CWE-862

Missing Authorization

ClassIncompleteLikelihood: High

Description

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

Hierarchy (View 1000)

Parents

CWE-285

Children

Related attack patterns (CAPEC)

CAPEC-665

CVEs mapped to this weakness (5,496)

page 122 of 275

CVE	Vendor / Product	Sev	Risk	CVSS	Published	Description
CVE-2026-24967	Tms Outsource Amelia	Med	0.34	5.3	Feb 3, 2026	Missing Authorization vulnerability in ameliabooking Amelia ameliabooking allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Amelia: from n/a through <= 1.2.38.
CVE-2026-24945	Themefic Ultimate Addons For Contact Form 7	Med	0.34	5.3	Feb 3, 2026	Missing Authorization vulnerability in Themefic Ultimate Addons for Contact Form 7 ultimate-addons-for-contact-form-7 allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ultimate Addons for Contact Form 7: from n/a through <= 3.5.34.
CVE-2026-1431	WordPress Bookingcalendar	Med	0.34	5.3	Jan 31, 2026	The Booking Calendar plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the wpbc_ajax_WPBC_FLEXTIMELINE_NAV() function in all versions up to, and including, 10.14.13. This makes it possible for unauthenticated attackers to…
CVE-2025-15510	WordPress Nex Forms Express Wp Form Builder	Med	0.34	5.3	Jan 31, 2026	The NEX-Forms – Ultimate Forms Plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the NF5_Export_Forms class constructor in all versions up to, and including, 9.1.8. This makes it possible for unauthenticated attackers to…
CVE-2025-15511	Rupantorpay Rupantorpay	Med	0.34	5.3	Jan 28, 2026	The Rupantorpay plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the handle_webhook() function in all versions up to, and including, 2.0.0. This makes it possible for unauthenticated attackers to modify WooCommerce…
CVE-2026-1310	WordPress Simple Calendar For Elementor	Med	0.34	5.3	Jan 28, 2026	The Simple calendar for Elementor plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.6.6. This is due to missing capability checks on the `miga_ajax_editor_cal_delete` function that is hooked to the `miga_editor_cal_delete` AJAX…
CVE-2026-0825	WordPress Contact Form Entries	Med	0.34	5.3	Jan 28, 2026	The Database for Contact Form 7, WPforms, Elementor forms plugin for WordPress is vulnerable to authorization bypass due to missing capability checks on the CSV export functionality in all versions up to, and including, 1.4.5. This makes it possible for unauthenticated attackers…
CVE-2025-14971	WordPress Invoice Payment For Woocommerce	Med	0.34	5.3	Jan 27, 2026	The Link Invoice Payment for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the createPartialPayment and cancelPartialPayment functions in all versions up to, and including, 2.8.0. This makes it possible…
CVE-2025-14843	WordPress Wizit Gateway For Woocommerce	Med	0.34	5.3	Jan 24, 2026	The Wizit Gateway for WooCommerce plugin for WordPress is vulnerable to Unauthenticated Arbitrary Order Cancellation in all versions up to, and including, 1.2.9. This is due to a lack of authentication and authorization checks in the 'handle_checkout_redirecturl_response'…
