CWE-862
Missing Authorization
Description
The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-665
CVEs mapped to this weakness (5,549)
page 115 of 278| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-42371 | Med | 0.35 | 5.4 | 0.00 | Sep 10, 2024 | The RFC enabled function module allows a low privileged user to delete the workplace favourites of any user. This vulnerability could be utilized to identify usernames and access information about targeted user's workplaces and nodes. There is low impact on integrity and… | ||
| CVE-2024-7032 | Med | 0.35 | 6.5 | 0.00 | Aug 21, 2024 | The Smart Online Order for Clover plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'moo_deactivateAndClean' function in all versions up to, and including, 1.5.6. This makes it possible for unauthenticated attackers to… | ||
| CVE-2024-43326 | Med | 0.35 | 5.4 | 0.00 | Aug 19, 2024 | Missing Authorization vulnerability in Jamie Bergen Plugin Notes Plus allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Plugin Notes Plus: from n/a through 1.2.7. | ||
| CVE-2024-42470 | Med | 0.35 | 6.5 | 0.01 | Aug 12, 2024 | openHAB, a provider of open-source home automation software, has add-ons including the visualization add-on CometVisu. Several endpoints in versions prior to 4.2.1 of the CometVisu add-on of openHAB don't require authentication. This makes it possible for unauthenticated… | ||
| CVE-2024-4410 | Med | 0.35 | 5.4 | 0.00 | Jul 27, 2024 | The IgnitionDeck Crowdfunding Platform plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 1.9.8. This is due to missing capability checks on various functions called via AJAX actions in the ~/classes/class-idf-wizard.php file. This… | ||
| CVE-2024-6392 | Med | 0.35 | 5.4 | 0.00 | Jul 11, 2024 | The Image Optimizer, Resizer and CDN – Sirv plugin for WordPress is vulnerable to unauthorized plugin settings modification due to missing capability checks on the plugin functions in all versions up to, and including, 7.2.7. This makes it possible for authenticated attackers,… | ||
| CVE-2024-5992 | Med | 0.35 | 6.5 | 0.01 | Jul 9, 2024 | The Cliengo – Chatbot plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'update_chatbot_token' and 'update_chatbot_position' functions in all versions up to, and including, 3.0.2. This makes it possible for… | ||
| CVE-2024-5669 | Med | 0.35 | 6.4 | 0.00 | Jul 9, 2024 | The XPlainer – WooCommerce Product FAQ [WooCommerce Accordion FAQ Plugin] plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ffw_activate_template' function in all versions up to, and including, 1.7.0. This makes… | ||
| CVE-2024-5600 | Med | 0.35 | 5.4 | 0.00 | Jul 9, 2024 | The SCSS Happy Compiler – Compile SCSS to CSS & Automatic Enqueue plugin for WordPress is vulnerable to Stored Cross-Site Scripting due to a missing capability check and insufficient sanitization on the import_settings() function in all versions up to, and including, 1.3.10.… | ||
| CVE-2024-4102 | Med | 0.35 | 5.4 | 0.00 | Jul 9, 2024 | The Pricing Table plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the ajax() function in all versions up to, and including, 2.0.1. This makes it possible for authenticated attackers, with subscriber-level access and above,… | ||
| CVE-2024-5710 | — | Med | 0.35 | 6.5 | 0.00 | Jun 27, 2024 | berriai/litellm version 1.34.34 is vulnerable to improper access control in its team management functionality. This vulnerability allows attackers to perform unauthorized actions such as creating, updating, viewing, deleting, blocking, and unblocking any teams, as well as adding… | |
| CVE-2024-3627 | Med | 0.35 | 5.4 | 0.00 | Jun 20, 2024 | The Wheel of Life: Coaching and Assessment Tool for Life Coach plugin for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check on several functions in the AjaxFunctions.php file in all versions up to, and including, 1.1.7. This… | ||
| CVE-2023-39310 | Med | 0.35 | 5.4 | 0.00 | Jun 19, 2024 | Missing Authorization vulnerability in ThemeFusion Fusion Builder.This issue affects Fusion Builder: from n/a through 3.11.1. | ||
| CVE-2023-35050 | Med | 0.35 | 5.4 | 0.00 | Jun 19, 2024 | Missing Authorization vulnerability in Elementor Elementor Pro.This issue affects Elementor Pro: from n/a through 3.13.0. | ||
| CVE-2023-40672 | Med | 0.35 | 5.4 | 0.00 | Jun 12, 2024 | Missing Authorization vulnerability in Hardik Chavada Sticky Social Media Icons.This issue affects Sticky Social Media Icons: from n/a through 2.1. | ||
| CVE-2024-34815 | Med | 0.35 | 5.4 | 0.00 | Jun 11, 2024 | Missing Authorization vulnerability in Javier Carazo Import and export users and customers import-users-from-csv-with-meta.This issue affects Import and export users and customers: from n/a through <= 1.26.5. | ||
| CVE-2024-34804 | Med | 0.35 | 5.4 | 0.00 | Jun 11, 2024 | Missing Authorization vulnerability in Tagembed.This issue affects Tagembed: from n/a through 5.8. | ||
| CVE-2024-35663 | Med | 0.35 | 5.4 | 0.00 | Jun 11, 2024 | Missing Authorization vulnerability in HahnCreativeGroup WP Translate.This issue affects WP Translate: from n/a through 5.3.0. | ||
| CVE-2023-52199 | Med | 0.35 | 6.5 | 0.00 | Jun 11, 2024 | Missing Authorization vulnerability in Matthias Pfefferle & Automattic ActivityPub.This issue affects ActivityPub: from n/a through 1.0.5. | ||
| CVE-2023-52183 | Med | 0.35 | 5.4 | 0.00 | Jun 11, 2024 | Missing Authorization vulnerability in WebToffee WordPress Backup & Migration.This issue affects WordPress Backup & Migration: from n/a through 1.4.3. |
- risk 0.35cvss 5.4epss 0.00
The RFC enabled function module allows a low privileged user to delete the workplace favourites of any user. This vulnerability could be utilized to identify usernames and access information about targeted user's workplaces and nodes. There is low impact on integrity and…
- risk 0.35cvss 6.5epss 0.00
The Smart Online Order for Clover plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'moo_deactivateAndClean' function in all versions up to, and including, 1.5.6. This makes it possible for unauthenticated attackers to…
- risk 0.35cvss 5.4epss 0.00
Missing Authorization vulnerability in Jamie Bergen Plugin Notes Plus allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Plugin Notes Plus: from n/a through 1.2.7.
