CWE-862
Allowed-with-ReviewMissing Authorization
Abstraction: Class · Status: Incomplete
The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
14535 vulnerabilities reference this CWE, most recent first.
CVE-2026-11807 (GCVE-0-2026-11807)
Vulnerability from cvelistv5 – Published: 2026-06-23 19:40 – Updated: 2026-07-15 02:45- CWE-862 - Missing Authorization
| URL | Tags |
|---|---|
| https://access.redhat.com/errata/RHSA-2026:28376 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:28377 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:28492 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:28497 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/security/cve/CVE-2026-11807 | vdb-entryx_refsource_REDHAT |
| https://bugzilla.redhat.com/show_bug.cgi?id=2487036 | issue-trackingx_refsource_REDHAT |
| https://security.access.redhat.com/data/csaf/v2/v… | x_sadp-csaf-vex |
| Vendor | Product | Version | |
|---|---|---|---|
| Red Hat | Red Hat Ansible Automation Platform 2.5 for RHEL 8 |
Unaffected:
0:1.1.19-1.el8ap , < *
(rpm)
cpe:/a:redhat:ansible_automation_platform:2.5::el8 cpe:/a:redhat:ansible_automation_platform:2.5::el9 |
|
| Red Hat | Red Hat Ansible Automation Platform 2.5 for RHEL 9 |
Unaffected:
0:1.1.19-1.el9ap , < *
(rpm)
cpe:/a:redhat:ansible_automation_platform:2.5::el8 cpe:/a:redhat:ansible_automation_platform:2.5::el9 |
|
| Red Hat | Red Hat Ansible Automation Platform 2.6 for RHEL 9 |
Unaffected:
0:1.2.9-2.el9ap , < *
(rpm)
cpe:/a:redhat:ansible_automation_platform:2.6::el9 |
|
| Red Hat | Red Hat Ansible Automation Platform 2.5 |
Unaffected:
1781741251 , < *
(rpm)
cpe:/a:redhat:ansible_automation_platform:2.5::el8 |
|
| Red Hat | Red Hat Ansible Automation Platform 2.6 |
Unaffected:
1781732675 , < *
(rpm)
cpe:/a:redhat:ansible_automation_platform:2.6::el9 |
|
| Red Hat | Red Hat Ansible Automation Platform 2.5 for RHEL 8 |
Unaffected:
0:1.1.19-1.el8ap , < *
(rpm)
cpe:/a:redhat:ansible_automation_platform:2.5::el8 |
|
| Red Hat | Red Hat Ansible Automation Platform 2.5 for RHEL 9 |
Unaffected:
0:1.1.19-1.el9ap , < *
(rpm)
cpe:/a:redhat:ansible_automation_platform:2.5::el9 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-11807",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-24T18:22:21.415124Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-24T18:22:39.535Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"affected": [
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:ansible_automation_platform:2.5::el8"
],
"defaultStatus": "affected",
"packageName": "automation-eda-controller",
"product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.1.19-1.el8ap",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:ansible_automation_platform:2.5::el9"
],
"defaultStatus": "affected",
"packageName": "automation-eda-controller",
"product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.1.19-1.el9ap",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:ansible_automation_platform:2.6::el9"
],
"defaultStatus": "affected",
"packageName": "automation-eda-controller",
"product": "Red Hat Ansible Automation Platform 2.6 for RHEL 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.2.9-2.el9ap",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:ansible_automation_platform:2.5::el8"
],
"defaultStatus": "affected",
"packageName": "ansible-automation-platform-25/eda-controller-rhel8",
"product": "Red Hat Ansible Automation Platform 2.5",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "1781741251",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:ansible_automation_platform:2.6::el9"
],
"defaultStatus": "affected",
"packageName": "ansible-automation-platform-26/eda-controller-rhel9",
"product": "Red Hat Ansible Automation Platform 2.6",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "1781732675",
"versionType": "rpm"
}
]
}
],
"datePublic": "2026-06-23T14:27:28.309Z",
"descriptions": [
{
"lang": "en",
"value": "A missing authorization vulnerability was found in the Event-Driven Ansible (EDA) websocket API. The /api/eda/ws/ansible-rulebook endpoint does not verify user permissions when processing Worker messages. Any authenticated user can send a forged message with an arbitrary activation_id to receive plaintext credentials associated with that activation, including OAuth tokens, vault passwords, and SSH keys."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Critical"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-15T02:45:43.466Z",
"orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
"shortName": "redhat-SADP"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2026-11807"
},
{
"name": "RHBZ#2487036",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2487036"
},
{
"tags": [
"x_sadp-csaf-vex"
],
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-11807.json"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:28376"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:28377"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:28497"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:28492"
}
],
"solutions": [
{
"lang": "en",
"value": "RHSA-2026:28376: Red Hat Ansible Automation Platform 2.5 for RHEL 8, Red Hat Ansible Automation Platform 2.5 for RHEL 9"
},
{
"lang": "en",
"value": "RHSA-2026:28377: Red Hat Ansible Automation Platform 2.6 for RHEL 9"
},
{
"lang": "en",
"value": "RHSA-2026:28497: Red Hat Ansible Automation Platform 2.5"
},
{
"lang": "en",
"value": "RHSA-2026:28492: Red Hat Ansible Automation Platform 2.6"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-06-09T15:42:49.367Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2026-06-23T14:27:28.309Z",
"value": "Made public."
