Meta Deletion via \u0027b2s_reset_social_meta_tags\u0027 AJAX Action"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2026-4331",
"datePublished": "2026-03-26T03:37:27.541Z",
"dateReserved": "2026-03-17T13:53:00.541Z",
"dateUpdated": "2026-04-08T17:02:57.800Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-4326 (GCVE-0-2026-4326)
Vulnerability from cvelistv5 – Published: 2026-04-09 01:25 – Updated: 2026-04-09 13:50- CWE-862 - Missing Authorization
| Vendor | Product | Version | |
|---|---|---|---|
| webilia | Vertex Addons for Elementor |
Affected:
0 , ≤ 1.6.4
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-4326",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-09T13:50:00.630747Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-09T13:50:45.630Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Vertex Addons for Elementor",
"vendor": "webilia",
"versions": [
{
"lessThanOrEqual": "1.6.4",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Athiwat Tiprasaharn"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Vertex Addons for Elementor plugin for WordPress is vulnerable to Missing Authorization in all versions up to and including 1.6.4. This is due to improper authorization enforcement in the activate_required_plugins() function. Specifically, the current_user_can(\u0027install_plugins\u0027) capability check does not terminate execution when it fails \u2014 it only sets an error message variable while allowing the plugin installation and activation code to execute. The error response is only sent after the installation and activation have already completed. This makes it possible for authenticated attackers, with Subscriber-level access and above, to install and activate arbitrary plugins from the WordPress."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-09T01:25:55.660Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/1bb409f0-ccbd-4dfa-b097-b29ee539daa3?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/addons-for-elementor-builder/trunk/app/Ajax.php#L264"
},
{
"url": "https://plugins.trac.wordpress.org/browser/addons-for-elementor-builder/tags/1.6.4/app/Ajax.php#L264"
},
{
"url": "https://plugins.trac.wordpress.org/browser/addons-for-elementor-builder/trunk/app/Ajax.php#L278"
},
{
"url": "https://plugins.trac.wordpress.org/browser/addons-for-elementor-builder/tags/1.6.4/app/Ajax.php#L278"
},
{
"url": "https://plugins.trac.wordpress.org/browser/addons-for-elementor-builder/trunk/app/Ajax.php#L229"
},
{
"url": "https://plugins.trac.wordpress.org/browser/addons-for-elementor-builder/tags/1.6.4/app/Ajax.php#L229"
},
{
"url": "https://plugins.trac.wordpress.org/browser/addons-for-elementor-builder/trunk/app/Ajax.php#L232"
},
{
"url": "https://plugins.trac.wordpress.org/browser/addons-for-elementor-builder/tags/1.6.4/app/Ajax.php#L232"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=3491143%40addons-for-elementor-builder\u0026new=3491143%40addons-for-elementor-builder\u0026sfp_email=\u0026sfph_mail="
}
],
"timeline": [
{
"lang": "en",
"time": "2026-03-23T23:52:28.000Z",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2026-04-08T00:00:00.000Z",
"value": "Disclosed"
}
],
"title": "Vertex Addons for Elementor \u003c= 1.6.4 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Installation and Activation via \u0027afeb_activate_required_plugins\u0027"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2026-4326",
"datePublished": "2026-04-09T01:25:55.660Z",
"dateReserved": "2026-03-17T13:09:41.727Z",
"dateUpdated": "2026-04-09T13:50:45.630Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-4309 (GCVE-0-2026-4309)
