CWE-862
Missing Authorization
Description
The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-665
CVEs mapped to this weakness (5,549)
page 116 of 278| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-52179 | Med | 0.35 | 5.4 | 0.00 | Jun 11, 2024 | Missing Authorization vulnerability in WebCodingPlace Product Expiry for WooCommerce.This issue affects Product Expiry for WooCommerce: from n/a through 2.5. | ||
| CVE-2024-32824 | Med | 0.35 | 5.4 | 0.00 | Jun 9, 2024 | Missing Authorization vulnerability in Evergreen Content Poster Evergreen Content Poster evergreen-content-poster.This issue affects Evergreen Content Poster: from n/a through <= 1.4.2. | ||
| CVE-2024-32797 | Med | 0.35 | 5.4 | 0.00 | Jun 9, 2024 | Missing Authorization vulnerability in Martin Gibson WP LinkedIn Auto Publish.This issue affects WP LinkedIn Auto Publish: from n/a through 8.11. | ||
| CVE-2024-31246 | Med | 0.35 | 5.4 | 0.00 | Jun 9, 2024 | Missing Authorization vulnerability in WPXPO PostX ultimate-post allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PostX: from n/a through <= 3.2.3. | ||
| CVE-2024-5382 | Med | 0.35 | 6.5 | 0.00 | Jun 7, 2024 | The Master Addons – Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ma-template' REST API route in all versions up to, and including,… | ||
| CVE-2024-5607 | Med | 0.35 | 5.4 | 0.00 | Jun 7, 2024 | The GDPR CCPA Compliance & Cookie Consent Banner plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several functions named ajaxUpdateSettings() in all versions up to, and including, 2.7.0. This makes it possible for… | ||
| CVE-2023-6876 | Med | 0.35 | 5.4 | 0.00 | Jun 7, 2024 | The Clever Fox – One Click Website Importer by Nayra Themes plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'clever-fox-activate-theme' function in all versions up to, and including, 25.2.0. This makes it… | ||
| CVE-2024-2035 | Med | 0.35 | 6.5 | 0.01 | Jun 6, 2024 | An improper authorization vulnerability exists in the zenml-io/zenml repository, specifically within the API PUT /api/v1/users/id endpoint. This vulnerability allows any authenticated user to modify the information of other users, including changing the `active` status of user… | ||
| CVE-2024-2017 | Med | 0.35 | 5.4 | 0.00 | Jun 6, 2024 | The Countdown, Coming Soon, Maintenance – Countdown & Clock plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the conditionsRow and switchCountdown functions in all versions up to, and including, 2.7.8. This makes it possible for… | ||
| CVE-2024-4445 | Med | 0.35 | 6.5 | 0.00 | May 14, 2024 | The WP Compress – Image Optimizer [All-In-One] plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the several functions in versions up to, and including, 6.20.01. This makes it possible for authenticated attackers, with… | ||
| CVE-2024-32717 | Med | 0.35 | 6.5 | 0.01 | May 14, 2024 | Missing Authorization vulnerability in WPDeveloper SchedulePress.This issue affects SchedulePress: from n/a through 5.0.8. | ||
| CVE-2024-3237 | Med | 0.35 | 5.4 | 0.00 | May 4, 2024 | The ConvertPlug plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the cp_dismiss_notice() function in all versions up to, and including, 3.5.25. This makes it possible for authenticated attackers, with subscriber-level… | ||
| CVE-2024-3553 | Med | 0.35 | 6.5 | 0.00 | May 2, 2024 | The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the hide_notices function in all versions up to, and including, 2.6.2. This makes it possible for unauthenticated… | ||
| CVE-2024-3295 | Med | 0.35 | 6.5 | 0.01 | May 2, 2024 | The User Registration – Custom Registration Form, Login Form, and User Profile WordPress Plugin plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the profile_pic_remove function in versions up to, and including, 3.1.5. This… | ||
| CVE-2024-1809 | Med | 0.35 | 5.4 | 0.00 | May 2, 2024 | The Analytify – Google Analytics Dashboard For WordPress (GA4 analytics made easy) plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on AJAX functions in combination with nonce leakage in all versions up to, and including,… | ||
| CVE-2024-33588 | Med | 0.35 | 5.4 | 0.00 | Apr 29, 2024 | Missing Authorization vulnerability in codeSavory Knowledge Base documentation & wiki plugin – BasePress.This issue affects Knowledge Base documentation & wiki plugin – BasePress: from n/a through 2.16.1. | ||
| CVE-2024-33636 | Med | 0.35 | 5.4 | 0.00 | Apr 29, 2024 | Missing Authorization vulnerability in Mahesh Vora WP Page Post Widget Clone.This issue affects WP Page Post Widget Clone: from n/a through 1.0.1. | ||
| CVE-2022-40975 | Med | 0.35 | 5.4 | 0.00 | Apr 26, 2024 | Missing Authorization vulnerability in Aazztech Post Slider.This issue affects Post Slider: from n/a through 1.6.7. | ||
| CVE-2024-32142 | Med | 0.35 | 5.4 | 0.00 | Apr 18, 2024 | Missing Authorization vulnerability in Ovic Team Ovic Responsive WPBakery.This issue affects Ovic Responsive WPBakery: from n/a through 1.3.0. | ||
| CVE-2024-32515 | Med | 0.35 | 5.4 | 0.00 | Apr 17, 2024 | Missing Authorization vulnerability in Qamar Sheeraz, Nasir Ahmad Mega Addons For Elementor.This issue affects Mega Addons For Elementor: from n/a through 1.8. |
- risk 0.35cvss 5.4epss 0.00
Missing Authorization vulnerability in WebCodingPlace Product Expiry for WooCommerce.This issue affects Product Expiry for WooCommerce: from n/a through 2.5.