}
],
"title": "eda-server: websocket missing authorization allows credential theft via activation_id spoofing",
"workarounds": [
{
"lang": "en",
"value": "The following practices would help for reducing or avoiding the exposure to this flaw:\n\n1) Restrict network access to the EDA websocket endpoint.\n2) Review and limit user accounts with any level of Ansible Automation Platform authentication until the fix is applied."
}
],
"x_adpType": "supplier",
"x_generator": {
"engine": "sadp-cli 1.0.0"
}
}
],
"cna": {
"affected": [
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:ansible_automation_platform:2.5::el8",
"cpe:/a:redhat:ansible_automation_platform:2.5::el9"
],
"defaultStatus": "affected",
"packageName": "automation-eda-controller",
"product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.1.19-1.el8ap",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:ansible_automation_platform:2.5::el8",
"cpe:/a:redhat:ansible_automation_platform:2.5::el9"
],
"defaultStatus": "affected",
"packageName": "automation-eda-controller",
"product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.1.19-1.el9ap",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:ansible_automation_platform:2.6::el9"
],
"defaultStatus": "affected",
"packageName": "automation-eda-controller",
"product": "Red Hat Ansible Automation Platform 2.6 for RHEL 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.2.9-2.el9ap",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:ansible_automation_platform:2.5::el8"
],
"defaultStatus": "affected",
"packageName": "ansible-automation-platform-25/eda-controller-rhel8",
"product": "Red Hat Ansible Automation Platform 2.5",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "1781741251",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:ansible_automation_platform:2.6::el9"
],
"defaultStatus": "affected",
"packageName": "ansible-automation-platform-26/eda-controller-rhel9",
"product": "Red Hat Ansible Automation Platform 2.6",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "1781732675",
"versionType": "rpm"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "This issue was discovered by Chris Meyers (Red Hat, Inc.)."
}
],
"datePublic": "2026-06-23T14:27:28.309Z",
"descriptions": [
{
"lang": "en",
"value": "A missing authorization vulnerability was found in the Event-Driven Ansible (EDA) websocket API. The /api/eda/ws/ansible-rulebook endpoint does not verify user permissions when processing Worker messages. Any authenticated user can send a forged message with an arbitrary activation_id to receive plaintext credentials associated with that activation, including OAuth tokens, vault passwords, and SSH keys."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Critical"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-24T01:39:13.071Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2026:28376",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:28376"
},
{
"name": "RHSA-2026:28377",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:28377"
},
{
"name": "RHSA-2026:28492",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:28492"
},
{
"name": "RHSA-2026:28497",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:28497"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2026-11807"
},
{
"name": "RHBZ#2487036",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2487036"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-06-09T15:42:49.367Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2026-06-23T14:27:28.309Z",
"value": "Made public."
}
],
"title": "Eda-server: websocket missing authorization allows credential theft via activation_id spoofing",
"workarounds": [
{
"lang": "en",
"value": "The following practices would help for reducing or avoiding the exposure to this flaw:\n\n1) Restrict network access to the EDA websocket endpoint.\n2) Review and limit user accounts with any level of Ansible Automation Platform authentication until the fix is applied."
