CWE-862
Missing Authorization
Description
The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-665
CVEs mapped to this weakness (5,549)
page 104 of 278| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-8423 | Med | 0.35 | 5.4 | 0.00 | Sep 11, 2025 | The My WP Translate plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the mtswpt_remove_plugin() and ajax_update_export_code() functions in all versions up to, and including, 1.1. This makes it possible for authenticated… | ||
| CVE-2025-58981 | Med | 0.35 | 5.4 | 0.00 | Sep 9, 2025 | Missing Authorization vulnerability in Equalize Digital Accessibility Checker by Equalize Digital accessibility-checker allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Accessibility Checker by Equalize Digital: from n/a through <=… | ||
| CVE-2025-53291 | Med | 0.35 | 5.4 | 0.00 | Sep 9, 2025 | Missing Authorization vulnerability in spoddev2021 Spreadconnect wc-spod.This issue affects Spreadconnect: from n/a through <= 2.1.5. | ||
| CVE-2025-32688 | Med | 0.35 | 5.4 | 0.00 | Sep 9, 2025 | Missing Authorization vulnerability in Nebojsa Target Video Easy Publish brid-video-easy-publish.This issue affects Target Video Easy Publish: from n/a through <= 3.8.9. | ||
| CVE-2025-42915 | Med | 0.35 | 5.4 | 0.00 | Sep 9, 2025 | Fiori app Manage Payment Blocks does not perform the necessary authorization checks, allowing an attacker with basic user privileges to abuse functionalities that should be restricted to specific user groups.This issue could impact both the confidentiality and integrity of the… | ||
| CVE-2025-54744 | Med | 0.35 | 6.5 | 0.00 | Sep 5, 2025 | Missing Authorization vulnerability in Stylemix MasterStudy LMS masterstudy-lms-learning-management-system allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MasterStudy LMS: from n/a through <= 3.6.15. | ||
| CVE-2025-58785 | Med | 0.35 | 5.4 | 0.00 | Sep 5, 2025 | Missing Authorization vulnerability in Jiro Sasamoto Ray Enterprise Translation lingotek-translation allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ray Enterprise Translation: from n/a through <= 1.7.2. | ||
| CVE-2025-58639 | Med | 0.35 | 5.4 | 0.00 | Sep 3, 2025 | Missing Authorization vulnerability in Ali Khallad Contact Form By Mega Forms mega-forms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Contact Form By Mega Forms: from n/a through <= 1.6.1. | ||
| CVE-2025-53337 | Med | 0.35 | 5.4 | 0.00 | Aug 28, 2025 | Missing Authorization vulnerability in Ashan Perera LifePress lifepress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LifePress: from n/a through <= 2.1.3. | ||
| CVE-2025-54717 | Med | 0.35 | 5.4 | 0.00 | Aug 14, 2025 | Missing Authorization vulnerability in e-plugins WP Membership wp-membership allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Membership: from n/a through <= 1.6.3. | ||
| CVE-2025-54695 | Med | 0.35 | 5.4 | 0.00 | Aug 14, 2025 | Missing Authorization vulnerability in DevItems HT Mega ht-mega-for-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects HT Mega: from n/a through <= 2.9.0. | ||
| CVE-2025-8796 | Med | 0.35 | 5.4 | 0.00 | Aug 10, 2025 | A vulnerability has been found in LitmusChaos Litmus up to 3.19.0 and classified as problematic. This vulnerability affects unknown code of the file /auth/delete_project/ of the component Delete Request Handler. The manipulation of the argument projectID leads to missing… | ||
| CVE-2025-54037 | Med | 0.35 | 5.4 | 0.00 | Jul 16, 2025 | Missing Authorization vulnerability in blazethemes News Kit Elementor Addons news-kit-elementor-addons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects News Kit Elementor Addons: from n/a through <= 1.3.4. | ||
| CVE-2025-48167 | Med | 0.35 | 5.4 | 0.00 | Jul 16, 2025 | Missing Authorization vulnerability in alexvtn Chatbox Manager wa-chatbox-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Chatbox Manager: from n/a through <= 1.2.5. | ||
| CVE-2025-53640 | Med | 0.35 | 6.5 | 0.01 | Jul 14, 2025 | Indico is an event management system that uses Flask-Multipass, a multi-backend authentication system for Flask. Starting in version 2.2 and prior to version 3.3.7, an endpoint used to display details of users listed in certain fields (such as ACLs) could be misused to dump… | ||
| CVE-2025-3702 | Med | 0.35 | 5.4 | 0.00 | Jul 3, 2025 | Missing Authorization vulnerability in Melapress Melapress File Monitor website-file-changes-monitor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Melapress File Monitor: from n/a through < 2.2.0. | ||
| CVE-2025-46259 | Med | 0.35 | 5.4 | 0.00 | Jul 1, 2025 | Missing Authorization vulnerability in POSIMYTH Innovation The Plus Addons for Elementor Pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects The Plus Addons for Elementor Pro: from n/a before 6.3.7. | ||
| CVE-2025-53318 | Med | 0.35 | 5.4 | 0.00 | Jun 27, 2025 | Missing Authorization vulnerability in WPManiax WP DB Booster wp-db-booster allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP DB Booster: from n/a through <= 1.0.1. | ||
| CVE-2025-50010 | Med | 0.35 | 5.4 | 0.00 | Jun 20, 2025 | Missing Authorization vulnerability in Zapier Zapier for WordPress zapier allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Zapier for WordPress: from n/a through <= 1.5.2. | ||
| CVE-2025-50009 | Med | 0.35 | 5.4 | 0.00 | Jun 20, 2025 | Missing Authorization vulnerability in Climax Themes Kata Plus kata-plus allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Kata Plus: from n/a through <= 1.5.3. |
- risk 0.35cvss 5.4epss 0.00
The My WP Translate plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the mtswpt_remove_plugin() and ajax_update_export_code() functions in all versions up to, and including, 1.1. This makes it possible for authenticated…
- risk 0.35cvss 5.4epss 0.00
Missing Authorization vulnerability in Equalize Digital Accessibility Checker by Equalize Digital accessibility-checker allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Accessibility Checker by Equalize Digital: from n/a through <=…
- risk 0.35cvss 5.4epss 0.00
Missing Authorization vulnerability in spoddev2021 Spreadconnect wc-spod.This issue affects Spreadconnect: from n/a through <= 2.1.5.
