CWE-862
Missing Authorization
Description
The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-665
CVEs mapped to this weakness (5,549)
page 12 of 278| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-49288 | Hig | 0.57 | 8.8 | 0.00 | Jun 6, 2025 | Missing Authorization vulnerability in Rustaurius Ultimate WP Mail ultimate-wp-mail allows Authentication Bypass.This issue affects Ultimate WP Mail: from n/a through <= 1.3.5. | ||
| CVE-2025-47690 | Hig | 0.57 | 8.8 | 0.00 | May 23, 2025 | Missing Authorization vulnerability in Smackcoders Inc., Lead Form Data Collection to CRM wp-leads-builder-any-crm allows Privilege Escalation.This issue affects Lead Form Data Collection to CRM: from n/a through <= 3.1. | ||
| CVE-2025-3906 | Hig | 0.57 | 8.8 | 0.00 | Apr 26, 2025 | The Integração entre Eduzz e Woocommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wep_opcoes' function in all versions up to, and including, 1.7.5. This makes it possible for authenticated attackers, with… | ||
| CVE-2025-1279 | Hig | 0.57 | 8.8 | 0.00 | Apr 25, 2025 | The BM Content Builder plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the ux_cb_tools_import_item_ajax AJAX action in all versions up to, and including, 3.16.2.1. This makes it… | ||
| CVE-2025-3604 | Cri | 0.57 | 9.8 | 0.01 | Apr 24, 2025 | The Flynax Bridge plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 2.2.0. This is due to the plugin not properly validating a user's identity prior to updating their details like email. This makes it possible… | ||
| CVE-2025-3058 | Hig | 0.57 | 8.8 | 0.00 | Apr 24, 2025 | The Xelion Webchat plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the xwc_save_settings() function in all versions up to, and including, 9.1.0. This makes it possible for… | ||
| CVE-2025-39533 | Hig | 0.57 | 8.8 | 0.00 | Apr 17, 2025 | Missing Authorization vulnerability in Starfish Reviews Starfish Review Generation & Marketing starfish-reviews allows Privilege Escalation.This issue affects Starfish Review Generation & Marketing: from n/a through <= 3.1.19. | ||
| CVE-2025-26959 | Hig | 0.57 | 8.8 | 0.00 | Apr 15, 2025 | Missing Authorization vulnerability in Quý Lê 91 Administrator Z administrator-z allows Privilege Escalation.This issue affects Administrator Z: from n/a through <= 2025.03.24. | ||
| CVE-2025-26741 | Hig | 0.57 | 8.8 | 0.00 | Apr 15, 2025 | Missing Authorization vulnerability in AWEOS GmbH Email Notifications for Updates wp-update-mail-notification allows Privilege Escalation.This issue affects Email Notifications for Updates: from n/a through <= 1.1.6. | ||
| CVE-2025-32542 | Hig | 0.57 | 8.8 | 0.00 | Apr 11, 2025 | Missing Authorization vulnerability in EazyPlugins Eazy Plugin Manager plugins-on-steroids allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Eazy Plugin Manager: from n/a through <= 4.3.0. | ||
| CVE-2025-3417 | Hig | 0.57 | 8.8 | 0.00 | Apr 10, 2025 | The Embedder plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the ajax_set_global_option() function in versions 1.3 to 1.3.5. This makes it possible for authenticated attackers,… | ||
| CVE-2025-2933 | Hig | 0.57 | 8.8 | 0.00 | Apr 5, 2025 | The Email Notifications for Updates plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the awun_import_settings() function in all versions up to, and including, 1.1.6. This makes it… | ||
| CVE-2025-32147 | Hig | 0.57 | 8.8 | 0.00 | Apr 4, 2025 | Missing Authorization vulnerability in coothemes Easy WP Optimizer easy-wp-optimizer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy WP Optimizer: from n/a through <= 1.1.0. | ||
| CVE-2025-3063 | Hig | 0.57 | 8.8 | 0.00 | Apr 2, 2025 | The Shopper Approved Reviews plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the ajax_callback_update_sa_option() function in versions 2.0 to 2.1. This makes it possible for… | ||
| CVE-2025-30825 | Hig | 0.57 | 8.8 | 0.00 | Apr 1, 2025 | Missing Authorization vulnerability in WPClever WPC Smart Linked Products - Upsells & Cross-sells for WooCommerce wpc-smart-linked-products allows Privilege Escalation.This issue affects WPC Smart Linked Products - Upsells & Cross-sells for WooCommerce: from n/a through <= 1.3.5. | ||
| CVE-2025-2815 | Hig | 0.57 | 8.8 | 0.00 | Mar 28, 2025 | The Administrator Z plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the adminz_import_backup() function in all versions up to, and including, 2025.03.24. This makes it possible for… | ||
| CVE-2025-30772 | Hig | 0.57 | 8.8 | 0.01 | Mar 27, 2025 | Missing Authorization vulnerability in WPClever WPC Smart Upsell Funnel for WooCommerce wpc-smart-upsell-funnel allows Privilege Escalation.This issue affects WPC Smart Upsell Funnel for WooCommerce: from n/a through <= 3.0.4. | ||
| CVE-2024-12920 | Hig | 0.57 | 8.8 | 0.00 | Mar 19, 2025 | The FoodBakery | Delivery Restaurant Directory WordPress Theme theme for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on the foodbakery_var_backup_file_delete, foodbakery_widget_file_delete, theme_option_save,… | ||
| CVE-2025-1667 | Hig | 0.57 | 8.8 | 0.00 | Mar 15, 2025 | The School Management System – WPSchoolPress plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the wpsp_UpdateTeacher() function in all versions up to, and including, 2.2.16. This makes it possible for authenticated attackers, with… | ||
| CVE-2025-26661 | Hig | 0.57 | 8.8 | 0.00 | Mar 11, 2025 | Due to missing authorization check, SAP NetWeaver (ABAP Class Builder) allows an attacker to gain higher access levels than they should have, resulting in escalation of privileges. On successful exploitation, this could result in disclosure of highly sensitive information. It… |
- risk 0.57cvss 8.8epss 0.00
Missing Authorization vulnerability in Rustaurius Ultimate WP Mail ultimate-wp-mail allows Authentication Bypass.This issue affects Ultimate WP Mail: from n/a through <= 1.3.5.