}
],
"x_generator": {
"engine": "cvelib 1.8.0"
},
"x_redhatCweChain": "CWE-862: Missing Authorization"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2026-11807",
"datePublished": "2026-06-23T19:40:33.182Z",
"dateReserved": "2026-06-09T15:41:49.114Z",
"dateUpdated": "2026-07-15T02:45:43.466Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-11802 (GCVE-0-2026-11802)
Vulnerability from cvelistv5 – Published: 2026-07-14 01:30 – Updated: 2026-07-14 01:30- CWE-862 - Missing Authorization
| Vendor | Product | Version | |
|---|---|---|---|
| themelooks | FoodBook Lite – Online Food Ordering System |
Affected:
0 , ≤ 1.5.6
(semver)
|
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "FoodBook Lite \u2013 Online Food Ordering System",
"vendor": "themelooks",
"versions": [
{
"lessThanOrEqual": "1.5.6",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Eason"
}
],
"descriptions": [
{
"lang": "en",
"value": "The FoodBook Lite - Online Food Ordering System plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.5.6. The registration() function, accessible via the wp_ajax_nopriv_registration_action AJAX action, lacks any nonce verification or capability check, and does not check the WordPress users_can_register option before calling wp_insert_user(). This makes it possible for unauthenticated attackers to create new user accounts with the \u0027customer\u0027 role and receive authentication cookies, even when the site administrator has explicitly disabled user registration."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-14T01:30:00.701Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/8b67557c-785f-433b-8e5b-fcc0bda14892?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/foodbook-light-online-food-ordering-system/tags/1.5.6/inc/class-components-ajax.php#L86"
},
{
"url": "https://plugins.trac.wordpress.org/browser/foodbook-light-online-food-ordering-system/tags/1.5.6/inc/class-components-ajax.php#L68"
},
{
"url": "https://plugins.trac.wordpress.org/browser/foodbook-light-online-food-ordering-system/tags/1.5.6/inc/class-components-ajax.php#L21"
},
{
"url": "https://plugins.trac.wordpress.org/browser/foodbook-light-online-food-ordering-system/tags/1.5.6/inc/class-components-ajax.php#L18"
},
{
"url": "https://plugins.trac.wordpress.org/browser/foodbook-light-online-food-ordering-system/tags/1.5.7/inc/class-components-ajax.php#L67-L73"
},
{
"url": "https://plugins.trac.wordpress.org/browser/foodbook-light-online-food-ordering-system/tags/1.5.7/inc/class-components-ajax.php#L39"
},
{
"url": "https://plugins.trac.wordpress.org/browser/foodbook-light-online-food-ordering-system/tags/1.5.7/inc/helper-functions.php#L724-L725"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-07-13T13:10:51.000Z",
"value": "Disclosed"
}
],
"title": "FoodBook Lite \u003c= 1.5.6 - Missing Authorization to Unauthenticated User Registration via \u0027registration_action\u0027 AJAX Action"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2026-11802",
"datePublished": "2026-07-14T01:30:00.701Z",
"dateReserved": "2026-06-09T14:53:04.712Z",
"dateUpdated": "2026-07-14T01:30:00.701Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-11773 (GCVE-0-2026-11773)
Vulnerability from cvelistv5 – Published: 2026-06-27 06:50 – Updated: 2026-06-29 12:20- CWE-862 - Missing Authorization
| Vendor | Product | Version | |
|---|---|---|---|
| masteriyo | Masteriyo LMS – LMS Course Builder, Quizzes & Certificates |
Affected:
0 , ≤ 2.2.1
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-11773",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-29T12:19:37.940286Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-29T12:20:04.970Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Masteriyo LMS \u2013 LMS Course Builder, Quizzes \u0026 Certificates",
"vendor": "masteriyo",
"versions": [
{
"lessThanOrEqual": "2.2.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "ilinor"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Masteriyo LMS \u2013 LMS Course Builder, Quizzes \u0026 Certificates plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 2.2.1. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with student-level access and above, to modify the description (post content) of arbitrary course announcements authored by instructors or administrators."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-27T06:50:57.531Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/5780d762-2313-4c81-be02-99543359d824?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/learning-management-system/tags/2.2.1/addons/course-announcement/Controllers/CourseAnnouncementController.php#L782"
},
{
"url": "https://plugins.trac.wordpress.org/browser/learning-management-system/tags/2.2.1/addons/course-announcement/Controllers/CourseAnnouncementController.php#L619"
},
{
"url": "https://plugins.trac.wordpress.org/browser/learning-management-system/tags/2.1.8/addons/course-announcement/Controllers/CourseAnnouncementController.php#L782"
},
{
"url": "https://plugins.trac.wordpress.org/browser/learning-management-system/tags/2.1.8/addons/course-announcement/Controllers/CourseAnnouncementController.php#L619"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=3583519%40learning-management-system\u0026new=3583519%40learning-management-system\u0026sfp_email=\u0026sfph_mail="
}
],
"timeline": [
{
"lang": "en",
"time": "2026-06-09T12:11:09.000Z",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2026-06-26T17:55:05.000Z",
"value": "Disclosed"
}
],
"title": "Masteriyo LMS \u003c= 2.2.1 - Missing Authorization to Authenticated (Student+) Arbitrary Course Announcement Modification"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2026-11773",
"datePublished": "2026-06-27T06:50:57.531Z",
"dateReserved": "2026-06-09T11:55:57.904Z",
"dateUpdated": "2026-06-29T12:20:04.970Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-11719 (GCVE-0-2026-11719)
Vulnerability from cvelistv5 – Published: 2026-06-18 11:55 – Updated: 2026-06-18 13:53- CWE-862 - Missing Authorization
| Vendor | Product | Version | |
|---|---|---|---|
| MCP Toolbox for Databases (googleapis/mcp-toolbox) |
Affected:
1.3.0
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-11719",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-18T12:55:43.505312Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-18T13:53:08.793Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "MCP Toolbox for Databases (googleapis/mcp-toolbox)",
"vendor": "Google",
"versions": [
{
"status": "affected",
"version": "1.3.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "HE WEI\uff08\u30ae\u30ab\u30af\uff09(https://www.linkedin.com/in/gikaku/)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An authenticated authorization bypass vulnerability exists in MCP Toolbox for Databases due to missing scope enforcement across older protocol handlers.\n\nWhile the 2025-11-25 protocol version handler correctly enforces per-tool restrictions defined by scopesRequired, older supported protocol versions (2025-06-18, 2025-03-26, and 2024-11-05) omit this check. An authenticated client with low-privilege tokens (e.g., read) can bypass the intended per-tool scope restrictions and execute high-privilege tools (e.g., admin) simply by specifying an older protocol version in the MCP-Protocol-Version header, or by omitting the header entirely (which causes the server to default to the vulnerable 2024-11-05 handler)."
