CWE-862

Missing Authorization

ClassIncompleteLikelihood: High

Description

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

Hierarchy (View 1000)

Parents

CWE-285

Children

Related attack patterns (CAPEC)

CAPEC-665

CVEs mapped to this weakness (4,593)

page 105 of 230

CVE	Vendor / Product	Sev	Risk	CVSS	Published	Description
CVE-2026-39698	PublisherDesk The Publisher Desk ads.txt	Med	0.34	5.3	Apr 8, 2026	Missing Authorization vulnerability in PublisherDesk The Publisher Desk ads.txt the-publisher-desk-ads-txt allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects The Publisher Desk ads.txt: from n/a through <= 1.5.0.
CVE-2026-39697	HBSS Technologies MAIO – The new AI GEO / SEO tool	Med	0.34	5.3	Apr 8, 2026	Missing Authorization vulnerability in HBSS Technologies MAIO – The new AI GEO / SEO tool maio-the-new-ai-geo-seo-tool allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MAIO – The new AI GEO / SEO tool: from n/a through <= 6.2.8.
CVE-2026-39694	Nsquared Simply Schedule Appointments	Med	0.34	5.3	Apr 8, 2026	Missing Authorization vulnerability in NSquared Simply Schedule Appointments simply-schedule-appointments allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simply Schedule Appointments: from n/a through <= 1.6.10.2.
CVE-2026-39691	Adastracrypto Cryptocurrency Payment \& Donation Box	Med	0.34	5.3	Apr 8, 2026	Missing Authorization vulnerability in AdAstraCrypto Cryptocurrency Donation Box – Bitcoin & Crypto Donations cryptocurrency-donation-box allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Cryptocurrency Donation Box – Bitcoin & Crypto Donations: from n/a through <= 2.2.13.
CVE-2026-39690	Bearne Author Avatars List\/block	Med	0.34	5.3	Apr 8, 2026	Missing Authorization vulnerability in Paul Bearne Author Avatars List/Block author-avatars allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Author Avatars List/Block: from n/a through <= 2.1.25.
CVE-2026-39689	eshipper eShipper Commerce	Med	0.34	5.3	Apr 8, 2026	Missing Authorization vulnerability in eshipper eShipper Commerce eshipper-commerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects eShipper Commerce: from n/a through <= 2.16.12.
CVE-2026-39688	—	Med	0.34	5.3	Apr 8, 2026	Missing Authorization vulnerability in Glowlogix WP Frontend Profile wp-front-end-profile allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Frontend Profile: from n/a through <= 1.3.9.
CVE-2026-39687	Rapid Car Check Rapid Car Check Vehicle Data	Med	0.34	5.3	Apr 8, 2026	Missing Authorization vulnerability in Rapid Car Check Rapid Car Check Vehicle Data free-vehicle-data-uk allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Rapid Car Check Vehicle Data: from n/a through <= 2.0.
CVE-2026-39685	—	Med	0.34	5.3	Apr 8, 2026	Missing Authorization vulnerability in lvaudore The Moneytizer the-moneytizer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects The Moneytizer: from n/a through <= 10.0.10.
CVE-2026-39682	Arjan Pronk linkPizza-Manager	Med	0.34	5.3	Apr 8, 2026	Missing Authorization vulnerability in Arjan Pronk linkPizza-Manager linkpizza-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects linkPizza-Manager: from n/a through <= 5.5.5.
CVE-2026-39680	MWP Development Diet Calorie Calculator	Med	0.34	5.3	Apr 8, 2026	Missing Authorization vulnerability in MWP Development Diet Calorie Calculator diet-calorie-calculator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Diet Calorie Calculator: from n/a through <= 1.1.1.
CVE-2026-39678	DOTonPAPER Pinpoint Booking System	Med	0.34	5.3	Apr 8, 2026	Missing Authorization vulnerability in DOTonPAPER Pinpoint Booking System booking-system allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Pinpoint Booking System: from n/a through <= 2.9.9.6.5.
CVE-2026-39676	Shahjada Download Manager	Med	0.34	5.3	Apr 8, 2026	Missing Authorization vulnerability in Shahjada Download Manager download-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Download Manager: from n/a through <= 3.3.52.
CVE-2026-39675	webmuehle Court Reservation	Med	0.34	5.3	Apr 8, 2026	Missing Authorization vulnerability in webmuehle Court Reservation court-reservation allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Court Reservation: from n/a through <= 1.10.11.
CVE-2026-39673	WordPress Izooto Web Push	Med	0.34	5.3	Apr 8, 2026	Missing Authorization vulnerability in shrikantkale iZooto izooto-web-push allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects iZooto: from n/a through <= 3.7.20.
CVE-2026-39672	WordPress Shiptime Discount Shipping	Med	0.34	5.3	Apr 8, 2026	Missing Authorization vulnerability in shiptime ShipTime: Discounted Shipping Rates shiptime-discount-shipping allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ShipTime: Discounted Shipping Rates: from n/a through <= 1.1.1.
CVE-2026-39669	WordPress Nitropack	Med	0.34	5.3	Apr 8, 2026	Missing Authorization vulnerability in NitroPack allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects NitroPack: from n/a through 1.19.3.
CVE-2026-39668	WordPress Book Previewer For Woocommerce	Med	0.34	5.3	Apr 8, 2026	Missing Authorization vulnerability in g5theme Book Previewer for Woocommerce book-previewer-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Book Previewer for Woocommerce: from n/a through <= 1.0.6.
CVE-2026-39664	WordPress Leadrebel	Med	0.34	5.3	Apr 8, 2026	Missing Authorization vulnerability in leadrebel Leadrebel leadrebel allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Leadrebel: from n/a through <= 1.0.2.
CVE-2026-39663	—	Med	0.34	5.3	Apr 8, 2026	Missing Authorization vulnerability in themetechmount TrueBooker truebooker-appointment-booking allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects TrueBooker: from n/a through <= 1.1.5.

