CWE-862
Missing Authorization
Description
The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-665
CVEs mapped to this weakness (5,549)
page 117 of 278| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-27970 | Med | 0.35 | 5.4 | 0.00 | Apr 11, 2024 | Missing Authorization vulnerability in BogdanFix WP SendFox.This issue affects WP SendFox: from n/a through 1.3.0. | ||
| CVE-2024-25922 | Med | 0.35 | 5.4 | 0.00 | Apr 11, 2024 | Missing Authorization vulnerability in Peach Payments Peach Payments Gateway.This issue affects Peach Payments Gateway: from n/a through 3.1.9. | ||
| CVE-2024-25907 | Med | 0.35 | 5.4 | 0.00 | Apr 11, 2024 | Missing Authorization vulnerability in JoomUnited WP Media folder.This issue affects WP Media folder: from n/a through 5.7.2. | ||
| CVE-2023-27607 | Med | 0.35 | 5.4 | 0.00 | Apr 11, 2024 | Missing Authorization vulnerability in WP Swings Points and Rewards for WooCommerce.This issue affects Points and Rewards for WooCommerce: from n/a through 1.5.0. | ||
| CVE-2024-3235 | Med | 0.35 | 5.3 | 0.01 | Apr 10, 2024 | The Essential Grid Gallery WordPress Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.1.1 via the on_front_ajax_action() function. This makes it possible for unauthenticated attackers to view private and password… | ||
| CVE-2024-1641 | Med | 0.35 | 5.4 | 0.00 | Apr 9, 2024 | The Accordion plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on the 'accordions_duplicate_post_as_draft' function in all versions up to, and including, 2.2.96. This makes it possible for authenticated… | ||
| CVE-2024-31865 | Med | 0.35 | 6.5 | 0.02 | Apr 9, 2024 | Improper Input Validation vulnerability in Apache Zeppelin. The attackers can call updating cron API with invalid or improper privileges so that the notebook can run with the privileges. This issue affects Apache Zeppelin: from 0.8.2 before 0.11.1. Users are recommended to… | ||
| CVE-2024-31375 | Med | 0.35 | 5.4 | 0.00 | Apr 8, 2024 | Missing Authorization vulnerability in Saleswonder Team: Tobias WP2LEADS wp2leads.This issue affects WP2LEADS: from n/a through <= 3.2.7. | ||
| CVE-2024-3250 | — | Med | 0.35 | 6.5 | 0.00 | Apr 4, 2024 | It was discovered that Canonical's Pebble service manager read-file API and the associated pebble pull command, before v1.10.2, allowed unprivileged local users to read files with root-equivalent permissions when Pebble was running as root. Fixes are also available as backports… | |
| CVE-2024-28004 | Med | 0.35 | 5.4 | 0.00 | Mar 28, 2024 | Missing Authorization vulnerability in ExtendThemes Colibri Page Builder.This issue affects Colibri Page Builder: from n/a through 1.0.248. | ||
| CVE-2024-28003 | Med | 0.35 | 5.4 | 0.00 | Mar 28, 2024 | Missing Authorization vulnerability in Megamenu Max Mega Menu.This issue affects Max Mega Menu: from n/a through 3.3. | ||
| CVE-2023-22699 | Med | 0.35 | 5.4 | 0.00 | Mar 25, 2024 | Missing Authorization vulnerability in MainWP MainWP Wordfence Extension.This issue affects MainWP Wordfence Extension: from n/a through 4.0.7. | ||
| CVE-2022-45851 | Med | 0.35 | 5.4 | 0.00 | Mar 25, 2024 | Missing Authorization vulnerability in ShareThis ShareThis Dashboard for Google Analytics.This issue affects ShareThis Dashboard for Google Analytics: from n/a through 3.1.4. | ||
| CVE-2022-45356 | Med | 0.35 | 5.4 | 0.01 | Mar 25, 2024 | Missing Authorization vulnerability in Muffingroup Betheme.This issue affects Betheme: from n/a through 26.6.1. | ||
| CVE-2022-45352 | Med | 0.35 | 5.4 | 0.00 | Mar 25, 2024 | Missing Authorization vulnerability in Muffingroup Betheme.This issue affects Betheme: from n/a through 26.6.1. | ||
| CVE-2022-45351 | Med | 0.35 | 5.4 | 0.00 | Mar 25, 2024 | Missing Authorization vulnerability in Muffingroup Betheme.This issue affects Betheme: from n/a through 26.6.1. | ||
| CVE-2023-37886 | Med | 0.35 | 5.4 | 0.00 | Mar 25, 2024 | Missing Authorization vulnerability in InspiryThemes RealHomes.This issue affects RealHomes: from n/a through 4.0.2. | ||
| CVE-2024-1502 | Med | 0.35 | 5.4 | 0.00 | Mar 21, 2024 | The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the tutor_delete_announcement() function in all versions up to, and including, 2.6.1. This makes it possible for… | ||
| CVE-2024-2538 | Med | 0.35 | 5.4 | 0.01 | Mar 20, 2024 | The Permalink Manager Lite plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ajax_save_permalink' function in all versions up to, and including, 2.4.3.1. This makes it possible for authenticated attackers, with… | ||
| CVE-2023-50898 | Med | 0.35 | 5.4 | 0.00 | Mar 15, 2024 | Missing Authorization vulnerability in sirv.Com Sirv.This issue affects Sirv: from n/a through 7.1.2. |
- risk 0.35cvss 5.4epss 0.00
Missing Authorization vulnerability in BogdanFix WP SendFox.This issue affects WP SendFox: from n/a through 1.3.0.