}
],
"value": "An authenticated authorization bypass vulnerability exists in MCP Toolbox for Databases due to missing scope enforcement across older protocol handlers.\n\nWhile the 2025-11-25 protocol version handler correctly enforces per-tool restrictions defined by scopesRequired, older supported protocol versions (2025-06-18, 2025-03-26, and 2024-11-05) omit this check. An authenticated client with low-privilege tokens (e.g., read) can bypass the intended per-tool scope restrictions and execute high-privilege tools (e.g., admin) simply by specifying an older protocol version in the MCP-Protocol-Version header, or by omitting the header entirely (which causes the server to default to the vulnerable 2024-11-05 handler)."
}
],
"impacts": [
{
"capecId": "CAPEC-115",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-115: Authentication Bypass"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862: Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-18T11:55:03.666Z",
"orgId": "14ed7db2-1595-443d-9d34-6215bf890778",
"shortName": "Google"
},
"references": [
{
"url": "https://github.com/googleapis/mcp-toolbox/pull/3335"
},
{
"url": "https://github.com/googleapis/mcp-toolbox/pull/3049"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 1.0.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778",
"assignerShortName": "Google",
"cveId": "CVE-2026-11719",
"datePublished": "2026-06-18T11:55:03.666Z",
"dateReserved": "2026-06-09T00:53:57.846Z",
"dateUpdated": "2026-06-18T13:53:08.793Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-11607 (GCVE-0-2026-11607)
Vulnerability from cvelistv5 – Published: 2026-06-09 10:48 – Updated: 2026-06-11 13:24- CWE-862 - Missing Authorization
| URL | Tags |
|---|---|
| https://typo3.org/security/advisory/typo3-core-sa… | vendor-advisory |
| https://github.com/TYPO3/typo3/commit/50974c658f6… | patch |
| https://github.com/TYPO3/typo3/commit/040d50d082a… | patch |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-11607",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-09T12:53:44.766969Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-09T12:53:55.463Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://packagist.org",
"defaultStatus": "unaffected",
"modules": [
"Form"
],
"packageName": "typo3/cms-form",
"product": "TYPO3 CMS",
"repo": "https://github.com/TYPO3/typo3",
"vendor": "TYPO3",
"versions": [
{
"lessThan": "10.4.57",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "11.5.51",
"status": "affected",
"version": "11.0.0",
"versionType": "semver"
},
{
"lessThan": "12.4.46",
"status": "affected",
"version": "12.0.0",
"versionType": "semver"
},
{
"lessThan": "13.4.31",
"status": "affected",
"version": "13.0.0",
"versionType": "semver"
},
{
"lessThan": "14.3.3",
"status": "affected",
"version": "14.0.0",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.4.57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.5.51",
"versionStartIncluding": "11.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"versionEndExcluding": "12.4.46",
"versionStartIncluding": "12.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"versionEndExcluding": "13.4.31",
"versionStartIncluding": "13.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"versionEndExcluding": "14.3.3",
"versionStartIncluding": "14.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Ethan"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Oliver Hader"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Backend users with access to the Form Framework were able to use files not ending in \u003ccode\u003e.form.yaml\u003c/code\u003e as form definitions, which were processed without denying the incorrect file extension. Maliciously crafted form definition files can be used to execute arbitrary SQL statements, allowing attackers to escalate privileges by creating administrative backend user accounts. This issue affects TYPO3 CMS versions before 10.4.57, 11.0.0-11.5.51, 12.0.0-12.4.46, 13.0.0-13.4.31 and 14.0.0-14.3.3."
