CWE-862
Missing Authorization
Description
The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-665
CVEs mapped to this weakness (5,549)
page 103 of 278| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-49949 | Med | 0.35 | 5.4 | 0.00 | Oct 22, 2025 | Missing Authorization vulnerability in templazee Templazee templazee allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Templazee: from n/a through <= 1.0.2. | ||
| CVE-2025-49920 | Med | 0.35 | 5.4 | 0.00 | Oct 22, 2025 | Missing Authorization vulnerability in accessiBe Web Accessibility By accessiBe accessibe allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Web Accessibility By accessiBe: from n/a through <= 2.10. | ||
| CVE-2025-11372 | Med | 0.35 | 6.5 | 0.00 | Oct 18, 2025 | The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to modification of data in all versions up to, and including, 4.2.9.2. This is due to missing capability checks on the Admin Tools REST endpoints which are registered with permission_callback set to… | ||
| CVE-2025-11580 | Med | 0.35 | 5.3 | 0.01 | Oct 10, 2025 | A weakness has been identified in PowerJob up to 5.1.2. This affects the function list of the file /user/list. This manipulation causes missing authorization. The attack can be initiated remotely. The exploit has been made available to the public and could be used for attacks. | ||
| CVE-2025-60127 | Med | 0.35 | 5.4 | 0.00 | Sep 26, 2025 | Missing Authorization vulnerability in ArtistScope CopySafe Web Protection wp-copysafe-web allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CopySafe Web Protection: from n/a through <= 5.1. | ||
| CVE-2025-60116 | Med | 0.35 | 5.4 | 0.00 | Sep 26, 2025 | Missing Authorization vulnerability in ThemeGoods Grand Conference Theme Custom Post Type grandconference-custom-post allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Grand Conference Theme Custom Post Type: from n/a through < 2.6.4. | ||
| CVE-2025-60103 | Med | 0.35 | 5.4 | 0.00 | Sep 26, 2025 | Missing Authorization vulnerability in CridioStudio ListingPro listingpro-plugin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ListingPro: from n/a through <= 2.9.8. | ||
| CVE-2025-60097 | Med | 0.35 | 5.4 | 0.00 | Sep 26, 2025 | Missing Authorization vulnerability in CodexThemes TheGem thegem allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects TheGem: from n/a through <= 5.10.5. | ||
| CVE-2025-60096 | Med | 0.35 | 5.4 | 0.00 | Sep 26, 2025 | Missing Authorization vulnerability in CodexThemes TheGem (Elementor) thegem-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects TheGem (Elementor): from n/a through <= 5.10.5. | ||
| CVE-2025-59581 | Med | 0.35 | 6.5 | 0.00 | Sep 22, 2025 | Missing Authorization vulnerability in VW THEMES Ibtana ibtana-visual-editor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ibtana: from n/a through <= 1.2.5.3. | ||
| CVE-2025-58680 | Med | 0.35 | 6.5 | 0.00 | Sep 22, 2025 | Missing Authorization vulnerability in gutentor Gutentor gutentor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Gutentor: from n/a through <= 3.5.2. | ||
| CVE-2025-58672 | Med | 0.35 | 5.4 | 0.00 | Sep 22, 2025 | Missing Authorization vulnerability in weDevs WP User Frontend wp-user-frontend allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP User Frontend: from n/a through <= 4.1.12. | ||
| CVE-2025-58667 | Med | 0.35 | 5.4 | 0.00 | Sep 22, 2025 | Missing Authorization vulnerability in CridioStudio ListingPro Reviews listingpro-reviews allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ListingPro Reviews: from n/a through < 2.9.11. | ||
| CVE-2025-58660 | Med | 0.35 | 5.4 | 0.00 | Sep 22, 2025 | Missing Authorization vulnerability in brandexponents Oshine Core oshine-core allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Oshine Core: from n/a through <= 1.5.5. | ||
| CVE-2025-58650 | Med | 0.35 | 5.4 | 0.00 | Sep 22, 2025 | Missing Authorization vulnerability in Syed Balkhi All In One SEO Pack all-in-one-seo-pack allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects All In One SEO Pack: from n/a through <= 4.8.7.1. | ||
| CVE-2025-57991 | Med | 0.35 | 5.4 | 0.00 | Sep 22, 2025 | Missing Authorization vulnerability in Clariti Clariti clariti allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Clariti: from n/a through <= 1.2.1. | ||
| CVE-2025-57990 | Med | 0.35 | 5.4 | 0.00 | Sep 22, 2025 | Missing Authorization vulnerability in solwininfotech Blog Designer blog-designer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Blog Designer: from n/a through <= 3.1.8. | ||
| CVE-2025-57949 | Med | 0.35 | 5.4 | 0.00 | Sep 22, 2025 | Missing Authorization vulnerability in oggix Ongkoskirim.id ongkoskirim-id allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ongkoskirim.id: from n/a through <= 1.0.6. | ||
| CVE-2025-59474 | Med | 0.35 | 5.3 | 0.05 | Sep 17, 2025 | Jenkins 2.527 and earlier, LTS 2.516.2 and earlier does not perform a permission check in the sidepanel of a page intentionally accessible to users lacking Overall/Read permission, allowing attackers without Overall/Read permission to list agent names through its sidepanel… | ||
| CVE-2025-9076 | Med | 0.35 | 6.5 | 0.00 | Sep 15, 2025 | Mattermost versions 10.10.x <= 10.10.1 fail to properly sanitize user data during shared channel membership synchronization, which allows malicious or compromised remote clusters to access sensitive user information via unsanitized user objects. This vulnerability affects… |
- risk 0.35cvss 5.4epss 0.00
Missing Authorization vulnerability in templazee Templazee templazee allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Templazee: from n/a through <= 1.0.2.
