CWE-862
Missing Authorization
Description
The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-665
CVEs mapped to this weakness (4,602)
page 116 of 231| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-24615 | Med | 0.34 | 5.3 | 0.00 | Jan 23, 2026 | Missing Authorization vulnerability in themebeez Cream Magazine cream-magazine allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Cream Magazine: from n/a through <= 2.1.10. | ||
| CVE-2026-24613 | Med | 0.34 | 5.3 | 0.00 | Jan 23, 2026 | Missing Authorization vulnerability in Ecwid by Lightspeed Ecommerce Shopping Cart Ecwid Shopping Cart ecwid-shopping-cart allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ecwid Shopping Cart: from n/a through <= 7.0.6. | ||
| CVE-2026-24612 | Med | 0.34 | 5.3 | 0.00 | Jan 23, 2026 | Missing Authorization vulnerability in themebeez Orchid Store orchid-store allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Orchid Store: from n/a through <= 1.5.15. | ||
| CVE-2026-24607 | Med | 0.34 | 5.3 | 0.00 | Jan 23, 2026 | Missing Authorization vulnerability in wptravelengine Travel Monster travel-monster allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Travel Monster: from n/a through <= 1.3.3. | ||
| CVE-2026-24606 | Med | 0.34 | 5.3 | 0.00 | Jan 23, 2026 | Missing Authorization vulnerability in Web Impian Bayarcash WooCommerce bayarcash-wc allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Bayarcash WooCommerce: from n/a through <= 4.3.13. | ||
| CVE-2026-24604 | Med | 0.34 | 5.3 | 0.00 | Jan 23, 2026 | Missing Authorization vulnerability in themebeez Simple GDPR Cookie Compliance simple-gdpr-cookie-compliance allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simple GDPR Cookie Compliance: from n/a through <= 2.0.0. | ||
| CVE-2026-24603 | Med | 0.34 | 5.3 | 0.00 | Jan 23, 2026 | Missing Authorization vulnerability in themebeez Universal Google Adsense and Ads manager universal-google-adsense-and-ads-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Universal Google Adsense and Ads manager: from n/a through <= 1.1.8. | ||
| CVE-2026-24583 | Med | 0.34 | 5.3 | 0.00 | Jan 23, 2026 | Missing Authorization vulnerability in sumup SumUp Payment Gateway For WooCommerce sumup-payment-gateway-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SumUp Payment Gateway For WooCommerce: from n/a through <= 2.7.9. | ||
| CVE-2026-24577 | Med | 0.34 | 5.3 | 0.00 | Jan 23, 2026 | Missing Authorization vulnerability in Genetech Products Pie Register pie-register allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Pie Register: from n/a through <= 3.8.4.8. | ||
| CVE-2026-24568 | Med | 0.34 | 5.3 | 0.00 | Jan 23, 2026 | Missing Authorization vulnerability in WP Travel WP Travel wp-travel allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Travel: from n/a through <= 11.1.0. | ||
| CVE-2026-24562 | Med | 0.34 | 5.3 | 0.00 | Jan 23, 2026 | Missing Authorization vulnerability in Ryviu Ryviu – Product Reviews for WooCommerce ryviu allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ryviu – Product Reviews for WooCommerce: from n/a through <= 3.1.26. | ||
| CVE-2026-24556 | Med | 0.34 | 5.3 | 0.00 | Jan 23, 2026 | Missing Authorization vulnerability in wpdive ElementCamp element-camp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ElementCamp: from n/a through <= 2.3.2. | ||
| CVE-2026-24539 | Med | 0.34 | 5.3 | 0.00 | Jan 23, 2026 | Missing Authorization vulnerability in ABCdatos Protección de datos – RGPD proteccion-datos-rgpd allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Protección de datos – RGPD: from n/a through <= 0.68. | ||
| CVE-2026-24530 | Med | 0.34 | 5.3 | 0.00 | Jan 23, 2026 | Missing Authorization vulnerability in sheepfish WebP Conversion webp-conversion allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WebP Conversion: from n/a through <= 2.2. | ||
| CVE-2026-24529 | Med | 0.34 | 5.3 | 0.00 | Jan 23, 2026 | Missing Authorization vulnerability in Alejandro Quick Restaurant Reservations quick-restaurant-reservations allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Quick Restaurant Reservations: from n/a through <= 1.6.7. | ||
| CVE-2026-24525 | Med | 0.34 | 5.3 | 0.00 | Jan 23, 2026 | Missing Authorization vulnerability in CloudPanel CLP Varnish Cache clp-varnish-cache allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CLP Varnish Cache: from n/a through <= 1.0.2. | ||
| CVE-2026-0927 | Med | 0.34 | 5.3 | 0.00 | Jan 23, 2026 | The KiviCare – Clinic & Patient Management System (EHR) plugin for WordPress is vulnerable to arbitrary file uploads due to missing authorization checks in the uploadMedicalReport() function in all versions up to, and including, 3.6.15. This makes it possible for unauthenticated attackers to upload text files and PDF documents to the affected site's server which may be leveraged for further attacks such as hosting malicious content or phishing pages via PDF files. | ||
| CVE-2026-24380 | Med | 0.34 | 5.3 | 0.00 | Jan 22, 2026 | Missing Authorization vulnerability in Metagauss EventPrime eventprime-event-calendar-management allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects EventPrime: from n/a through <= 4.2.8.0. | ||