CVE-2025-14629	WordPress Alchemist Ajax Upload	Med	0.34	5.3	Jan 24, 2026	The Alchemist Ajax Upload plugin for WordPress is vulnerable to unauthorized media file deletion due to a missing capability check on the 'delete_file' function in all versions up to, and including, 1.1. This makes it possible for unauthenticated attackers to delete arbitrary…
CVE-2026-24633	Passionate Brains Add Expires Headers & Optimized Minify	Med	0.34	5.3	Jan 23, 2026	Missing Authorization vulnerability in Passionate Brains Add Expires Headers & Optimized Minify add-expires-headers allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Add Expires Headers & Optimized Minify: from n/a through <= 3.2.0.
CVE-2026-24625	Imaginate Solutions File Uploads Addon For Woocommerce	Med	0.34	5.3	Jan 23, 2026	Missing Authorization vulnerability in Imaginate Solutions File Uploads Addon for WooCommerce woo-addon-uploads allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects File Uploads Addon for WooCommerce: from n/a through <= 1.7.3.
CVE-2026-24619	Popcash Popcash.net Code Integration Tool	Med	0.34	5.3	Jan 23, 2026	Missing Authorization vulnerability in PopCash PopCash.Net Code Integration Tool popcashnet-code-integration-tool allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PopCash.Net Code Integration Tool: from n/a through <= 1.8.
CVE-2026-24615	Themebeez Cream Magazine	Med	0.34	5.3	Jan 23, 2026	Missing Authorization vulnerability in themebeez Cream Magazine cream-magazine allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Cream Magazine: from n/a through <= 2.1.10.
CVE-2026-24613	Ecwid Ecommerce Shopping Cart	Med	0.34	5.3	Jan 23, 2026	Missing Authorization vulnerability in Ecwid by Lightspeed Ecommerce Shopping Cart Ecwid Shopping Cart ecwid-shopping-cart allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ecwid Shopping Cart: from n/a through <= 7.0.6.
CVE-2026-24612	Themebeez Orchid Store	Med	0.34	5.3	Jan 23, 2026	Missing Authorization vulnerability in themebeez Orchid Store orchid-store allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Orchid Store: from n/a through <= 1.5.15.
CVE-2026-24607	WordPress Travel Monster	Med	0.34	5.3	Jan 23, 2026	Missing Authorization vulnerability in wptravelengine Travel Monster travel-monster allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Travel Monster: from n/a through <= 1.3.3.
CVE-2026-24606	Web Impian Bayarcash WooCommerce	Med	0.34	5.3	Jan 23, 2026	Missing Authorization vulnerability in Web Impian Bayarcash WooCommerce bayarcash-wc allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Bayarcash WooCommerce: from n/a through <= 4.3.13.
CVE-2026-24604	WordPress Simple Gdpr Cookie Compliance	Med	0.34	5.3	Jan 23, 2026	Missing Authorization vulnerability in themebeez Simple GDPR Cookie Compliance simple-gdpr-cookie-compliance allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simple GDPR Cookie Compliance: from n/a through <= 2.0.0.
CVE-2026-24603	WordPress Universal Google Adsense And Ads Manager	Med	0.34	5.3	Jan 23, 2026	Missing Authorization vulnerability in themebeez Universal Google Adsense and Ads manager universal-google-adsense-and-ads-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Universal Google Adsense and Ads manager: from n/a…