- risk 0.35cvss 5.4epss 0.00
Missing Authorization vulnerability in accessiBe Web Accessibility By accessiBe accessibe allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Web Accessibility By accessiBe: from n/a through <= 2.10.
- risk 0.35cvss 6.5epss 0.00
The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to modification of data in all versions up to, and including, 4.2.9.2. This is due to missing capability checks on the Admin Tools REST endpoints which are registered with permission_callback set to…
- risk 0.35cvss 5.3epss 0.01
A weakness has been identified in PowerJob up to 5.1.2. This affects the function list of the file /user/list. This manipulation causes missing authorization. The attack can be initiated remotely. The exploit has been made available to the public and could be used for attacks.
- risk 0.35cvss 5.4epss 0.00
Missing Authorization vulnerability in ArtistScope CopySafe Web Protection wp-copysafe-web allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CopySafe Web Protection: from n/a through <= 5.1.
- risk 0.35cvss 5.4epss 0.00
Missing Authorization vulnerability in ThemeGoods Grand Conference Theme Custom Post Type grandconference-custom-post allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Grand Conference Theme Custom Post Type: from n/a through < 2.6.4.
- risk 0.35cvss 5.4epss 0.00
Missing Authorization vulnerability in CridioStudio ListingPro listingpro-plugin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ListingPro: from n/a through <= 2.9.8.
- risk 0.35cvss 5.4epss 0.00
Missing Authorization vulnerability in CodexThemes TheGem thegem allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects TheGem: from n/a through <= 5.10.5.
- risk 0.35cvss 5.4epss 0.00
Missing Authorization vulnerability in CodexThemes TheGem (Elementor) thegem-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects TheGem (Elementor): from n/a through <= 5.10.5.
- risk 0.35cvss 6.5epss 0.00
Missing Authorization vulnerability in VW THEMES Ibtana ibtana-visual-editor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ibtana: from n/a through <= 1.2.5.3.
- risk 0.35cvss 6.5epss 0.00
Missing Authorization vulnerability in gutentor Gutentor gutentor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Gutentor: from n/a through <= 3.5.2.
- risk 0.35cvss 5.4epss 0.00
Missing Authorization vulnerability in weDevs WP User Frontend wp-user-frontend allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP User Frontend: from n/a through <= 4.1.12.
- risk 0.35cvss 5.4epss 0.00
Missing Authorization vulnerability in CridioStudio ListingPro Reviews listingpro-reviews allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ListingPro Reviews: from n/a through < 2.9.11.
- risk 0.35cvss 5.4epss 0.00
Missing Authorization vulnerability in brandexponents Oshine Core oshine-core allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Oshine Core: from n/a through <= 1.5.5.
- risk 0.35cvss 5.4epss 0.00
Missing Authorization vulnerability in Syed Balkhi All In One SEO Pack all-in-one-seo-pack allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects All In One SEO Pack: from n/a through <= 4.8.7.1.
- risk 0.35cvss 5.4epss 0.00
Missing Authorization vulnerability in Clariti Clariti clariti allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Clariti: from n/a through <= 1.2.1.
- risk 0.35cvss 5.4epss 0.00
Missing Authorization vulnerability in solwininfotech Blog Designer blog-designer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Blog Designer: from n/a through <= 3.1.8.
- risk 0.35cvss 5.4epss 0.00
Missing Authorization vulnerability in oggix Ongkoskirim.id ongkoskirim-id allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ongkoskirim.id: from n/a through <= 1.0.6.
- risk 0.35cvss 5.3epss 0.05
Jenkins 2.527 and earlier, LTS 2.516.2 and earlier does not perform a permission check in the sidepanel of a page intentionally accessible to users lacking Overall/Read permission, allowing attackers without Overall/Read permission to list agent names through its sidepanel…
- risk 0.35cvss 6.5epss 0.00
Mattermost versions 10.10.x <= 10.10.1 fail to properly sanitize user data during shared channel membership synchronization, which allows malicious or compromised remote clusters to access sensitive user information via unsanitized user objects. This vulnerability affects…