- risk 0.35cvss 5.4epss 0.00
Missing Authorization vulnerability in Nebojsa Target Video Easy Publish brid-video-easy-publish.This issue affects Target Video Easy Publish: from n/a through <= 3.8.9.
- risk 0.35cvss 5.4epss 0.00
Fiori app Manage Payment Blocks does not perform the necessary authorization checks, allowing an attacker with basic user privileges to abuse functionalities that should be restricted to specific user groups.This issue could impact both the confidentiality and integrity of the…
- risk 0.35cvss 6.5epss 0.00
Missing Authorization vulnerability in Stylemix MasterStudy LMS masterstudy-lms-learning-management-system allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MasterStudy LMS: from n/a through <= 3.6.15.
- risk 0.35cvss 5.4epss 0.00
Missing Authorization vulnerability in Jiro Sasamoto Ray Enterprise Translation lingotek-translation allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ray Enterprise Translation: from n/a through <= 1.7.2.
- risk 0.35cvss 5.4epss 0.00
Missing Authorization vulnerability in Ali Khallad Contact Form By Mega Forms mega-forms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Contact Form By Mega Forms: from n/a through <= 1.6.1.
- risk 0.35cvss 5.4epss 0.00
Missing Authorization vulnerability in Ashan Perera LifePress lifepress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LifePress: from n/a through <= 2.1.3.
- risk 0.35cvss 5.4epss 0.00
Missing Authorization vulnerability in e-plugins WP Membership wp-membership allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Membership: from n/a through <= 1.6.3.
- risk 0.35cvss 5.4epss 0.00
Missing Authorization vulnerability in DevItems HT Mega ht-mega-for-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects HT Mega: from n/a through <= 2.9.0.
- risk 0.35cvss 5.4epss 0.00
A vulnerability has been found in LitmusChaos Litmus up to 3.19.0 and classified as problematic. This vulnerability affects unknown code of the file /auth/delete_project/ of the component Delete Request Handler. The manipulation of the argument projectID leads to missing…
- risk 0.35cvss 5.4epss 0.00
Missing Authorization vulnerability in blazethemes News Kit Elementor Addons news-kit-elementor-addons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects News Kit Elementor Addons: from n/a through <= 1.3.4.
- risk 0.35cvss 5.4epss 0.00
Missing Authorization vulnerability in alexvtn Chatbox Manager wa-chatbox-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Chatbox Manager: from n/a through <= 1.2.5.
- risk 0.35cvss 6.5epss 0.01
Indico is an event management system that uses Flask-Multipass, a multi-backend authentication system for Flask. Starting in version 2.2 and prior to version 3.3.7, an endpoint used to display details of users listed in certain fields (such as ACLs) could be misused to dump…
- risk 0.35cvss 5.4epss 0.00
Missing Authorization vulnerability in Melapress Melapress File Monitor website-file-changes-monitor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Melapress File Monitor: from n/a through < 2.2.0.
- risk 0.35cvss 5.4epss 0.00
Missing Authorization vulnerability in POSIMYTH Innovation The Plus Addons for Elementor Pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects The Plus Addons for Elementor Pro: from n/a before 6.3.7.
- risk 0.35cvss 5.4epss 0.00
Missing Authorization vulnerability in WPManiax WP DB Booster wp-db-booster allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP DB Booster: from n/a through <= 1.0.1.
- risk 0.35cvss 5.4epss 0.00
Missing Authorization vulnerability in Zapier Zapier for WordPress zapier allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Zapier for WordPress: from n/a through <= 1.5.2.
- risk 0.35cvss 5.4epss 0.00
Missing Authorization vulnerability in Climax Themes Kata Plus kata-plus allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Kata Plus: from n/a through <= 1.5.3.