CWE-862

Missing Authorization

ClassIncompleteLikelihood: High

Description

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

Hierarchy (View 1000)

Parents

CWE-285

Children

Related attack patterns (CAPEC)

CAPEC-665

CVEs mapped to this weakness (5,496)

page 125 of 275

CVE	Vendor / Product	Sev	Risk	CVSS	Published	Description
CVE-2025-13964	WordPress Learnpress	Med	0.34	5.3	Jan 6, 2026	The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the catch_lp_ajax function in all versions up to, and including, 4.3.2. This makes it possible for unauthenticated attackers to…
CVE-2025-14034	Ilghera Woocommerce Support System	Med	0.34	5.3	Jan 6, 2026	The ilGhera Support System for WooCommerce plugin for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check on the 'delete_single_ticket_callback' and 'change_ticket_status_callback' functions in all versions up to, and…
CVE-2025-62755	WordPress Gs Portfolio	Med	0.34	5.3	Dec 31, 2025	Missing Authorization vulnerability in GS Plugins GS Portfolio for Envato gs-envato-portfolio allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GS Portfolio for Envato: from n/a through <= 1.4.2.
CVE-2025-62747	WordPress Featured Image Generator	Med	0.34	5.3	Dec 31, 2025	Missing Authorization vulnerability in Aum Watcharapon Featured Image Generator featured-image-generator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Featured Image Generator: from n/a through <= 1.3.4.
CVE-2025-62129	Magnigenie Restropress	Med	0.34	5.3	Dec 31, 2025	Missing Authorization vulnerability in Magnigenie RestroPress restropress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects RestroPress: from n/a through <= 3.2.7.
CVE-2025-62122	WordPress Trash Duplicate And 301 Redirect	Med	0.34	5.3	Dec 31, 2025	Missing Authorization vulnerability in solwininfotech Trash Duplicate and 301 Redirect trash-duplicate-and-301-redirect allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Trash Duplicate and 301 Redirect: from n/a through <= 1.9.1.
CVE-2025-62116	WordPress AI Copilot	Med	0.34	5.3	Dec 31, 2025	Missing Authorization vulnerability in quadlayers AI Copilot ai-copilot allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AI Copilot: from n/a through <= 1.5.2.
CVE-2025-62092	Wiremock Wiremock	Med	0.34	5.3	Dec 31, 2025	Missing Authorization vulnerability in Wiremo Wiremo woo-reviews-by-wiremo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Wiremo: from n/a through <= 1.4.99.
CVE-2025-62079	WordPress Wp Export Categories Taxonomies	Med	0.34	5.3	Dec 31, 2025	Missing Authorization vulnerability in Damian WP Export Categories & Taxonomies wp-export-categories-taxonomies allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Export Categories & Taxonomies: from n/a through <= 1.0.3.
CVE-2025-49338	WordPress Flowbox	Med	0.34	5.3	Dec 31, 2025	Missing Authorization vulnerability in Flowbox Flowbox flowbox allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Flowbox: from n/a through <= 1.1.6.
CVE-2025-63031	—	Med	0.34	5.3	Dec 31, 2025	Missing Authorization vulnerability in WP Grids EasyTest convertpro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects EasyTest: from n/a through <= 1.0.1.
CVE-2025-63022	Illia Simple Like Page	Med	0.34	5.3	Dec 31, 2025	Missing Authorization vulnerability in topdevs.net Simple Like Page simple-facebook-plugin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simple Like Page: from n/a through <= 1.5.3.
CVE-2025-63016	WordPress B Tiktok Feed	Med	0.34	5.3	Dec 31, 2025	Missing Authorization vulnerability in quadlayers QuadLayers TikTok Feed wp-tiktok-feed allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects QuadLayers TikTok Feed: from n/a through <= 4.6.5.
CVE-2025-63001	WordPress Wp Hotel Booking	Med	0.34	5.3	Dec 31, 2025	Missing Authorization vulnerability in nicdark Hotel Booking nd-booking allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Hotel Booking: from n/a through <= 3.8.
CVE-2025-62147	nikmelnik Realbig	Med	0.34	5.3	Dec 31, 2025	Missing Authorization vulnerability in nikmelnik Realbig realbig-media allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Realbig: from n/a through <= 1.1.3.
CVE-2025-62145	NewClarity DMCA Protection Badge	Med	0.34	5.3	Dec 31, 2025	Missing Authorization vulnerability in NewClarity DMCA Protection Badge dmca-badge allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects DMCA Protection Badge: from n/a through <= 2.2.0.
CVE-2025-62141	Information Technology Wawp	Med	0.34	5.3	Dec 31, 2025	Missing Authorization vulnerability in Information Technology Wawp automation-web-platform allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Wawp: from n/a through <= 4.4.
CVE-2025-62081	Channelize.io Team Live Shopping & Shoppable Videos For WooCommerce	Med	0.34	5.3	Dec 31, 2025	Missing Authorization vulnerability in Channelize.io Team Live Shopping & Shoppable Videos For WooCommerce live-shopping-video-streams allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Live Shopping & Shoppable Videos For WooCommerce:…
CVE-2025-49349	Reuters News Agency reuters-direct	Med	0.34	5.3	Dec 31, 2025	Missing Authorization vulnerability in Reuters News Agency Reuters Direct reuters-direct allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Reuters Direct: from n/a through <= 3.0.0.
CVE-2025-62138	Cedcommerce WP Advanced PDF	Med	0.34	5.3	Dec 31, 2025	Missing Authorization vulnerability in cedcommerce WP Advanced PDF wp-advanced-pdf allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Advanced PDF: from n/a through <= 1.1.7.