}
],
"value": "Backend users with access to the Form Framework were able to use files not ending in .form.yaml as form definitions, which were processed without denying the incorrect file extension. Maliciously crafted form definition files can be used to execute arbitrary SQL statements, allowing attackers to escalate privileges by creating administrative backend user accounts. This issue affects TYPO3 CMS versions before 10.4.57, 11.0.0-11.5.51, 12.0.0-12.4.46, 13.0.0-13.4.31 and 14.0.0-14.3.3."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-11T13:24:45.735Z",
"orgId": "f4fb688c-4412-4426-b4b8-421ecf27b14a",
"shortName": "TYPO3"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2026-019"
},
{
"name": "Git commit of main branch",
"tags": [
"patch"
],
"url": "https://github.com/TYPO3/typo3/commit/50974c658f647f1aece347b5d6d5acc3c87f2dca"
},
{
"name": "Git commit of 13.4 branch",
"tags": [
"patch"
],
"url": "https://github.com/TYPO3/typo3/commit/040d50d082a01f9e8bd113effd91290a9bb3b69e"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "TYPO3 CMS - Broken Access Control in Form Framework",
"x_generator": {
"engine": "Vulnogram 1.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "f4fb688c-4412-4426-b4b8-421ecf27b14a",
"assignerShortName": "TYPO3",
"cveId": "CVE-2026-11607",
"datePublished": "2026-06-09T10:48:42.477Z",
"dateReserved": "2026-06-08T15:41:55.470Z",
"dateUpdated": "2026-06-11T13:24:45.735Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-11600 (GCVE-0-2026-11600)
Vulnerability from cvelistv5 – Published: 2026-07-02 05:35 – Updated: 2026-07-02 15:54- CWE-862 - Missing Authorization
| Vendor | Product | Version | |
|---|---|---|---|
| envothemes | Envo's Templates & Widgets for Elementor and WooCommerce |
Affected:
0 , ≤ 1.4.26
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-11600",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-02T14:01:03.986923Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-02T15:54:20.863Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Envo\u0027s Templates \u0026 Widgets for Elementor and WooCommerce",
"vendor": "envothemes",
"versions": [
{
"lessThanOrEqual": "1.4.26",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Alessandro Greco (Aleff)"
},
{
"lang": "en",
"type": "finder",
"value": "Giovanbattista Ianni"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Envo\u0027s Templates \u0026 Widgets for Elementor and WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing authorization check on the Envo Tabs (and Off Canvas) widget\u0027s template rendering in versions up to, and including, 1.4.26. The render() method of the Tabs widget passes a user-controlled template/post ID directly to Elementor\u0027s get_builder_content_for_display() without verifying the referenced post\u0027s status (published/private/draft) or the visitor\u0027s authorization to view it. This makes it possible for authenticated attackers, with Author-level access and above, to disclose the contents of private Elementor-driven pages and templates to anonymous visitors by configuring an Envo Tabs widget on a public post to reference the private content\u0027s ID (which can be supplied by editing the underlying Elementor widget JSON via the Elementor editor REST API)."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-02T05:35:01.383Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/26100f1f-3224-486c-b4f9-7086d405a883?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/envo-elementor-for-woocommerce/tags/1.4.26/modules/tabs/widgets/tabs.php#L1268"
},
{
"url": "https://plugins.trac.wordpress.org/browser/envo-elementor-for-woocommerce/tags/1.4.26/modules/tabs/widgets/tabs.php#L103"
},
{
"url": "https://plugins.trac.wordpress.org/browser/envo-elementor-for-woocommerce/tags/1.4.26/modules/off-canvas/widgets/off-canvas.php#L631"
},
{
"url": "https://plugins.trac.wordpress.org/browser/envo-elementor-for-woocommerce/tags/1.4.25/modules/tabs/widgets/tabs.php#L1268"
},
{
"url": "https://plugins.trac.wordpress.org/browser/envo-elementor-for-woocommerce/tags/1.4.25/modules/tabs/widgets/tabs.php#L103"
},
{
"url": "https://plugins.trac.wordpress.org/browser/envo-elementor-for-woocommerce/tags/1.4.25/modules/off-canvas/widgets/off-canvas.php#L631"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=3578489%40envo-elementor-for-woocommerce\u0026new=3578489%40envo-elementor-for-woocommerce\u0026sfp_email=\u0026sfph_mail="
}
],
"timeline": [
{
"lang": "en",
"time": "2026-07-01T00:00:00.000Z",
"value": "Disclosed"
}
],
"title": "Envo\u0027s Templates \u0026 Widgets for Elementor and WooCommerce \u003c= 1.4.26 - Missing Authorization to Authenticated (Author+) Private Content Disclosure via Envo Tabs Widget \u0027templates\u0027 Setting"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2026-11600",
"datePublished": "2026-07-02T05:35:01.383Z",
"dateReserved": "2026-06-08T14:54:04.597Z",
"dateUpdated": "2026-07-02T15:54:20.863Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-11592 (GCVE-0-2026-11592)
Vulnerability from cvelistv5 – Published: 2026-07-02 05:35 – Updated: 2026-07-02 12:37- CWE-862 - Missing Authorization
| Vendor | Product | Version | |
|---|---|---|---|