CVE-2026-39698MedApr 8, 2026
PublisherDesk
The Publisher Desk ads.txt
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in PublisherDesk The Publisher Desk ads.txt the-publisher-desk-ads-txt allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects The Publisher Desk ads.txt: from n/a through <= 1.5.0.
CVE-2026-39697MedApr 8, 2026
HBSS Technologies
MAIO – The new AI GEO / SEO tool
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in HBSS Technologies MAIO – The new AI GEO / SEO tool maio-the-new-ai-geo-seo-tool allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MAIO – The new AI GEO / SEO tool: from n/a through <= 6.2.8.
CVE-2026-39694MedApr 8, 2026
Nsquared
Simply Schedule Appointments
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in NSquared Simply Schedule Appointments simply-schedule-appointments allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simply Schedule Appointments: from n/a through <= 1.6.10.2.
CVE-2026-39691MedApr 8, 2026
Adastracrypto
Cryptocurrency Payment \& Donation Box
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in AdAstraCrypto Cryptocurrency Donation Box – Bitcoin & Crypto Donations cryptocurrency-donation-box allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Cryptocurrency Donation Box – Bitcoin & Crypto Donations: from n/a through <= 2.2.13.
CVE-2026-39690MedApr 8, 2026
Bearne
Author Avatars List\/block
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in Paul Bearne Author Avatars List/Block author-avatars allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Author Avatars List/Block: from n/a through <= 2.1.25.
CVE-2026-39689MedApr 8, 2026
eshipper
eShipper Commerce
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in eshipper eShipper Commerce eshipper-commerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects eShipper Commerce: from n/a through <= 2.16.12.
CVE-2026-39688MedApr 8, 2026
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in Glowlogix WP Frontend Profile wp-front-end-profile allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Frontend Profile: from n/a through <= 1.3.9.
CVE-2026-39687MedApr 8, 2026
Rapid Car Check
Rapid Car Check Vehicle Data
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in Rapid Car Check Rapid Car Check Vehicle Data free-vehicle-data-uk allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Rapid Car Check Vehicle Data: from n/a through <= 2.0.
CVE-2026-39685MedApr 8, 2026
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in lvaudore The Moneytizer the-moneytizer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects The Moneytizer: from n/a through <= 10.0.10.
CVE-2026-39682MedApr 8, 2026
Arjan Pronk
linkPizza-Manager
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in Arjan Pronk linkPizza-Manager linkpizza-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects linkPizza-Manager: from n/a through <= 5.5.5.
CVE-2026-39680MedApr 8, 2026
MWP Development
Diet Calorie Calculator
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in MWP Development Diet Calorie Calculator diet-calorie-calculator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Diet Calorie Calculator: from n/a through <= 1.1.1.
CVE-2026-39678MedApr 8, 2026
DOTonPAPER
Pinpoint Booking System
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in DOTonPAPER Pinpoint Booking System booking-system allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Pinpoint Booking System: from n/a through <= 2.9.9.6.5.
CVE-2026-39676MedApr 8, 2026
Shahjada
Download Manager
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in Shahjada Download Manager download-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Download Manager: from n/a through <= 3.3.52.
CVE-2026-39675MedApr 8, 2026
webmuehle
Court Reservation
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in webmuehle Court Reservation court-reservation allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Court Reservation: from n/a through <= 1.10.11.
CVE-2026-39673MedApr 8, 2026
WordPress
Izooto Web Push
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in shrikantkale iZooto izooto-web-push allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects iZooto: from n/a through <= 3.7.20.
CVE-2026-39672MedApr 8, 2026
WordPress
Shiptime Discount Shipping
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in shiptime ShipTime: Discounted Shipping Rates shiptime-discount-shipping allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ShipTime: Discounted Shipping Rates: from n/a through <= 1.1.1.
CVE-2026-39669MedApr 8, 2026
WordPress
Nitropack
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in NitroPack allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects NitroPack: from n/a through 1.19.3.
CVE-2026-39668MedApr 8, 2026
WordPress
Book Previewer For Woocommerce
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in g5theme Book Previewer for Woocommerce book-previewer-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Book Previewer for Woocommerce: from n/a through <= 1.0.6.
CVE-2026-39664MedApr 8, 2026
WordPress
Leadrebel
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in leadrebel Leadrebel leadrebel allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Leadrebel: from n/a through <= 1.0.2.
CVE-2026-39663MedApr 8, 2026
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in themetechmount TrueBooker truebooker-appointment-booking allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects TrueBooker: from n/a through <= 1.1.5.