CWE-862

Missing Authorization

ClassIncompleteLikelihood: High

Description

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

Hierarchy (View 1000)

Parents

CWE-285

Children

Related attack patterns (CAPEC)

CAPEC-665

CVEs mapped to this weakness (4,593)

page 106 of 230

CVE	Vendor / Product	Sev	Risk	CVSS	Published	Description
CVE-2026-39662	WordPress Product Price By Formula For Woocommerce	Med	0.34	5.3	Apr 8, 2026	Missing Authorization vulnerability in ProWCPlugins Product Price by Formula for WooCommerce product-price-by-formula-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Product Price by Formula for WooCommerce: from n/a through <= 2.5.6.
CVE-2026-39658	WordPress Panda Pods Repeater Field	Med	0.34	5.3	Apr 8, 2026	Missing Authorization vulnerability in Coding Panda Panda Pods Repeater Field panda-pods-repeater-field allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Panda Pods Repeater Field: from n/a through <= 1.5.12.
CVE-2026-39657	WordPress Leadlovers Forms	Med	0.34	5.3	Apr 8, 2026	Missing Authorization vulnerability in leadlovers leadlovers forms leadlovers-forms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects leadlovers forms: from n/a through <= 1.0.2.
CVE-2026-39656	WordPress Woo Razorpay	Med	0.34	5.3	Apr 8, 2026	Missing Authorization vulnerability in Razorpay Razorpay for WooCommerce woo-razorpay allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Razorpay for WooCommerce: from n/a through <= 4.8.2.
CVE-2026-39652	WordPress Igms Direct Booking	Med	0.34	5.3	Apr 8, 2026	Missing Authorization vulnerability in igms iGMS Direct Booking igms-direct-booking allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects iGMS Direct Booking: from n/a through <= 1.3.
CVE-2026-39650	—	Med	0.34	5.3	Apr 8, 2026	Missing Authorization vulnerability in Unitech Web UnitechPay unitechpay-paiements-mobile-money allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects UnitechPay: from n/a through <= 1.0.2.
CVE-2026-39649	Themebeez Royale News	Med	0.34	5.3	Apr 8, 2026	Missing Authorization vulnerability in themebeez Royale News royale-news allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Royale News: from n/a through <= 2.2.4.
CVE-2026-39648	—	Med	0.34	5.3	Apr 8, 2026	Missing Authorization vulnerability in themebeez Cream Blog cream-blog allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Cream Blog: from n/a through <= 2.1.7.
CVE-2026-39644	WordPress Wp Ultimate Review	Med	0.34	5.3	Apr 8, 2026	Missing Authorization vulnerability in Roxnor Wp Ultimate Review wp-ultimate-review allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Wp Ultimate Review: from n/a through <= 2.3.8.
CVE-2026-39643	WordPress Pymntpl Paypal Woocommerce	Med	0.34	5.3	Apr 8, 2026	Missing Authorization vulnerability in Payment Plugins Payment Plugins for PayPal WooCommerce pymntpl-paypal-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Payment Plugins for PayPal WooCommerce: from n/a through <= 2.0.13.
CVE-2026-39637	—	Med	0.34	5.3	Apr 8, 2026	Missing Authorization vulnerability in SpabRice Mogi mogi allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Mogi: from n/a through <= 1.2.3.
CVE-2026-39624	kutethemes Biolife	Med	0.34	5.3	Apr 8, 2026	Missing Authorization vulnerability in kutethemes Biolife biolife allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Biolife: from n/a through <= 3.2.3.
CVE-2026-39622	acmethemes Education Base	Med	0.34	5.3	Apr 8, 2026	Missing Authorization vulnerability in acmethemes Education Base education-base allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Education Base: from n/a through <= 3.0.8.
CVE-2026-39612	kutethemes KuteShop	Med	0.34	5.3	Apr 8, 2026	Missing Authorization vulnerability in kutethemes KuteShop kuteshop allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects KuteShop: from n/a through <= 4.2.9.
CVE-2026-39610	WordPress Wpxmas Snow	Med	0.34	5.3	Apr 8, 2026	Missing Authorization vulnerability in Pankaj Kumar WpXmas-Snow wpxmas-snow allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WpXmas-Snow: from n/a through <= 1.1.
CVE-2026-39609	WordPress Wava Payment	Med	0.34	5.3	Apr 8, 2026	Missing Authorization vulnerability in Wava.co Wava Payment wava-payment allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Wava Payment: from n/a through <= 0.3.7.
CVE-2026-39608	WordPress Ipospays Gateways Wc	Med	0.34	5.3	Apr 8, 2026	Missing Authorization vulnerability in iPOSPays iPOSpays Gateways WC ipospays-gateways-wc allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects iPOSpays Gateways WC: from n/a through <= 1.3.7.
CVE-2026-39606	WordPress Bizreview	Med	0.34	5.3	Apr 8, 2026	Missing Authorization vulnerability in Foysal Imran BizReview bizreview allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects BizReview: from n/a through <= 1.5.13.
CVE-2026-39605	WordPress Super Custom Login	Med	0.34	5.3	Apr 8, 2026	Missing Authorization vulnerability in Obadiah Super Custom Login super-custom-login allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Super Custom Login: from n/a through <= 1.1.
CVE-2026-39602	Etoilewebdesign Order Tracking	Med	0.34	5.3	Apr 8, 2026	Missing Authorization vulnerability in Rustaurius Order Tracking order-tracking allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Order Tracking: from n/a through <= 3.4.3.

