CWE-862

Missing Authorization

ClassIncompleteLikelihood: High

Description

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

Hierarchy (View 1000)

Parents

CWE-285

Children

Related attack patterns (CAPEC)

CAPEC-665

CVEs mapped to this weakness (5,496)

page 128 of 275

CVE	Vendor / Product	Sev	Risk	CVSS	Published	Description
CVE-2025-66128	Brevo Sendinblue for WooCommerce	Med	0.34	5.3	Dec 16, 2025	Missing Authorization vulnerability in Brevo Sendinblue for WooCommerce woocommerce-sendinblue-newsletter-subscription allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sendinblue for WooCommerce: from n/a through <= 4.0.49.
CVE-2025-66127	WordPress Essential Real Estate	Med	0.34	5.3	Dec 16, 2025	Missing Authorization vulnerability in g5theme Essential Real Estate essential-real-estate allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Essential Real Estate: from n/a through <= 5.3.2.
CVE-2025-66124	ZEEN101 Leaky Paywall	Med	0.34	5.3	Dec 16, 2025	Missing Authorization vulnerability in ZEEN101 Leaky Paywall leaky-paywall allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Leaky Paywall: from n/a through <= 4.22.6.
CVE-2025-66122	Stylishpricelist Stylish Price List	Med	0.34	5.3	Dec 16, 2025	Missing Authorization vulnerability in Design Stylish Price List stylish-price-list allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Stylish Price List: from n/a through <= 7.2.2.
CVE-2025-66121	Siteground Siteground Security	Med	0.34	5.3	Dec 16, 2025	Missing Authorization vulnerability in SiteGround SiteGround Security sg-security allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SiteGround Security: from n/a through <= 1.5.8.
CVE-2025-66120	WordPress Catfolders	Med	0.34	5.3	Dec 16, 2025	Missing Authorization vulnerability in CatFolders CatFolders catfolders allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CatFolders: from n/a through <= 2.5.3.
CVE-2025-64639	WordPress Wp Compress Mainwp	Med	0.34	5.3	Dec 16, 2025	Missing Authorization vulnerability in WP Compress WP Compress for MainWP wp-compress-mainwp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Compress for MainWP: from n/a through <= 6.50.17.
CVE-2025-64638	OnPay.io OnPay.io for WooCommerce	Med	0.34	5.3	Dec 16, 2025	Missing Authorization vulnerability in OnPay.io OnPay.io for WooCommerce onpay-io-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects OnPay.io for WooCommerce: from n/a through <= 1.0.47.
CVE-2025-64635	Smashballoon Feeds For Youtube	Med	0.34	5.3	Dec 16, 2025	Missing Authorization vulnerability in Syed Balkhi Feeds for YouTube feeds-for-youtube allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Feeds for YouTube: from n/a through <= 2.4.0.
CVE-2025-64634	Theme Fusion Avada	Med	0.34	5.3	Dec 16, 2025	Missing Authorization vulnerability in ThemeFusion Avada avada allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Avada: from n/a through <= 7.13.2.
CVE-2025-64632	Auctollo Google XML Sitemaps	Med	0.34	5.3	Dec 16, 2025	Missing Authorization vulnerability in Auctollo Google XML Sitemaps google-sitemap-generator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Google XML Sitemaps: from n/a through <= 4.1.22.
CVE-2025-64249	Experts Experts	Med	0.34	5.3	Dec 16, 2025	Missing Authorization vulnerability in WP-EXPERTS.IN Protect WP Admin protect-wp-admin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Protect WP Admin: from n/a through <= 4.1.
CVE-2025-11991	WordPress Jetformbuilder	Med	0.34	5.3	Dec 16, 2025	The JetFormBuilder — Dynamic Blocks Form Builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the run_callback function in all versions up to, and including, 3.5.3. This makes it possible for unauthenticated…
CVE-2025-14367	WordPress Easy Theme Options	Med	0.34	5.3	Dec 13, 2025	The Easy Theme Options plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.0. This is due to missing authorization checks in the eto_import_settings function. This makes it possible for authenticated attackers, with…
CVE-2025-14366	WordPress Eyewear Prescription Form	Med	0.34	5.3	Dec 13, 2025	The Eyewear prescription form plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 6.0.1. This is due to missing authorization checks on the SubmitCatProductRequest AJAX action. This makes it possible for unauthenticated attackers to…
CVE-2025-14365	WordPress Eyewear Prescription Form	Med	0.34	5.3	Dec 13, 2025	The Eyewear prescription form plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 6.0.1. This is due to missing capability checks on the RemoveItems AJAX action. This makes it possible for unauthenticated attackers to delete…
CVE-2025-13093	Devs CRM Devs CRM – Manage tasks, attendance and teams all together	Med	0.34	5.3	Dec 13, 2025	The Devs CRM – Manage tasks, attendance and teams all together plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the '/wp-json/devs-crm/v1/bulk-update' REST-API endpoint in all versions up to, and including, 1.1.8.…
CVE-2025-13092	WordPress Devs CRM	Med	0.34	5.3	Dec 13, 2025	The Devs CRM – Manage tasks, attendance and teams all together plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the /wp-json/devs-crm/v1/attendances REST API Endpoint in all versions up to, and including, 1.1.8. This makes…
CVE-2025-12655	WordPress Hippoo Mobile App For Woocommerce	Med	0.34	5.3	Dec 12, 2025	The Hippoo Mobile App for WooCommerce plugin for WordPress is vulnerable to arbitrary file write via a missing authorization check in all versions up to, and including, 1.7.1. This is due to the REST API endpoint `/wp-json/hippoo/v1/wc/token/save_callback/{token_id}` being…
CVE-2025-13314	WordPress Filter Plus	Med	0.34	5.3	Dec 12, 2025	The Product Filtering by Categories, Tags, Price Range for WooCommerce – Filter Plus plugin for WordPress is vulnerable to unauthorized modification of data in all versions up to, and including, 1.1.6 due to a missing capability check on the 'filter_save_settings' and…