| CVE-2026-24368 | Med | 0.34 | 5.3 | 0.00 | Jan 22, 2026 | Missing Authorization vulnerability in Theme-one The Grid the-grid allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects The Grid: from n/a through < 2.8.0. | ||
| CVE-2026-24366 | Med | 0.34 | 5.3 | 0.00 | Jan 22, 2026 | Missing Authorization vulnerability in YITHEMES YITH WooCommerce Request A Quote yith-woocommerce-request-a-quote allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects YITH WooCommerce Request A Quote: from n/a through <= 2.46.0. |
- risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in themebeez Cream Magazine cream-magazine allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Cream Magazine: from n/a through <= 2.1.10.
- risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in Ecwid by Lightspeed Ecommerce Shopping Cart Ecwid Shopping Cart ecwid-shopping-cart allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ecwid Shopping Cart: from n/a through <= 7.0.6.
- risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in themebeez Orchid Store orchid-store allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Orchid Store: from n/a through <= 1.5.15.
- risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in wptravelengine Travel Monster travel-monster allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Travel Monster: from n/a through <= 1.3.3.
- risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in Web Impian Bayarcash WooCommerce bayarcash-wc allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Bayarcash WooCommerce: from n/a through <= 4.3.13.
- risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in themebeez Simple GDPR Cookie Compliance simple-gdpr-cookie-compliance allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simple GDPR Cookie Compliance: from n/a through <= 2.0.0.
- risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in themebeez Universal Google Adsense and Ads manager universal-google-adsense-and-ads-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Universal Google Adsense and Ads manager: from n/a through <= 1.1.8.
- risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in sumup SumUp Payment Gateway For WooCommerce sumup-payment-gateway-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SumUp Payment Gateway For WooCommerce: from n/a through <= 2.7.9.
- risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in Genetech Products Pie Register pie-register allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Pie Register: from n/a through <= 3.8.4.8.
- risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in WP Travel WP Travel wp-travel allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Travel: from n/a through <= 11.1.0.
- risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in Ryviu Ryviu – Product Reviews for WooCommerce ryviu allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ryviu – Product Reviews for WooCommerce: from n/a through <= 3.1.26.
- risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in wpdive ElementCamp element-camp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ElementCamp: from n/a through <= 2.3.2.
- risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in ABCdatos Protección de datos – RGPD proteccion-datos-rgpd allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Protección de datos – RGPD: from n/a through <= 0.68.
- risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in sheepfish WebP Conversion webp-conversion allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WebP Conversion: from n/a through <= 2.2.
- risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in Alejandro Quick Restaurant Reservations quick-restaurant-reservations allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Quick Restaurant Reservations: from n/a through <= 1.6.7.
- risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in CloudPanel CLP Varnish Cache clp-varnish-cache allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CLP Varnish Cache: from n/a through <= 1.0.2.
- risk 0.34cvss 5.3epss 0.00
The KiviCare – Clinic & Patient Management System (EHR) plugin for WordPress is vulnerable to arbitrary file uploads due to missing authorization checks in the uploadMedicalReport() function in all versions up to, and including, 3.6.15. This makes it possible for unauthenticated attackers to upload text files and PDF documents to the affected site's server which may be leveraged for further attacks such as hosting malicious content or phishing pages via PDF files.
- risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in Metagauss EventPrime eventprime-event-calendar-management allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects EventPrime: from n/a through <= 4.2.8.0.
- risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in Theme-one The Grid the-grid allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects The Grid: from n/a through < 2.8.0.
- risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in YITHEMES YITH WooCommerce Request A Quote yith-woocommerce-request-a-quote allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects YITH WooCommerce Request A Quote: from n/a through <= 2.46.0.