CVE-2026-39662MedApr 8, 2026
WordPress
Product Price By Formula For Woocommerce
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in ProWCPlugins Product Price by Formula for WooCommerce product-price-by-formula-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Product Price by Formula for WooCommerce: from n/a through <= 2.5.6.
CVE-2026-39658MedApr 8, 2026
WordPress
Panda Pods Repeater Field
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in Coding Panda Panda Pods Repeater Field panda-pods-repeater-field allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Panda Pods Repeater Field: from n/a through <= 1.5.12.
CVE-2026-39657MedApr 8, 2026
WordPress
Leadlovers Forms
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in leadlovers leadlovers forms leadlovers-forms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects leadlovers forms: from n/a through <= 1.0.2.
CVE-2026-39656MedApr 8, 2026
WordPress
Woo Razorpay
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in Razorpay Razorpay for WooCommerce woo-razorpay allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Razorpay for WooCommerce: from n/a through <= 4.8.2.
CVE-2026-39652MedApr 8, 2026
WordPress
Igms Direct Booking
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in igms iGMS Direct Booking igms-direct-booking allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects iGMS Direct Booking: from n/a through <= 1.3.
CVE-2026-39650MedApr 8, 2026
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in Unitech Web UnitechPay unitechpay-paiements-mobile-money allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects UnitechPay: from n/a through <= 1.0.2.
CVE-2026-39649MedApr 8, 2026
Themebeez
Royale News
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in themebeez Royale News royale-news allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Royale News: from n/a through <= 2.2.4.
CVE-2026-39648MedApr 8, 2026
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in themebeez Cream Blog cream-blog allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Cream Blog: from n/a through <= 2.1.7.
CVE-2026-39644MedApr 8, 2026
WordPress
Wp Ultimate Review
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in Roxnor Wp Ultimate Review wp-ultimate-review allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Wp Ultimate Review: from n/a through <= 2.3.8.
CVE-2026-39643MedApr 8, 2026
WordPress
Pymntpl Paypal Woocommerce
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in Payment Plugins Payment Plugins for PayPal WooCommerce pymntpl-paypal-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Payment Plugins for PayPal WooCommerce: from n/a through <= 2.0.13.
CVE-2026-39637MedApr 8, 2026
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in SpabRice Mogi mogi allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Mogi: from n/a through <= 1.2.3.
CVE-2026-39624MedApr 8, 2026
kutethemes
Biolife
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in kutethemes Biolife biolife allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Biolife: from n/a through <= 3.2.3.
CVE-2026-39622MedApr 8, 2026
acmethemes
Education Base
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in acmethemes Education Base education-base allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Education Base: from n/a through <= 3.0.8.
CVE-2026-39612MedApr 8, 2026
kutethemes
KuteShop
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in kutethemes KuteShop kuteshop allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects KuteShop: from n/a through <= 4.2.9.
CVE-2026-39610MedApr 8, 2026
WordPress
Wpxmas Snow
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in Pankaj Kumar WpXmas-Snow wpxmas-snow allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WpXmas-Snow: from n/a through <= 1.1.
CVE-2026-39609MedApr 8, 2026
WordPress
Wava Payment
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in Wava.co Wava Payment wava-payment allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Wava Payment: from n/a through <= 0.3.7.
CVE-2026-39608MedApr 8, 2026
WordPress
Ipospays Gateways Wc
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in iPOSPays iPOSpays Gateways WC ipospays-gateways-wc allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects iPOSpays Gateways WC: from n/a through <= 1.3.7.
CVE-2026-39606MedApr 8, 2026
WordPress
Bizreview
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in Foysal Imran BizReview bizreview allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects BizReview: from n/a through <= 1.5.13.
CVE-2026-39605MedApr 8, 2026
WordPress
Super Custom Login
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in Obadiah Super Custom Login super-custom-login allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Super Custom Login: from n/a through <= 1.1.
CVE-2026-39602MedApr 8, 2026
Etoilewebdesign
Order Tracking
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in Rustaurius Order Tracking order-tracking allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Order Tracking: from n/a through <= 3.4.3.