CVE-2025-13964MedJan 6, 2026
WordPress
Learnpress
risk 0.34cvss 5.3epss 0.00
The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the catch_lp_ajax function in all versions up to, and including, 4.3.2. This makes it possible for unauthenticated attackers to…
CVE-2025-14034MedJan 6, 2026
Ilghera
Woocommerce Support System
risk 0.34cvss 5.3epss 0.00
The ilGhera Support System for WooCommerce plugin for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check on the 'delete_single_ticket_callback' and 'change_ticket_status_callback' functions in all versions up to, and…
CVE-2025-62755MedDec 31, 2025
WordPress
Gs Portfolio
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in GS Plugins GS Portfolio for Envato gs-envato-portfolio allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GS Portfolio for Envato: from n/a through <= 1.4.2.
CVE-2025-62747MedDec 31, 2025
WordPress
Featured Image Generator
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in Aum Watcharapon Featured Image Generator featured-image-generator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Featured Image Generator: from n/a through <= 1.3.4.
CVE-2025-62129MedDec 31, 2025
Magnigenie
Restropress
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in Magnigenie RestroPress restropress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects RestroPress: from n/a through <= 3.2.7.
CVE-2025-62122MedDec 31, 2025
WordPress
Trash Duplicate And 301 Redirect
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in solwininfotech Trash Duplicate and 301 Redirect trash-duplicate-and-301-redirect allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Trash Duplicate and 301 Redirect: from n/a through <= 1.9.1.
CVE-2025-62116MedDec 31, 2025
WordPress
AI Copilot
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in quadlayers AI Copilot ai-copilot allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AI Copilot: from n/a through <= 1.5.2.
CVE-2025-62092MedDec 31, 2025
Wiremock
Wiremock
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in Wiremo Wiremo woo-reviews-by-wiremo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Wiremo: from n/a through <= 1.4.99.
CVE-2025-62079MedDec 31, 2025
WordPress
Wp Export Categories Taxonomies
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in Damian WP Export Categories & Taxonomies wp-export-categories-taxonomies allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Export Categories & Taxonomies: from n/a through <= 1.0.3.
CVE-2025-49338MedDec 31, 2025
WordPress
Flowbox
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in Flowbox Flowbox flowbox allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Flowbox: from n/a through <= 1.1.6.
CVE-2025-63031MedDec 31, 2025
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in WP Grids EasyTest convertpro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects EasyTest: from n/a through <= 1.0.1.
CVE-2025-63022MedDec 31, 2025
Illia
Simple Like Page
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in topdevs.net Simple Like Page simple-facebook-plugin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simple Like Page: from n/a through <= 1.5.3.
CVE-2025-63016MedDec 31, 2025
WordPress
B Tiktok Feed
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in quadlayers QuadLayers TikTok Feed wp-tiktok-feed allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects QuadLayers TikTok Feed: from n/a through <= 4.6.5.
CVE-2025-63001MedDec 31, 2025
WordPress
Wp Hotel Booking
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in nicdark Hotel Booking nd-booking allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Hotel Booking: from n/a through <= 3.8.
CVE-2025-62147MedDec 31, 2025
nikmelnik
Realbig
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in nikmelnik Realbig realbig-media allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Realbig: from n/a through <= 1.1.3.
CVE-2025-62145MedDec 31, 2025
NewClarity
DMCA Protection Badge
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in NewClarity DMCA Protection Badge dmca-badge allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects DMCA Protection Badge: from n/a through <= 2.2.0.
CVE-2025-62141MedDec 31, 2025
Information Technology
Wawp
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in Information Technology Wawp automation-web-platform allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Wawp: from n/a through <= 4.4.
CVE-2025-62081MedDec 31, 2025
Channelize.io Team
Live Shopping & Shoppable Videos For WooCommerce
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in Channelize.io Team Live Shopping & Shoppable Videos For WooCommerce live-shopping-video-streams allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Live Shopping & Shoppable Videos For WooCommerce:…
CVE-2025-49349MedDec 31, 2025
Reuters News Agency
reuters-direct
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in Reuters News Agency Reuters Direct reuters-direct allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Reuters Direct: from n/a through <= 3.0.0.
CVE-2025-62138MedDec 31, 2025
Cedcommerce
WP Advanced PDF
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in cedcommerce WP Advanced PDF wp-advanced-pdf allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Advanced PDF: from n/a through <= 1.1.7.