Vulnerability from cvelistv5 – Published: 2026-03-27 11:46 – Updated: 2026-04-10 04:10- CWE-862 - Missing Authorization
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-4309",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-27T12:00:30.434329Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-27T12:15:32.249Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Aterm W1200EX(-MS)",
"vendor": "NEC Platforms, Ltd.",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "Aterm WG1200HP2",
"vendor": "NEC Platforms, Ltd.",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "Aterm WG1900HP",
"vendor": "NEC Platforms, Ltd.",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "Aterm WG1200HS2",
"vendor": "NEC Platforms, Ltd.",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "Aterm WG1800HP3",
"vendor": "NEC Platforms, Ltd.",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "Aterm WG1200HP3",
"vendor": "NEC Platforms, Ltd.",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "Aterm WG1900HP2",
"vendor": "NEC Platforms, Ltd.",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "Aterm WG1200HS3",
"vendor": "NEC Platforms, Ltd.",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "Aterm WG1800HP4",
"vendor": "NEC Platforms, Ltd.",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "Aterm WG1200HP4",
"vendor": "NEC Platforms, Ltd.",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "Aterm WG1200HS4",
"vendor": "NEC Platforms, Ltd.",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "Aterm WX1500HP",
"vendor": "NEC Platforms, Ltd.",
"versions": [
{
"status": "affected",
"version": "Before Ver. 1.4.2"
}
]
},
{
"defaultStatus": "unknown",
"product": "Aterm WG2600HS",
"vendor": "NEC Platforms, Ltd.",
"versions": [
{
"status": "affected",
"version": "Before Ver. 1.7.2"
}
]
},
{
"defaultStatus": "unknown",
"product": "Aterm WF1200CR",
"vendor": "NEC Platforms, Ltd.",
"versions": [
{
"status": "affected",
"version": "Before Ver. 1.6.0"
}
]
},
{
"defaultStatus": "unknown",
"product": "Aterm WG1200CR",
"vendor": "NEC Platforms, Ltd.",
"versions": [
{
"status": "affected",
"version": "Before Ver. 1.5.0"
}
]
},
{
"defaultStatus": "unknown",
"product": "Aterm WG2600HP4",
"vendor": "NEC Platforms, Ltd.",
"versions": [
{
"status": "affected",
"version": "Before Ver. 1.4.2"
}
]
},
{
"defaultStatus": "unknown",
"product": "Aterm WG2600HM4",
"vendor": "NEC Platforms, Ltd.",
"versions": [
{
"status": "affected",
"version": "Before Ver. 1.4.2"
}
]
},
{
"defaultStatus": "unknown",
"product": "Aterm WG2600HS2",
"vendor": "NEC Platforms, Ltd.",
"versions": [
{
"status": "affected",
"version": "Before Ver. 1.3.2"
}
]
},
{
"defaultStatus": "unknown",
"product": "Aterm WX3000HP",
"vendor": "NEC Platforms, Ltd.",
"versions": [
{
"status": "affected",
"version": "Before Ver. 2.5.0"
}
]
},
{
"defaultStatus": "unknown",
"product": "Aterm WX3600HP",
"vendor": "NEC Platforms, Ltd.",
"versions": [
{
"status": "affected",
"version": "Before Ver. 1.5.3"
}
]
},
{
"defaultStatus": "unknown",
"product": "Aterm GX1200HP",
"vendor": "NEC Platforms, Ltd.",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "Aterm GX1200HS4",
"vendor": "NEC Platforms, Ltd.",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "Aterm WG1200DM4",
"vendor": "NEC Platforms, Ltd.",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "Aterm GB1200PE",
"vendor": "NEC Platforms, Ltd.",
"versions": [
{
"status": "affected",
"version": "Before Ver. 1.3.1"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Missing Authorization vulnerability in NEC Platforms, Ltd. Aterm Series allows a attacker to get a specific device information and change the settings via network."