CVE-2026-24967MedFeb 3, 2026
Tms Outsource
Amelia
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in ameliabooking Amelia ameliabooking allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Amelia: from n/a through <= 1.2.38.
CVE-2026-24945MedFeb 3, 2026
Themefic
Ultimate Addons For Contact Form 7
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in Themefic Ultimate Addons for Contact Form 7 ultimate-addons-for-contact-form-7 allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ultimate Addons for Contact Form 7: from n/a through <= 3.5.34.
CVE-2026-1431MedJan 31, 2026
WordPress
Bookingcalendar
risk 0.34cvss 5.3epss 0.00
The Booking Calendar plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the wpbc_ajax_WPBC_FLEXTIMELINE_NAV() function in all versions up to, and including, 10.14.13. This makes it possible for unauthenticated attackers to…
CVE-2025-15510MedJan 31, 2026
WordPress
Nex Forms Express Wp Form Builder
risk 0.34cvss 5.3epss 0.00
The NEX-Forms – Ultimate Forms Plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the NF5_Export_Forms class constructor in all versions up to, and including, 9.1.8. This makes it possible for unauthenticated attackers to…
CVE-2025-15511MedJan 28, 2026
Rupantorpay
Rupantorpay
risk 0.34cvss 5.3epss 0.00
The Rupantorpay plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the handle_webhook() function in all versions up to, and including, 2.0.0. This makes it possible for unauthenticated attackers to modify WooCommerce…
CVE-2026-1310MedJan 28, 2026
WordPress
Simple Calendar For Elementor
risk 0.34cvss 5.3epss 0.00
The Simple calendar for Elementor plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.6.6. This is due to missing capability checks on the `miga_ajax_editor_cal_delete` function that is hooked to the `miga_editor_cal_delete` AJAX…
CVE-2026-0825MedJan 28, 2026
WordPress
Contact Form Entries
risk 0.34cvss 5.3epss 0.00
The Database for Contact Form 7, WPforms, Elementor forms plugin for WordPress is vulnerable to authorization bypass due to missing capability checks on the CSV export functionality in all versions up to, and including, 1.4.5. This makes it possible for unauthenticated attackers…
CVE-2025-14971MedJan 27, 2026
WordPress
Invoice Payment For Woocommerce
risk 0.34cvss 5.3epss 0.00
The Link Invoice Payment for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the createPartialPayment and cancelPartialPayment functions in all versions up to, and including, 2.8.0. This makes it possible…
CVE-2025-14843MedJan 24, 2026
WordPress
Wizit Gateway For Woocommerce
risk 0.34cvss 5.3epss 0.00
The Wizit Gateway for WooCommerce plugin for WordPress is vulnerable to Unauthenticated Arbitrary Order Cancellation in all versions up to, and including, 1.2.9. This is due to a lack of authentication and authorization checks in the 'handle_checkout_redirecturl_response'…
CVE-2025-14629MedJan 24, 2026
WordPress
Alchemist Ajax Upload
risk 0.34cvss 5.3epss 0.00
The Alchemist Ajax Upload plugin for WordPress is vulnerable to unauthorized media file deletion due to a missing capability check on the 'delete_file' function in all versions up to, and including, 1.1. This makes it possible for unauthenticated attackers to delete arbitrary…
CVE-2026-24633MedJan 23, 2026
Passionate Brains
Add Expires Headers & Optimized Minify
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in Passionate Brains Add Expires Headers & Optimized Minify add-expires-headers allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Add Expires Headers & Optimized Minify: from n/a through <= 3.2.0.
CVE-2026-24625MedJan 23, 2026
Imaginate Solutions
File Uploads Addon For Woocommerce
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in Imaginate Solutions File Uploads Addon for WooCommerce woo-addon-uploads allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects File Uploads Addon for WooCommerce: from n/a through <= 1.7.3.
CVE-2026-24619MedJan 23, 2026
Popcash
Popcash.net Code Integration Tool
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in PopCash PopCash.Net Code Integration Tool popcashnet-code-integration-tool allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PopCash.Net Code Integration Tool: from n/a through <= 1.8.
CVE-2026-24615MedJan 23, 2026
Themebeez
Cream Magazine
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in themebeez Cream Magazine cream-magazine allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Cream Magazine: from n/a through <= 2.1.10.
CVE-2026-24613MedJan 23, 2026
Ecwid
Ecommerce Shopping Cart
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in Ecwid by Lightspeed Ecommerce Shopping Cart Ecwid Shopping Cart ecwid-shopping-cart allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ecwid Shopping Cart: from n/a through <= 7.0.6.
CVE-2026-24612MedJan 23, 2026
Themebeez
Orchid Store
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in themebeez Orchid Store orchid-store allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Orchid Store: from n/a through <= 1.5.15.
CVE-2026-24607MedJan 23, 2026
WordPress
Travel Monster
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in wptravelengine Travel Monster travel-monster allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Travel Monster: from n/a through <= 1.3.3.
CVE-2026-24606MedJan 23, 2026
Web Impian
Bayarcash WooCommerce
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in Web Impian Bayarcash WooCommerce bayarcash-wc allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Bayarcash WooCommerce: from n/a through <= 4.3.13.
CVE-2026-24604MedJan 23, 2026
WordPress
Simple Gdpr Cookie Compliance
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in themebeez Simple GDPR Cookie Compliance simple-gdpr-cookie-compliance allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simple GDPR Cookie Compliance: from n/a through <= 2.0.0.
CVE-2026-24603MedJan 23, 2026
WordPress
Universal Google Adsense And Ads Manager
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in themebeez Universal Google Adsense and Ads manager universal-google-adsense-and-ads-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Universal Google Adsense and Ads manager: from n/a…