- risk 0.35cvss 5.4epss 0.00
Missing Authorization vulnerability in Peach Payments Peach Payments Gateway.This issue affects Peach Payments Gateway: from n/a through 3.1.9.
- risk 0.35cvss 5.4epss 0.00
Missing Authorization vulnerability in JoomUnited WP Media folder.This issue affects WP Media folder: from n/a through 5.7.2.
- risk 0.35cvss 5.4epss 0.00
Missing Authorization vulnerability in WP Swings Points and Rewards for WooCommerce.This issue affects Points and Rewards for WooCommerce: from n/a through 1.5.0.
- risk 0.35cvss 5.3epss 0.01
The Essential Grid Gallery WordPress Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.1.1 via the on_front_ajax_action() function. This makes it possible for unauthenticated attackers to view private and password…
- risk 0.35cvss 5.4epss 0.00
The Accordion plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on the 'accordions_duplicate_post_as_draft' function in all versions up to, and including, 2.2.96. This makes it possible for authenticated…
- risk 0.35cvss 6.5epss 0.02
Improper Input Validation vulnerability in Apache Zeppelin. The attackers can call updating cron API with invalid or improper privileges so that the notebook can run with the privileges. This issue affects Apache Zeppelin: from 0.8.2 before 0.11.1. Users are recommended to…
- risk 0.35cvss 5.4epss 0.00
Missing Authorization vulnerability in Saleswonder Team: Tobias WP2LEADS wp2leads.This issue affects WP2LEADS: from n/a through <= 3.2.7.
- risk 0.35cvss 6.5epss 0.00
It was discovered that Canonical's Pebble service manager read-file API and the associated pebble pull command, before v1.10.2, allowed unprivileged local users to read files with root-equivalent permissions when Pebble was running as root. Fixes are also available as backports…
- risk 0.35cvss 5.4epss 0.00
Missing Authorization vulnerability in ExtendThemes Colibri Page Builder.This issue affects Colibri Page Builder: from n/a through 1.0.248.
- risk 0.35cvss 5.4epss 0.00
Missing Authorization vulnerability in Megamenu Max Mega Menu.This issue affects Max Mega Menu: from n/a through 3.3.
- risk 0.35cvss 5.4epss 0.00
Missing Authorization vulnerability in MainWP MainWP Wordfence Extension.This issue affects MainWP Wordfence Extension: from n/a through 4.0.7.
- risk 0.35cvss 5.4epss 0.00
Missing Authorization vulnerability in ShareThis ShareThis Dashboard for Google Analytics.This issue affects ShareThis Dashboard for Google Analytics: from n/a through 3.1.4.
- risk 0.35cvss 5.4epss 0.01
Missing Authorization vulnerability in Muffingroup Betheme.This issue affects Betheme: from n/a through 26.6.1.
- risk 0.35cvss 5.4epss 0.00
Missing Authorization vulnerability in Muffingroup Betheme.This issue affects Betheme: from n/a through 26.6.1.
- risk 0.35cvss 5.4epss 0.00
Missing Authorization vulnerability in Muffingroup Betheme.This issue affects Betheme: from n/a through 26.6.1.
- risk 0.35cvss 5.4epss 0.00
Missing Authorization vulnerability in InspiryThemes RealHomes.This issue affects RealHomes: from n/a through 4.0.2.
- risk 0.35cvss 5.4epss 0.00
The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the tutor_delete_announcement() function in all versions up to, and including, 2.6.1. This makes it possible for…
- risk 0.35cvss 5.4epss 0.01
The Permalink Manager Lite plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ajax_save_permalink' function in all versions up to, and including, 2.4.3.1. This makes it possible for authenticated attackers, with…
- risk 0.35cvss 5.4epss 0.00
Missing Authorization vulnerability in sirv.Com Sirv.This issue affects Sirv: from n/a through 7.1.2.