- risk 0.57cvss 8.8epss 0.00
Missing Authorization vulnerability in Smackcoders Inc., Lead Form Data Collection to CRM wp-leads-builder-any-crm allows Privilege Escalation.This issue affects Lead Form Data Collection to CRM: from n/a through <= 3.1.
- risk 0.57cvss 8.8epss 0.00
The Integração entre Eduzz e Woocommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wep_opcoes' function in all versions up to, and including, 1.7.5. This makes it possible for authenticated attackers, with…
- risk 0.57cvss 8.8epss 0.00
The BM Content Builder plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the ux_cb_tools_import_item_ajax AJAX action in all versions up to, and including, 3.16.2.1. This makes it…
- risk 0.57cvss 9.8epss 0.01
The Flynax Bridge plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 2.2.0. This is due to the plugin not properly validating a user's identity prior to updating their details like email. This makes it possible…
- risk 0.57cvss 8.8epss 0.00
The Xelion Webchat plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the xwc_save_settings() function in all versions up to, and including, 9.1.0. This makes it possible for…
- risk 0.57cvss 8.8epss 0.00
Missing Authorization vulnerability in Starfish Reviews Starfish Review Generation & Marketing starfish-reviews allows Privilege Escalation.This issue affects Starfish Review Generation & Marketing: from n/a through <= 3.1.19.
- risk 0.57cvss 8.8epss 0.00
Missing Authorization vulnerability in Quý Lê 91 Administrator Z administrator-z allows Privilege Escalation.This issue affects Administrator Z: from n/a through <= 2025.03.24.
- risk 0.57cvss 8.8epss 0.00
Missing Authorization vulnerability in AWEOS GmbH Email Notifications for Updates wp-update-mail-notification allows Privilege Escalation.This issue affects Email Notifications for Updates: from n/a through <= 1.1.6.
- risk 0.57cvss 8.8epss 0.00
Missing Authorization vulnerability in EazyPlugins Eazy Plugin Manager plugins-on-steroids allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Eazy Plugin Manager: from n/a through <= 4.3.0.
- risk 0.57cvss 8.8epss 0.00
The Embedder plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the ajax_set_global_option() function in versions 1.3 to 1.3.5. This makes it possible for authenticated attackers,…
- risk 0.57cvss 8.8epss 0.00
The Email Notifications for Updates plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the awun_import_settings() function in all versions up to, and including, 1.1.6. This makes it…
- risk 0.57cvss 8.8epss 0.00
Missing Authorization vulnerability in coothemes Easy WP Optimizer easy-wp-optimizer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy WP Optimizer: from n/a through <= 1.1.0.
- risk 0.57cvss 8.8epss 0.00
The Shopper Approved Reviews plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the ajax_callback_update_sa_option() function in versions 2.0 to 2.1. This makes it possible for…
- risk 0.57cvss 8.8epss 0.00
Missing Authorization vulnerability in WPClever WPC Smart Linked Products - Upsells & Cross-sells for WooCommerce wpc-smart-linked-products allows Privilege Escalation.This issue affects WPC Smart Linked Products - Upsells & Cross-sells for WooCommerce: from n/a through <= 1.3.5.
- risk 0.57cvss 8.8epss 0.00
The Administrator Z plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the adminz_import_backup() function in all versions up to, and including, 2025.03.24. This makes it possible for…
- risk 0.57cvss 8.8epss 0.01
Missing Authorization vulnerability in WPClever WPC Smart Upsell Funnel for WooCommerce wpc-smart-upsell-funnel allows Privilege Escalation.This issue affects WPC Smart Upsell Funnel for WooCommerce: from n/a through <= 3.0.4.
- risk 0.57cvss 8.8epss 0.00
The FoodBakery | Delivery Restaurant Directory WordPress Theme theme for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on the foodbakery_var_backup_file_delete, foodbakery_widget_file_delete, theme_option_save,…
- risk 0.57cvss 8.8epss 0.00
The School Management System – WPSchoolPress plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the wpsp_UpdateTeacher() function in all versions up to, and including, 2.2.16. This makes it possible for authenticated attackers, with…
- risk 0.57cvss 8.8epss 0.00
Due to missing authorization check, SAP NetWeaver (ABAP Class Builder) allows an attacker to gain higher access levels than they should have, resulting in escalation of privileges. On successful exploitation, this could result in disclosure of highly sensitive information. It…