}
],
"value": "Missing Authorization vulnerability in NEC Platforms, Ltd. Aterm Series allows a attacker to get a specific device information and change the settings via network."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862: Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-10T04:10:43.726Z",
"orgId": "f2760a35-e0d8-4637-ac4c-cc1a2de3e282",
"shortName": "NEC"
},
"references": [
{
"url": "https://jpn.nec.com/security-info/secinfo/nv26-001_en.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f2760a35-e0d8-4637-ac4c-cc1a2de3e282",
"assignerShortName": "NEC",
"cveId": "CVE-2026-4309",
"datePublished": "2026-03-27T11:46:26.310Z",
"dateReserved": "2026-03-17T01:53:09.153Z",
"dateUpdated": "2026-04-10T04:10:43.726Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-4301 (GCVE-0-2026-4301)
Vulnerability from cvelistv5 – Published: 2026-05-12 07:48 – Updated: 2026-05-12 12:56- CWE-862 - Missing Authorization
| Vendor | Product | Version | |
|---|---|---|---|
| videowhisper | Rate Star Review Vote – AJAX Reviews, Votes, Star Ratings |
Affected:
0 , ≤ 1.6.4
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-4301",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-12T12:56:10.766366Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-12T12:56:54.390Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Rate Star Review Vote \u2013 AJAX Reviews, Votes, Star Ratings",
"vendor": "videowhisper",
"versions": [
{
"lessThanOrEqual": "1.6.4",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Cipher Forensic"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Rate Star Review Vote - AJAX Reviews, Votes, Star Ratings plugin for WordPress is vulnerable to Missing Authorization in all versions up to and including 1.6.4. The vwrsr_review() AJAX handler lacks both capability checks and nonce verification. The only access control is an is_user_logged_in() check. When the \u0027form\u0027 parameter is set to \u0027update\u0027, the function takes an arbitrary post ID from the user-supplied \u0027rating_id\u0027 GET parameter, sets it as the post ID in the update array, and passes it directly to wp_update_post(). This overwrites the target post\u0027s title, content, author (changed to the attacker\u0027s user ID), post_type (changed to the plugin\u0027s custom post type, default \u0027review\u0027), and status. Additionally, update_post_meta() is called on the arbitrary post ID at lines 758-763, modifying its metadata. This makes it possible for authenticated attackers, with Subscriber-level access and above, to modify the title, content, author, post type, and metadata of arbitrary posts and pages on the site via the \u0027rating_id\u0027 parameter, effectively allowing full post content takeover."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-12T07:48:17.336Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/107cb15f-4b2e-4ed4-8e8a-4f716f4873db?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/rate-star-review/trunk/rate-star-review.php#L754"
},
{
"url": "https://plugins.trac.wordpress.org/browser/rate-star-review/tags/1.6.4/rate-star-review.php#L754"
},
{
"url": "https://plugins.trac.wordpress.org/browser/rate-star-review/trunk/rate-star-review.php#L730"
},
{
"url": "https://plugins.trac.wordpress.org/browser/rate-star-review/tags/1.6.4/rate-star-review.php#L730"
},
{
"url": "https://plugins.trac.wordpress.org/browser/rate-star-review/trunk/rate-star-review.php#L758"
},
{
"url": "https://plugins.trac.wordpress.org/browser/rate-star-review/tags/1.6.4/rate-star-review.php#L758"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-05-11T19:07:44.000Z",
"value": "Disclosed"
}
],
"title": "Rate Star Review Vote \u003c= 1.6.4 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Modification via \u0027rating_id\u0027 Parameter"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2026-4301",
"datePublished": "2026-05-12T07:48:17.336Z",
"dateReserved": "2026-03-16T20:01:00.547Z",
"dateUpdated": "2026-05-12T12:56:54.390Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-4299 (GCVE-0-2026-4299)
Vulnerability from cvelistv5 – Published: 2026-04-08 03:36 – Updated: 2026-04-13 15:15- CWE-862 - Missing Authorization
| Vendor | Product | Version | |
|---|---|---|---|
| mainwp | MainWP Child Reports |
Affected:
0 , ≤ 2.2.6
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-4299",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-13T15:06:40.658600Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-13T15:15:10.520Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "MainWP Child Reports",
"vendor": "mainwp",
"versions": [
{
"lessThanOrEqual": "2.2.6",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Hunter Jensen"
}
],
"descriptions": [
{
"lang": "en",
