CWE-862

Missing Authorization

ClassIncompleteLikelihood: High

Description

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

Hierarchy (View 1000)

Parents

CWE-285

Children

Related attack patterns (CAPEC)

CAPEC-665

CVEs mapped to this weakness (5,496)

page 126 of 275

CVE	Vendor / Product	Sev	Risk	CVSS	Published	Description
CVE-2025-66080	WP Legal Pages WP Cookie Notice for GDPR, CCPA & ePrivacy Consent	Med	0.34	5.3	Dec 30, 2025	Missing Authorization vulnerability in WP Legal Pages WP Cookie Notice for GDPR, CCPA & ePrivacy Consent gdpr-cookie-consent allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Cookie Notice for GDPR, CCPA & ePrivacy Consent: from n/a…
CVE-2025-69031	Getarcaneapp Arcane	Med	0.34	5.3	Dec 30, 2025	Missing Authorization vulnerability in Skywarrior Arcane arcane allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Arcane: from n/a through <= 3.6.6.
CVE-2025-69028	Boldgrid Weforms	Med	0.34	5.3	Dec 30, 2025	Missing Authorization vulnerability in BoldGrid weForms weforms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects weForms: from n/a through <= 1.6.25.
CVE-2025-69027	WordPress Product Delivery Date For Woocommerce Lite	Med	0.34	5.3	Dec 30, 2025	Missing Authorization vulnerability in tychesoftwares Product Delivery Date for WooCommerce – Lite product-delivery-date-for-woocommerce-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Product Delivery Date for WooCommerce –…
CVE-2025-69010	WordPress Themebeez Toolkit	Med	0.34	5.3	Dec 30, 2025	Missing Authorization vulnerability in themebeez Themebeez Toolkit themebeez-toolkit allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Themebeez Toolkit: from n/a through <= 1.3.5.
CVE-2025-69009	kamleshyadav Medicalequipment	Med	0.34	5.3	Dec 30, 2025	Missing Authorization vulnerability in kamleshyadav Medicalequipment medicalequipment allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Medicalequipment: from n/a through <= 1.0.9.
CVE-2025-68994	Xforwoocommerce Product Loops for WooCommerce	Med	0.34	5.3	Dec 30, 2025	Missing Authorization vulnerability in XforWooCommerce Product Loops for WooCommerce product-loops allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Product Loops for WooCommerce: from n/a through <= 2.1.2.
CVE-2025-68993	Xforwoocommerce Share\, Print And Pdf Products	Med	0.34	5.3	Dec 30, 2025	Missing Authorization vulnerability in XforWooCommerce Share, Print and PDF Products for WooCommerce share-print-pdf-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Share, Print and PDF Products for WooCommerce: from n/a…
CVE-2025-68982	WordPress Designthemes Lms Addon	Med	0.34	5.3	Dec 30, 2025	Missing Authorization vulnerability in designthemes DesignThemes LMS Addon designthemes-lms-addon allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects DesignThemes LMS Addon: from n/a through <= 2.6.
CVE-2025-68981	designthemes HomeFix Elementor Portfolio	Med	0.34	5.3	Dec 30, 2025	Missing Authorization vulnerability in designthemes HomeFix Elementor Portfolio homefix-ele-portfolio allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects HomeFix Elementor Portfolio: from n/a through <= 1.0.1.
CVE-2025-68980	designthemes WeDesignTech Portfolio	Med	0.34	5.3	Dec 30, 2025	Missing Authorization vulnerability in designthemes WeDesignTech Portfolio wedesigntech-portfolio allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WeDesignTech Portfolio: from n/a through <= 1.0.2.
CVE-2025-68596	Filemanagerpro Bit Assist	Med	0.34	5.3	Dec 24, 2025	Missing Authorization vulnerability in Bit Apps Bit Assist bit-assist allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Bit Assist: from n/a through <= 1.5.11.
CVE-2025-68595	WordPress Social Photo Feed Widget	Med	0.34	5.3	Dec 24, 2025	Missing Authorization vulnerability in Trustindex Widgets for Social Photo Feed social-photo-feed-widget allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Widgets for Social Photo Feed: from n/a through <= 1.8.
CVE-2025-68594	WordPress Social Polls By Opinionstage	Med	0.34	5.3	Dec 24, 2025	Missing Authorization vulnerability in Opinion Stage Poll, Survey & Quiz Maker Plugin by Opinion Stage social-polls-by-opinionstage allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Poll, Survey & Quiz Maker Plugin by Opinion Stage: from…
CVE-2025-68589	WP Socio WP Telegram Widget and Join Link	Med	0.34	5.3	Dec 24, 2025	Missing Authorization vulnerability in WP Socio WP Telegram Widget and Join Link wptelegram-widget allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Telegram Widget and Join Link: from n/a through <= 2.2.12.
CVE-2025-68586	WordPress Cooked	Med	0.34	5.3	Dec 24, 2025	Missing Authorization vulnerability in Gora Tech Cooked cooked allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Cooked: from n/a through <= 1.11.3.
CVE-2025-68582	Funnelforms Funnelforms	Med	0.34	5.3	Dec 24, 2025	Missing Authorization vulnerability in Funnelforms Funnelforms Free funnelforms-free allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Funnelforms Free: from n/a through <= 3.8.
CVE-2025-68579	Foliovision FV Simpler SEO	Med	0.34	5.3	Dec 24, 2025	Missing Authorization vulnerability in FolioVision FV Simpler SEO fv-all-in-one-seo-pack allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects FV Simpler SEO: from n/a through <= 1.9.6.
CVE-2025-68578	WordPress Addonify Quick View	Med	0.34	5.3	Dec 24, 2025	Missing Authorization vulnerability in Addonify Addonify addonify-quick-view allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Addonify: from n/a through <= 2.0.4.
CVE-2025-68575	WordPress Wappointment	Med	0.34	5.3	Dec 24, 2025	Missing Authorization vulnerability in Wappointment team Wappointment wappointment allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Wappointment: from n/a through <= 2.7.6.