| icegram | Email Subscribers & Newsletters – Email Marketing, Post Notifications & Newsletter Plugin for WordPress |
Affected:
0 , ≤ 5.9.27
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-11592",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-02T12:37:19.605541Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-02T12:37:28.997Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Email Subscribers \u0026 Newsletters \u2013 Email Marketing, Post Notifications \u0026 Newsletter Plugin for WordPress",
"vendor": "icegram",
"versions": [
{
"lessThanOrEqual": "5.9.27",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Dmitrii Ignatyev"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Email Subscribers \u0026 Newsletters \u2013 Email Marketing, Post Notifications \u0026 Newsletter Plugin for WordPress plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 5.9.27. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with contributor-level access and above, to overwrite plugin mail settings (from name and from email address), create audience lists, insert arbitrary contacts into those lists, create and overwrite newsletter broadcasts and post notifications, add workflows, and queue and dispatch mass email to arbitrary recipients."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-02T05:35:13.163Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a2e70691-4de9-4b12-babf-bebe267a780b?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/email-subscribers/tags/5.9.24/lite/admin/class-ig-es-onboarding.php#L171"
},
{
"url": "https://plugins.trac.wordpress.org/browser/email-subscribers/tags/5.9.24/lite/admin/class-email-subscribers-admin.php#L216"
},
{
"url": "https://plugins.trac.wordpress.org/browser/email-subscribers/tags/5.9.24/lite/includes/classes/class-es-newsletters.php#L717"
},
{
"url": "https://plugins.trac.wordpress.org/browser/email-subscribers/tags/5.9.24/lite/includes/workflows/admin/class-es-workflow-admin-edit.php#L74"
},
{
"url": "https://plugins.trac.wordpress.org/browser/email-subscribers/tags/5.9.24/lite/includes/class-email-subscribers-activator.php#L66"
},
{
"url": "https://plugins.trac.wordpress.org/browser/email-subscribers/tags/5.9.21/lite/admin/class-ig-es-onboarding.php#L171"
},
{
"url": "https://plugins.trac.wordpress.org/browser/email-subscribers/tags/5.9.21/lite/admin/class-email-subscribers-admin.php#L216"
},
{
"url": "https://plugins.trac.wordpress.org/browser/email-subscribers/tags/5.9.21/lite/includes/classes/class-es-newsletters.php#L717"
},
{
"url": "https://plugins.trac.wordpress.org/browser/email-subscribers/tags/5.9.21/lite/includes/workflows/admin/class-es-workflow-admin-edit.php#L74"
},
{
"url": "https://plugins.trac.wordpress.org/browser/email-subscribers/tags/5.9.21/lite/includes/class-email-subscribers-activator.php#L66"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=3584584%40email-subscribers\u0026new=3584584%40email-subscribers\u0026sfp_email=\u0026sfph_mail="
}
],
"timeline": [
{
"lang": "en",
"time": "2026-06-08T14:08:40.000Z",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2026-07-01T17:17:38.000Z",
"value": "Disclosed"
}
],
"title": "Email Subscribers \u0026 Newsletters \u003c= 5.9.27 - Missing Authorization to Authenticated (Contributor+) Settings Modification via ig_es_handle_request AJAX Action"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2026-11592",
"datePublished": "2026-07-02T05:35:13.163Z",
"dateReserved": "2026-06-08T13:53:29.969Z",
"dateUpdated": "2026-07-02T12:37:28.997Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-11398 (GCVE-0-2026-11398)
Vulnerability from cvelistv5 – Published: 2026-07-03 07:53 – Updated: 2026-07-06 12:35- CWE-862 - Missing Authorization
| Vendor | Product | Version | |
|---|---|---|---|
| latepoint | LatePoint – Calendar Booking Plugin for Appointments and Events |
Affected:
0 , ≤ 5.6.1
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-11398",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-06T12:35:34.020052Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-06T12:35:45.413Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "LatePoint \u2013 Calendar Booking Plugin for Appointments and Events",
"vendor": "latepoint",
"versions": [
{
"lessThanOrEqual": "5.6.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "hhhai"
}
],
"descriptions": [
{
"lang": "en",
"value": "The LatePoint \u2013 Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 5.6.1. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to modify the personally identifiable information (first name, last name, phone number, and notes) of any existing customer record, including those linked to administrator accounts, by submitting the booking form with a known customer\u0027s email address. Exploitation requires the plugin to be configured with guest bookings enabled (is_customer_auth_disabled() returning true), which is necessary for the vulnerable unauthenticated code path in process_step_customer() to be reached."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-03T07:53:10.377Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e4dcedcc-2878-47b2-99f0-ecba2cc33b69?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/latepoint/tags/5.6.1/lib/helpers/steps_helper.php#L1980"
},
{