"value": "The MainWP Child Reports plugin for WordPress is vulnerable to Missing Authorization in all versions up to and including 2.2.6. This is due to a missing capability check in the heartbeat_received() function in the Live_Update class. This makes it possible for authenticated attackers, with Subscriber-level access and above, to obtain MainWP Child Reports activity log entries (including action summaries, user information, IP addresses, and contextual data) via the WordPress Heartbeat API by sending a crafted heartbeat request with the \u0027wp-mainwp-stream-heartbeat\u0027 data key."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T17:02:53.164Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/7d4141bd-cd3f-44e9-b423-be03377a342d?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/mainwp-child-reports/trunk/classes/class-live-update.php#L182"
},
{
"url": "https://plugins.trac.wordpress.org/browser/mainwp-child-reports/tags/2.2.6/classes/class-live-update.php#L182"
},
{
"url": "https://plugins.trac.wordpress.org/browser/mainwp-child-reports/trunk/classes/class-live-update.php#L44"
},
{
"url": "https://plugins.trac.wordpress.org/browser/mainwp-child-reports/tags/2.2.6/classes/class-live-update.php#L44"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=3490157%40mainwp-child-reports\u0026new=3490157%40mainwp-child-reports\u0026sfp_email=\u0026sfph_mail="
}
],
"timeline": [
{
"lang": "en",
"time": "2026-03-16T20:41:23.000Z",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2026-04-07T15:21:54.000Z",
"value": "Disclosed"
}
],
"title": "MainWP Child Reports \u003c= 2.2.6 - Missing Authorization to Authenticated (Subscriber+) Information Disclosure via Heartbeat API"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2026-4299",
"datePublished": "2026-04-08T03:36:09.655Z",
"dateReserved": "2026-03-16T19:23:21.908Z",
"dateUpdated": "2026-04-13T15:15:10.520Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-4298 (GCVE-0-2026-4298)
Vulnerability from cvelistv5 – Published: 2026-07-09 09:31 – Updated: 2026-07-09 14:39- CWE-862 - Missing Authorization
| Vendor | Product | Version | |
|---|---|---|---|
| mlfactory | DSGVO All in one for WP |
Affected:
0 , ≤ 4.9
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-4298",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-09T14:39:32.001412Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-09T14:39:42.090Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "DSGVO All in one for WP",
"vendor": "mlfactory",
"versions": [
{
"lessThanOrEqual": "4.9",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "nudien udin"
},
{
"lang": "en",
"type": "finder",
"value": "nudien"
}
],
"descriptions": [
{
"lang": "en",
"value": "The DSGVO All in one for WP plugin for WordPress is vulnerable to Missing Authorization in all versions up to and including 4.9. This is due to the dsgvo_reset_policy_service_func() function lacking both capability checks and nonce verification while processing user-supplied parameters to reset plugin options. This makes it possible for authenticated attackers, with Subscriber-level access and above, to reset all customized privacy policy content including cookie notices, Google Analytics policies, Facebook policies, and YouTube policies to their default values."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-09T09:31:21.285Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6d8a5268-03a2-48c6-9c59-840a11e7a34f?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/dsgvo-all-in-one-for-wp/trunk/dsgvo_all_in_one_wp.php#L1123"
},
{
"url": "https://plugins.trac.wordpress.org/browser/dsgvo-all-in-one-for-wp/tags/4.9/dsgvo_all_in_one_wp.php#L1123"
},
{
"url": "https://plugins.trac.wordpress.org/browser/dsgvo-all-in-one-for-wp/trunk/dsgvo_all_in_one_wp.php#L56"
},
{
"url": "https://plugins.trac.wordpress.org/browser/dsgvo-all-in-one-for-wp/tags/4.9/dsgvo_all_in_one_wp.php#L56"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?reponame=\u0026old=3503821%40dsgvo-all-in-one-for-wp\u0026new=3503821%40dsgvo-all-in-one-for-wp"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-07-08T20:46:28.000Z",
"value": "Disclosed"
}
],
"title": "DSGVO All in one for WP \u003c= 4.9 - Missing Authorization to Authenticated (Subscriber+) Settings Reset"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2026-4298",
"datePublished": "2026-07-09T09:31:21.285Z",
"dateReserved": "2026-03-16T19:14:02.711Z",
"dateUpdated": "2026-07-09T14:39:42.090Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-4297 (GCVE-0-2026-4297)
Vulnerability from cvelistv5 – Published: 2026-06-24 05:33 – Updated: 2026-06-24 14:50- CWE-862 - Missing Authorization
| Vendor | Product | Version | |
|---|---|---|---|
| newscred | Welcome Software Publishing |
Affected:
0 , ≤ 0.0.31
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-4297",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-24T14:49:59.958116Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-24T14:50:13.376Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Welcome Software Publishing",
"vendor": "newscred",
"versions": [
{