- risk 0.35cvss 6.5epss 0.01
openHAB, a provider of open-source home automation software, has add-ons including the visualization add-on CometVisu. Several endpoints in versions prior to 4.2.1 of the CometVisu add-on of openHAB don't require authentication. This makes it possible for unauthenticated…
- risk 0.35cvss 5.4epss 0.00
The IgnitionDeck Crowdfunding Platform plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 1.9.8. This is due to missing capability checks on various functions called via AJAX actions in the ~/classes/class-idf-wizard.php file. This…
- risk 0.35cvss 5.4epss 0.00
The Image Optimizer, Resizer and CDN – Sirv plugin for WordPress is vulnerable to unauthorized plugin settings modification due to missing capability checks on the plugin functions in all versions up to, and including, 7.2.7. This makes it possible for authenticated attackers,…
- risk 0.35cvss 6.5epss 0.01
The Cliengo – Chatbot plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'update_chatbot_token' and 'update_chatbot_position' functions in all versions up to, and including, 3.0.2. This makes it possible for…
- risk 0.35cvss 6.4epss 0.00
The XPlainer – WooCommerce Product FAQ [WooCommerce Accordion FAQ Plugin] plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ffw_activate_template' function in all versions up to, and including, 1.7.0. This makes…
- risk 0.35cvss 5.4epss 0.00
The SCSS Happy Compiler – Compile SCSS to CSS & Automatic Enqueue plugin for WordPress is vulnerable to Stored Cross-Site Scripting due to a missing capability check and insufficient sanitization on the import_settings() function in all versions up to, and including, 1.3.10.…
- risk 0.35cvss 5.4epss 0.00
The Pricing Table plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the ajax() function in all versions up to, and including, 2.0.1. This makes it possible for authenticated attackers, with subscriber-level access and above,…
- risk 0.35cvss 6.5epss 0.00
berriai/litellm version 1.34.34 is vulnerable to improper access control in its team management functionality. This vulnerability allows attackers to perform unauthorized actions such as creating, updating, viewing, deleting, blocking, and unblocking any teams, as well as adding…
- risk 0.35cvss 5.4epss 0.00
The Wheel of Life: Coaching and Assessment Tool for Life Coach plugin for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check on several functions in the AjaxFunctions.php file in all versions up to, and including, 1.1.7. This…
- risk 0.35cvss 5.4epss 0.00
Missing Authorization vulnerability in ThemeFusion Fusion Builder.This issue affects Fusion Builder: from n/a through 3.11.1.
- risk 0.35cvss 5.4epss 0.00
Missing Authorization vulnerability in Elementor Elementor Pro.This issue affects Elementor Pro: from n/a through 3.13.0.
- risk 0.35cvss 5.4epss 0.00
Missing Authorization vulnerability in Hardik Chavada Sticky Social Media Icons.This issue affects Sticky Social Media Icons: from n/a through 2.1.
- risk 0.35cvss 5.4epss 0.00
Missing Authorization vulnerability in Javier Carazo Import and export users and customers import-users-from-csv-with-meta.This issue affects Import and export users and customers: from n/a through <= 1.26.5.
- risk 0.35cvss 5.4epss 0.00
Missing Authorization vulnerability in Tagembed.This issue affects Tagembed: from n/a through 5.8.
- risk 0.35cvss 5.4epss 0.00
Missing Authorization vulnerability in HahnCreativeGroup WP Translate.This issue affects WP Translate: from n/a through 5.3.0.
- risk 0.35cvss 6.5epss 0.00
Missing Authorization vulnerability in Matthias Pfefferle & Automattic ActivityPub.This issue affects ActivityPub: from n/a through 1.0.5.
- risk 0.35cvss 5.4epss 0.00
Missing Authorization vulnerability in WebToffee WordPress Backup & Migration.This issue affects WordPress Backup & Migration: from n/a through 1.4.3.