"url": "https://plugins.trac.wordpress.org/browser/latepoint/tags/5.6.1/lib/helpers/steps_helper.php#L1953"
},
{
"url": "https://plugins.trac.wordpress.org/browser/latepoint/tags/5.6.1/lib/helpers/steps_helper.php#L1892"
},
{
"url": "https://plugins.trac.wordpress.org/browser/latepoint/tags/5.6.1/lib/controllers/steps_controller.php#L22"
},
{
"url": "https://plugins.trac.wordpress.org/browser/latepoint/tags/5.3.2/lib/helpers/steps_helper.php#L1980"
},
{
"url": "https://plugins.trac.wordpress.org/browser/latepoint/tags/5.3.2/lib/helpers/steps_helper.php#L1953"
},
{
"url": "https://plugins.trac.wordpress.org/browser/latepoint/tags/5.3.2/lib/helpers/steps_helper.php#L1892"
},
{
"url": "https://plugins.trac.wordpress.org/browser/latepoint/tags/5.3.2/lib/controllers/steps_controller.php#L22"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=3572632%40latepoint\u0026new=3572632%40latepoint\u0026sfp_email=\u0026sfph_mail="
}
],
"timeline": [
{
"lang": "en",
"time": "2026-06-05T16:45:30.000Z",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2026-07-02T19:22:32.000Z",
"value": "Disclosed"
}
],
"title": "LatePoint \u003c= 5.6.1 - Missing Authorization to Unauthenticated Arbitrary Customer Data Modification via process_step_customer() Booking Form Customer Step"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2026-11398",
"datePublished": "2026-07-03T07:53:10.377Z",
"dateReserved": "2026-06-05T16:30:18.829Z",
"dateUpdated": "2026-07-06T12:35:45.413Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-11364 (GCVE-0-2026-11364)
Vulnerability from cvelistv5 – Published: 2026-06-27 06:50 – Updated: 2026-06-29 13:53- CWE-862 - Missing Authorization
| Vendor | Product | Version | |
|---|---|---|---|
| dornaweb | Product Specifications for Woocommerce |
Affected:
0 , ≤ 0.8.9
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-11364",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-29T13:53:39.962516Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-29T13:53:53.937Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Product Specifications for Woocommerce",
"vendor": "dornaweb",
"versions": [
{
"lessThanOrEqual": "0.8.9",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "dyingman"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Product Specifications for WooCommerce plugin for WordPress is vulnerable to unauthorized modification, creation, and deletion of data in versions up to and including 0.8.9. This is due to a missing capability check and missing nonce verification in the __invoke() methods of the AttributeGroupController and AttributeController classes, which are bound to the \u0027dwps_modify_groups\u0027 and \u0027dwps_modify_attributes\u0027 AJAX actions. This makes it possible for authenticated attackers, with Subscriber-level access and above, to create, edit, and delete arbitrary product specification groups and attributes (taxonomy terms in the \u0027spec-group\u0027 and attribute taxonomies), corrupting business data and impacting the site\u0027s frontend display."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-27T06:50:56.792Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/38318605-40f7-4676-b409-f98a6c27cbfe?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/product-specifications/tags/0.8.9/src/EntityUpdater/AttributeGroupController.php#L13"
},
{
"url": "https://plugins.trac.wordpress.org/browser/product-specifications/tags/0.8.9/src/EntityUpdater/AttributeController.php#L18"
},
{
"url": "https://plugins.trac.wordpress.org/browser/product-specifications/tags/0.8.9/src/EntityUpdater/Module.php#L19"
},
{
"url": "https://plugins.trac.wordpress.org/browser/product-specifications/tags/0.8.7/src/EntityUpdater/AttributeGroupController.php#L13"
},
{
"url": "https://plugins.trac.wordpress.org/browser/product-specifications/tags/0.8.7/src/EntityUpdater/AttributeController.php#L18"
},
{
"url": "https://plugins.trac.wordpress.org/browser/product-specifications/tags/0.8.7/src/EntityUpdater/Module.php#L19"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=3580068%40product-specifications\u0026new=3580068%40product-specifications\u0026sfp_email=\u0026sfph_mail="
}
],
"timeline": [
{
"lang": "en",
"time": "2026-06-20T15:54:45.000Z",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2026-06-26T17:56:32.000Z",
"value": "Disclosed"
}
],
"title": "Product Specifications for Woocommerce \u003c= 0.8.9 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Attribute/Group Creation, Modification, and Deletion via \u0027dwps_modify_groups\u0027 and \u0027dwps_modify_attributes\u0027 AJAX Actions"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2026-11364",
"datePublished": "2026-06-27T06:50:56.792Z",
"dateReserved": "2026-06-05T11:45:53.684Z",
"dateUpdated": "2026-06-29T13:53:53.937Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-11359 (GCVE-0-2026-11359)
Vulnerability from cvelistv5 – Published: 2026-07-09 07:55 – Updated: 2026-07-09 17:34- CWE-862 - Missing Authorization
| Vendor | Product | Version | |
|---|---|---|---|
| metagauss | Memberships and User Profiles for WooCommerce – ProfileGrid WooCommerce Integration |
Affected:
0 , ≤ 3.4