- risk 0.35cvss 5.4epss 0.00
Missing Authorization vulnerability in Evergreen Content Poster Evergreen Content Poster evergreen-content-poster.This issue affects Evergreen Content Poster: from n/a through <= 1.4.2.
- risk 0.35cvss 5.4epss 0.00
Missing Authorization vulnerability in Martin Gibson WP LinkedIn Auto Publish.This issue affects WP LinkedIn Auto Publish: from n/a through 8.11.
- risk 0.35cvss 5.4epss 0.00
Missing Authorization vulnerability in WPXPO PostX ultimate-post allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PostX: from n/a through <= 3.2.3.
- risk 0.35cvss 6.5epss 0.00
The Master Addons – Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ma-template' REST API route in all versions up to, and including,…
- risk 0.35cvss 5.4epss 0.00
The GDPR CCPA Compliance & Cookie Consent Banner plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several functions named ajaxUpdateSettings() in all versions up to, and including, 2.7.0. This makes it possible for…
- risk 0.35cvss 5.4epss 0.00
The Clever Fox – One Click Website Importer by Nayra Themes plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'clever-fox-activate-theme' function in all versions up to, and including, 25.2.0. This makes it…
- risk 0.35cvss 6.5epss 0.01
An improper authorization vulnerability exists in the zenml-io/zenml repository, specifically within the API PUT /api/v1/users/id endpoint. This vulnerability allows any authenticated user to modify the information of other users, including changing the `active` status of user…
- risk 0.35cvss 5.4epss 0.00
The Countdown, Coming Soon, Maintenance – Countdown & Clock plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the conditionsRow and switchCountdown functions in all versions up to, and including, 2.7.8. This makes it possible for…
- risk 0.35cvss 6.5epss 0.00
The WP Compress – Image Optimizer [All-In-One] plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the several functions in versions up to, and including, 6.20.01. This makes it possible for authenticated attackers, with…
- risk 0.35cvss 6.5epss 0.01
Missing Authorization vulnerability in WPDeveloper SchedulePress.This issue affects SchedulePress: from n/a through 5.0.8.
- risk 0.35cvss 5.4epss 0.00
The ConvertPlug plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the cp_dismiss_notice() function in all versions up to, and including, 3.5.25. This makes it possible for authenticated attackers, with subscriber-level…
- risk 0.35cvss 6.5epss 0.00
The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the hide_notices function in all versions up to, and including, 2.6.2. This makes it possible for unauthenticated…
- risk 0.35cvss 6.5epss 0.01
The User Registration – Custom Registration Form, Login Form, and User Profile WordPress Plugin plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the profile_pic_remove function in versions up to, and including, 3.1.5. This…
- risk 0.35cvss 5.4epss 0.00
The Analytify – Google Analytics Dashboard For WordPress (GA4 analytics made easy) plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on AJAX functions in combination with nonce leakage in all versions up to, and including,…
- risk 0.35cvss 5.4epss 0.00
Missing Authorization vulnerability in codeSavory Knowledge Base documentation & wiki plugin – BasePress.This issue affects Knowledge Base documentation & wiki plugin – BasePress: from n/a through 2.16.1.
- risk 0.35cvss 5.4epss 0.00
Missing Authorization vulnerability in Mahesh Vora WP Page Post Widget Clone.This issue affects WP Page Post Widget Clone: from n/a through 1.0.1.
- risk 0.35cvss 5.4epss 0.00
Missing Authorization vulnerability in Aazztech Post Slider.This issue affects Post Slider: from n/a through 1.6.7.
- risk 0.35cvss 5.4epss 0.00
Missing Authorization vulnerability in Ovic Team Ovic Responsive WPBakery.This issue affects Ovic Responsive WPBakery: from n/a through 1.3.0.
- risk 0.35cvss 5.4epss 0.00
Missing Authorization vulnerability in Qamar Sheeraz, Nasir Ahmad Mega Addons For Elementor.This issue affects Mega Addons For Elementor: from n/a through 1.8.