"lessThanOrEqual": "0.0.31",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Nabil Irawan"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Welcome Software Publishing plugin for WordPress is vulnerable to Arbitrary Options Update in all versions up to and including 0.0.31. This is due to a missing capability check in the nc_setOption() function, which is exposed via the nc.setOption XML-RPC method. The function authenticates the user via $wp_xmlrpc_server-\u003elogin() (verifying credentials are valid) but does not perform any authorization check such as current_user_can(\u0027manage_options\u0027). This makes it possible for authenticated attackers, with Subscriber-level access and above, to update arbitrary WordPress options via XML-RPC requests. This can be leveraged to change the default_role option to \u0027administrator\u0027 and then register a new administrator account, achieving full privilege escalation and site takeover."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-24T05:33:24.530Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/47e53fd3-4e3f-433a-8e70-3a58c864184a?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/newscred-publishing/trunk/newscred.php#L272"
},
{
"url": "https://plugins.trac.wordpress.org/browser/newscred-publishing/tags/0.0.31/newscred.php#L272"
},
{
"url": "https://plugins.trac.wordpress.org/browser/newscred-publishing/trunk/newscred.php#L264"
},
{
"url": "https://plugins.trac.wordpress.org/browser/newscred-publishing/tags/0.0.31/newscred.php#L264"
},
{
"url": "https://plugins.trac.wordpress.org/browser/newscred-publishing/trunk/newscred.php#L265"
},
{
"url": "https://plugins.trac.wordpress.org/browser/newscred-publishing/tags/0.0.31/newscred.php#L265"
},
{
"url": "https://plugins.trac.wordpress.org/browser/newscred-publishing/trunk/newscred.php#L44"
},
{
"url": "https://plugins.trac.wordpress.org/browser/newscred-publishing/tags/0.0.31/newscred.php#L44"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-06-23T16:42:18.000Z",
"value": "Disclosed"
}
],
"title": "Welcome Software Publishing \u003c= 0.0.31 - Authenticated (Subscriber+) Arbitrary Options Update to Privilege Escalation via \u0027nc.setOption\u0027 XML-RPC Method"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2026-4297",
"datePublished": "2026-06-24T05:33:24.530Z",
"dateReserved": "2026-03-16T18:58:52.144Z",
"dateUpdated": "2026-06-24T14:50:13.376Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
Mitigation
- Divide the product into anonymous, normal, privileged, and administrative areas. Reduce the attack surface by carefully mapping roles with data and functionality. Use role-based access control (RBAC) [REF-229] to enforce the roles at the appropriate boundaries.
- Note that this approach may not protect against horizontal authorization, i.e., it will not protect a user from attacking others with the same role.
Mitigation
Ensure that access control checks are performed related to the business logic. These checks may be different than the access control checks that are applied to more generic resources such as files, connections, processes, memory, and database records. For example, a database may restrict access for medical records to a specific database user, but each record might only be intended to be accessible to the patient and the patient's doctor [REF-7].
Mitigation MIT-4.4
Strategy: Libraries or Frameworks
- Use a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.
- For example, consider using authorization frameworks such as the JAAS Authorization Framework [REF-233] and the OWASP ESAPI Access Control feature [REF-45].
Mitigation
- For web applications, make sure that the access control mechanism is enforced correctly at the server side on every page. Users should not be able to access any unauthorized functionality or information by simply requesting direct access to that page.
- One way to do this is to ensure that all pages containing sensitive information are not cached, and that all such pages restrict access to requests that are accompanied by an active and authenticated session token associated with a user who has the required permissions to access that page.
Mitigation
Use the access control capabilities of your operating system and server environment and define your access control lists accordingly. Use a "default deny" policy when defining these ACLs.
CAPEC-665: Exploitation of Thunderbolt Protection Flaws
An adversary leverages a firmware weakness within the Thunderbolt protocol, on a computing device to manipulate Thunderbolt controller firmware in order to exploit vulnerabilities in the implementation of authorization and verification schemes within Thunderbolt protection mechanisms. Upon gaining physical access to a target device, the adversary conducts high-level firmware manipulation of the victim Thunderbolt controller SPI (Serial Peripheral Interface) flash, through the use of a SPI Programing device and an external Thunderbolt device, typically as the target device is booting up. If successful, this allows the adversary to modify memory, subvert authentication mechanisms, spoof identities and content, and extract data and memory from the target device. Currently 7 major vulnerabilities exist within Thunderbolt protocol with 9 attack vectors as noted in the Execution Flow.