CVE-2025-66080MedDec 30, 2025
WP Legal Pages
WP Cookie Notice for GDPR, CCPA & ePrivacy Consent
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in WP Legal Pages WP Cookie Notice for GDPR, CCPA & ePrivacy Consent gdpr-cookie-consent allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Cookie Notice for GDPR, CCPA & ePrivacy Consent: from n/a…
CVE-2025-69031MedDec 30, 2025
Getarcaneapp
Arcane
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in Skywarrior Arcane arcane allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Arcane: from n/a through <= 3.6.6.
CVE-2025-69028MedDec 30, 2025
Boldgrid
Weforms
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in BoldGrid weForms weforms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects weForms: from n/a through <= 1.6.25.
CVE-2025-69027MedDec 30, 2025
WordPress
Product Delivery Date For Woocommerce Lite
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in tychesoftwares Product Delivery Date for WooCommerce – Lite product-delivery-date-for-woocommerce-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Product Delivery Date for WooCommerce –…
CVE-2025-69010MedDec 30, 2025
WordPress
Themebeez Toolkit
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in themebeez Themebeez Toolkit themebeez-toolkit allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Themebeez Toolkit: from n/a through <= 1.3.5.
CVE-2025-69009MedDec 30, 2025
kamleshyadav
Medicalequipment
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in kamleshyadav Medicalequipment medicalequipment allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Medicalequipment: from n/a through <= 1.0.9.
CVE-2025-68994MedDec 30, 2025
Xforwoocommerce
Product Loops for WooCommerce
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in XforWooCommerce Product Loops for WooCommerce product-loops allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Product Loops for WooCommerce: from n/a through <= 2.1.2.
CVE-2025-68993MedDec 30, 2025
Xforwoocommerce
Share\, Print And Pdf Products
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in XforWooCommerce Share, Print and PDF Products for WooCommerce share-print-pdf-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Share, Print and PDF Products for WooCommerce: from n/a…
CVE-2025-68982MedDec 30, 2025
WordPress
Designthemes Lms Addon
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in designthemes DesignThemes LMS Addon designthemes-lms-addon allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects DesignThemes LMS Addon: from n/a through <= 2.6.
CVE-2025-68981MedDec 30, 2025
designthemes
HomeFix Elementor Portfolio
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in designthemes HomeFix Elementor Portfolio homefix-ele-portfolio allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects HomeFix Elementor Portfolio: from n/a through <= 1.0.1.
CVE-2025-68980MedDec 30, 2025
designthemes
WeDesignTech Portfolio
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in designthemes WeDesignTech Portfolio wedesigntech-portfolio allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WeDesignTech Portfolio: from n/a through <= 1.0.2.
CVE-2025-68596MedDec 24, 2025
Filemanagerpro
Bit Assist
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in Bit Apps Bit Assist bit-assist allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Bit Assist: from n/a through <= 1.5.11.
CVE-2025-68595MedDec 24, 2025
WordPress
Social Photo Feed Widget
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in Trustindex Widgets for Social Photo Feed social-photo-feed-widget allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Widgets for Social Photo Feed: from n/a through <= 1.8.
CVE-2025-68594MedDec 24, 2025
WordPress
Social Polls By Opinionstage
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in Opinion Stage Poll, Survey & Quiz Maker Plugin by Opinion Stage social-polls-by-opinionstage allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Poll, Survey & Quiz Maker Plugin by Opinion Stage: from…
CVE-2025-68589MedDec 24, 2025
WP Socio
WP Telegram Widget and Join Link
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in WP Socio WP Telegram Widget and Join Link wptelegram-widget allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Telegram Widget and Join Link: from n/a through <= 2.2.12.
CVE-2025-68586MedDec 24, 2025
WordPress
Cooked
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in Gora Tech Cooked cooked allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Cooked: from n/a through <= 1.11.3.
CVE-2025-68582MedDec 24, 2025
Funnelforms
Funnelforms
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in Funnelforms Funnelforms Free funnelforms-free allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Funnelforms Free: from n/a through <= 3.8.
CVE-2025-68579MedDec 24, 2025
Foliovision
FV Simpler SEO
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in FolioVision FV Simpler SEO fv-all-in-one-seo-pack allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects FV Simpler SEO: from n/a through <= 1.9.6.
CVE-2025-68578MedDec 24, 2025
WordPress
Addonify Quick View
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in Addonify Addonify addonify-quick-view allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Addonify: from n/a through <= 2.0.4.
CVE-2025-68575MedDec 24, 2025
WordPress
Wappointment
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in Wappointment team Wappointment wappointment allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Wappointment: from n/a through <= 2.7.6.