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-11359",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-09T17:34:34.094915Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-09T17:34:45.149Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Memberships and User Profiles for WooCommerce \u2013 ProfileGrid WooCommerce Integration",
"vendor": "metagauss",
"versions": [
{
"lessThanOrEqual": "3.4",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "John"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Memberships and User Profiles for WooCommerce \u2013 ProfileGrid WooCommerce Integration plugin for WordPress is vulnerable to unauthorized plugin installation and activation in versions up to, and including, 3.4. This is due to a missing capability check and missing nonce validation on the pg_install_profilegrid() AJAX handler registered via wp_ajax_pg_install_profilegrid. This makes it possible for authenticated attackers, with Subscriber-level access and above, to install and activate the ProfileGrid plugin from wordpress."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-09T07:55:13.308Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4cce2842-bd8e-4a83-b83c-66aefe4df4b8?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/ecommerce-user-profiles-by-profilegrid/tags/3.4/admin/class-profilegrid-woocommerce-admin.php#L303"
},
{
"url": "https://plugins.trac.wordpress.org/browser/ecommerce-user-profiles-by-profilegrid/tags/3.4/includes/class-profilegrid-woocommerce.php#L166"
},
{
"url": "https://plugins.trac.wordpress.org/browser/ecommerce-user-profiles-by-profilegrid/tags/3.4/admin/class-profilegrid-woocommerce-admin.php#L352"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?reponame=\u0026old=3592677%40ecommerce-user-profiles-by-profilegrid\u0026new=3592677%40ecommerce-user-profiles-by-profilegrid"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-06-05T11:52:05.000Z",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2026-07-08T00:00:00.000Z",
"value": "Disclosed"
}
],
"title": "Memberships and User Profiles for WooCommerce \u003c= 3.4 - Missing Authorization to Authenticated (Subscriber+) ProfileGrid Plugin Installation and Activation"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2026-11359",
"datePublished": "2026-07-09T07:55:13.308Z",
"dateReserved": "2026-06-05T11:36:33.315Z",
"dateUpdated": "2026-07-09T17:34:45.149Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
Mitigation
- Divide the product into anonymous, normal, privileged, and administrative areas. Reduce the attack surface by carefully mapping roles with data and functionality. Use role-based access control (RBAC) [REF-229] to enforce the roles at the appropriate boundaries.
- Note that this approach may not protect against horizontal authorization, i.e., it will not protect a user from attacking others with the same role.
Mitigation
Ensure that access control checks are performed related to the business logic. These checks may be different than the access control checks that are applied to more generic resources such as files, connections, processes, memory, and database records. For example, a database may restrict access for medical records to a specific database user, but each record might only be intended to be accessible to the patient and the patient's doctor [REF-7].
Mitigation MIT-4.4
Strategy: Libraries or Frameworks
- Use a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.
- For example, consider using authorization frameworks such as the JAAS Authorization Framework [REF-233] and the OWASP ESAPI Access Control feature [REF-45].
Mitigation
- For web applications, make sure that the access control mechanism is enforced correctly at the server side on every page. Users should not be able to access any unauthorized functionality or information by simply requesting direct access to that page.
- One way to do this is to ensure that all pages containing sensitive information are not cached, and that all such pages restrict access to requests that are accompanied by an active and authenticated session token associated with a user who has the required permissions to access that page.
Mitigation
Use the access control capabilities of your operating system and server environment and define your access control lists accordingly. Use a "default deny" policy when defining these ACLs.
CAPEC-665: Exploitation of Thunderbolt Protection Flaws
An adversary leverages a firmware weakness within the Thunderbolt protocol, on a computing device to manipulate Thunderbolt controller firmware in order to exploit vulnerabilities in the implementation of authorization and verification schemes within Thunderbolt protection mechanisms. Upon gaining physical access to a target device, the adversary conducts high-level firmware manipulation of the victim Thunderbolt controller SPI (Serial Peripheral Interface) flash, through the use of a SPI Programing device and an external Thunderbolt device, typically as the target device is booting up. If successful, this allows the adversary to modify memory, subvert authentication mechanisms, spoof identities and content, and extract data and memory from the target device. Currently 7 major vulnerabilities exist within Thunderbolt protocol with 9 attack vectors as noted in the Execution Flow.