CWE-862

Missing Authorization

ClassIncompleteLikelihood: High

Description

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

Hierarchy (View 1000)

Parents

CWE-285

Children

Related attack patterns (CAPEC)

CAPEC-665

CVEs mapped to this weakness (4,602)

page 119 of 231

CVE	Vendor / Product	Sev	Risk	CVSS	Published	Description
CVE-2025-62755	WordPress Gs Envato Portfolio	Med	0.34	5.3	Dec 31, 2025	Missing Authorization vulnerability in GS Plugins GS Portfolio for Envato gs-envato-portfolio allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GS Portfolio for Envato: from n/a through <= 1.4.2.
CVE-2025-62747	WordPress Featured Image Generator	Med	0.34	5.3	Dec 31, 2025	Missing Authorization vulnerability in Aum Watcharapon Featured Image Generator featured-image-generator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Featured Image Generator: from n/a through <= 1.3.4.
CVE-2025-62129	WordPress Restropress	Med	0.34	5.3	Dec 31, 2025	Missing Authorization vulnerability in Magnigenie RestroPress restropress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects RestroPress: from n/a through <= 3.2.7.
CVE-2025-62122	WordPress Trash Duplicate And 301 Redirect	Med	0.34	5.3	Dec 31, 2025	Missing Authorization vulnerability in solwininfotech Trash Duplicate and 301 Redirect trash-duplicate-and-301-redirect allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Trash Duplicate and 301 Redirect: from n/a through <= 1.9.1.
CVE-2025-62116	WordPress AI Copilot	Med	0.34	5.3	Dec 31, 2025	Missing Authorization vulnerability in quadlayers AI Copilot ai-copilot allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AI Copilot: from n/a through <= 1.5.2.
CVE-2025-62092	Wiremock Wiremock	Med	0.34	5.3	Dec 31, 2025	Missing Authorization vulnerability in Wiremo Wiremo woo-reviews-by-wiremo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Wiremo: from n/a through <= 1.4.99.
CVE-2025-62079	WordPress Wp Export Categories Taxonomies	Med	0.34	5.3	Dec 31, 2025	Missing Authorization vulnerability in Damian WP Export Categories & Taxonomies wp-export-categories-taxonomies allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Export Categories & Taxonomies: from n/a through <= 1.0.3.
CVE-2025-49338	WordPress Flowbox	Med	0.34	5.3	Dec 31, 2025	Missing Authorization vulnerability in Flowbox Flowbox flowbox allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Flowbox: from n/a through <= 1.1.6.
CVE-2025-63031	—	Med	0.34	5.3	Dec 31, 2025	Missing Authorization vulnerability in WP Grids EasyTest convertpro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects EasyTest: from n/a through <= 1.0.1.
CVE-2025-63022	Illia Simple Like Page	Med	0.34	5.3	Dec 31, 2025	Missing Authorization vulnerability in topdevs.net Simple Like Page simple-facebook-plugin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simple Like Page: from n/a through <= 1.5.3.
CVE-2025-63016	WordPress B Tiktok Feed	Med	0.34	5.3	Dec 31, 2025	Missing Authorization vulnerability in quadlayers QuadLayers TikTok Feed wp-tiktok-feed allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects QuadLayers TikTok Feed: from n/a through <= 4.6.5.
CVE-2025-63001	WordPress Wp Hotel Booking	Med	0.34	5.3	Dec 31, 2025	Missing Authorization vulnerability in nicdark Hotel Booking nd-booking allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Hotel Booking: from n/a through <= 3.8.
CVE-2025-62147	WordPress Realbig Media	Med	0.34	5.3	Dec 31, 2025	Missing Authorization vulnerability in nikmelnik Realbig realbig-media allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Realbig: from n/a through <= 1.1.3.
CVE-2025-62145	WordPress Dmca Badge	Med	0.34	5.3	Dec 31, 2025	Missing Authorization vulnerability in NewClarity DMCA Protection Badge dmca-badge allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects DMCA Protection Badge: from n/a through <= 2.2.0.
CVE-2025-62141	WordPress Automation Web Platform	Med	0.34	5.3	Dec 31, 2025	Missing Authorization vulnerability in Information Technology Wawp automation-web-platform allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Wawp: from n/a through <= 4.4.
CVE-2025-62081	WordPress Live Shopping Video Streams	Med	0.34	5.3	Dec 31, 2025	Missing Authorization vulnerability in Channelize.io Team Live Shopping & Shoppable Videos For WooCommerce live-shopping-video-streams allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Live Shopping & Shoppable Videos For WooCommerce: from n/a through <= 2.2.0.
CVE-2025-49349	WordPress Reuters Direct	Med	0.34	5.3	Dec 31, 2025	Missing Authorization vulnerability in Reuters News Agency Reuters Direct reuters-direct allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Reuters Direct: from n/a through <= 3.0.0.
CVE-2025-62138	Cedcommerce WP Advanced PDF	Med	0.34	5.3	Dec 31, 2025	Missing Authorization vulnerability in cedcommerce WP Advanced PDF wp-advanced-pdf allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Advanced PDF: from n/a through <= 1.1.7.
CVE-2025-66080	WordPress Gdpr Cookie Consent	Med	0.34	5.3	Dec 30, 2025	Missing Authorization vulnerability in WP Legal Pages WP Cookie Notice for GDPR, CCPA & ePrivacy Consent gdpr-cookie-consent allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Cookie Notice for GDPR, CCPA & ePrivacy Consent: from n/a through <= 4.0.3.
CVE-2025-69093	WordPress Shopmagic For Woocommerce	Med	0.34	5.3	Dec 30, 2025	Missing Authorization vulnerability in wpdesk ShopMagic shopmagic-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ShopMagic: from n/a through <= 4.7.2.

CVE-2025-62755MedDec 31, 2025
WordPress
Gs Envato Portfolio
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in GS Plugins GS Portfolio for Envato gs-envato-portfolio allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GS Portfolio for Envato: from n/a through <= 1.4.2.
CVE-2025-62747MedDec 31, 2025
WordPress
Featured Image Generator
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in Aum Watcharapon Featured Image Generator featured-image-generator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Featured Image Generator: from n/a through <= 1.3.4.
CVE-2025-62129MedDec 31, 2025
WordPress
Restropress
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in Magnigenie RestroPress restropress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects RestroPress: from n/a through <= 3.2.7.
CVE-2025-62122MedDec 31, 2025
WordPress
Trash Duplicate And 301 Redirect
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in solwininfotech Trash Duplicate and 301 Redirect trash-duplicate-and-301-redirect allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Trash Duplicate and 301 Redirect: from n/a through <= 1.9.1.
CVE-2025-62116MedDec 31, 2025
WordPress
AI Copilot
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in quadlayers AI Copilot ai-copilot allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AI Copilot: from n/a through <= 1.5.2.
CVE-2025-62092MedDec 31, 2025
Wiremock
Wiremock
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in Wiremo Wiremo woo-reviews-by-wiremo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Wiremo: from n/a through <= 1.4.99.
CVE-2025-62079MedDec 31, 2025
WordPress
Wp Export Categories Taxonomies
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in Damian WP Export Categories & Taxonomies wp-export-categories-taxonomies allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Export Categories & Taxonomies: from n/a through <= 1.0.3.
CVE-2025-49338MedDec 31, 2025
WordPress
Flowbox
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in Flowbox Flowbox flowbox allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Flowbox: from n/a through <= 1.1.6.
CVE-2025-63031MedDec 31, 2025
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in WP Grids EasyTest convertpro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects EasyTest: from n/a through <= 1.0.1.
CVE-2025-63022MedDec 31, 2025
Illia
Simple Like Page
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in topdevs.net Simple Like Page simple-facebook-plugin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simple Like Page: from n/a through <= 1.5.3.
CVE-2025-63016MedDec 31, 2025
WordPress
B Tiktok Feed
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in quadlayers QuadLayers TikTok Feed wp-tiktok-feed allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects QuadLayers TikTok Feed: from n/a through <= 4.6.5.
CVE-2025-63001MedDec 31, 2025
WordPress
Wp Hotel Booking
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in nicdark Hotel Booking nd-booking allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Hotel Booking: from n/a through <= 3.8.
CVE-2025-62147MedDec 31, 2025
WordPress
Realbig Media
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in nikmelnik Realbig realbig-media allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Realbig: from n/a through <= 1.1.3.
CVE-2025-62145MedDec 31, 2025
WordPress
Dmca Badge
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in NewClarity DMCA Protection Badge dmca-badge allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects DMCA Protection Badge: from n/a through <= 2.2.0.
CVE-2025-62141MedDec 31, 2025
WordPress
Automation Web Platform
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in Information Technology Wawp automation-web-platform allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Wawp: from n/a through <= 4.4.
CVE-2025-62081MedDec 31, 2025
WordPress
Live Shopping Video Streams
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in Channelize.io Team Live Shopping & Shoppable Videos For WooCommerce live-shopping-video-streams allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Live Shopping & Shoppable Videos For WooCommerce: from n/a through <= 2.2.0.
CVE-2025-49349MedDec 31, 2025
WordPress
Reuters Direct
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in Reuters News Agency Reuters Direct reuters-direct allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Reuters Direct: from n/a through <= 3.0.0.
CVE-2025-62138MedDec 31, 2025
Cedcommerce
WP Advanced PDF
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in cedcommerce WP Advanced PDF wp-advanced-pdf allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Advanced PDF: from n/a through <= 1.1.7.
CVE-2025-66080MedDec 30, 2025
WordPress
Gdpr Cookie Consent
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in WP Legal Pages WP Cookie Notice for GDPR, CCPA & ePrivacy Consent gdpr-cookie-consent allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Cookie Notice for GDPR, CCPA & ePrivacy Consent: from n/a through <= 4.0.3.
CVE-2025-69093MedDec 30, 2025
WordPress
Shopmagic For Woocommerce
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in wpdesk ShopMagic shopmagic-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ShopMagic: from n/a through <= 4.7.2.