CVE-2025-66128MedDec 16, 2025
Brevo
Sendinblue for WooCommerce
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in Brevo Sendinblue for WooCommerce woocommerce-sendinblue-newsletter-subscription allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sendinblue for WooCommerce: from n/a through <= 4.0.49.
CVE-2025-66127MedDec 16, 2025
WordPress
Essential Real Estate
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in g5theme Essential Real Estate essential-real-estate allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Essential Real Estate: from n/a through <= 5.3.2.
CVE-2025-66124MedDec 16, 2025
ZEEN101
Leaky Paywall
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in ZEEN101 Leaky Paywall leaky-paywall allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Leaky Paywall: from n/a through <= 4.22.6.
CVE-2025-66122MedDec 16, 2025
Stylishpricelist
Stylish Price List
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in Design Stylish Price List stylish-price-list allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Stylish Price List: from n/a through <= 7.2.2.
CVE-2025-66121MedDec 16, 2025
Siteground
Siteground Security
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in SiteGround SiteGround Security sg-security allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SiteGround Security: from n/a through <= 1.5.8.
CVE-2025-66120MedDec 16, 2025
WordPress
Catfolders
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in CatFolders CatFolders catfolders allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CatFolders: from n/a through <= 2.5.3.
CVE-2025-64639MedDec 16, 2025
WordPress
Wp Compress Mainwp
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in WP Compress WP Compress for MainWP wp-compress-mainwp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Compress for MainWP: from n/a through <= 6.50.17.
CVE-2025-64638MedDec 16, 2025
OnPay.io
OnPay.io for WooCommerce
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in OnPay.io OnPay.io for WooCommerce onpay-io-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects OnPay.io for WooCommerce: from n/a through <= 1.0.47.
CVE-2025-64635MedDec 16, 2025
Smashballoon
Feeds For Youtube
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in Syed Balkhi Feeds for YouTube feeds-for-youtube allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Feeds for YouTube: from n/a through <= 2.4.0.
CVE-2025-64634MedDec 16, 2025
Theme Fusion
Avada
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in ThemeFusion Avada avada allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Avada: from n/a through <= 7.13.2.
CVE-2025-64632MedDec 16, 2025
Auctollo
Google XML Sitemaps
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in Auctollo Google XML Sitemaps google-sitemap-generator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Google XML Sitemaps: from n/a through <= 4.1.22.
CVE-2025-64249MedDec 16, 2025
Experts
Experts
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in WP-EXPERTS.IN Protect WP Admin protect-wp-admin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Protect WP Admin: from n/a through <= 4.1.
CVE-2025-11991MedDec 16, 2025
WordPress
Jetformbuilder
risk 0.34cvss 5.3epss 0.00
The JetFormBuilder — Dynamic Blocks Form Builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the run_callback function in all versions up to, and including, 3.5.3. This makes it possible for unauthenticated…
CVE-2025-14367MedDec 13, 2025
WordPress
Easy Theme Options
risk 0.34cvss 5.3epss 0.00
The Easy Theme Options plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.0. This is due to missing authorization checks in the eto_import_settings function. This makes it possible for authenticated attackers, with…
CVE-2025-14366MedDec 13, 2025
WordPress
Eyewear Prescription Form
risk 0.34cvss 5.3epss 0.00
The Eyewear prescription form plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 6.0.1. This is due to missing authorization checks on the SubmitCatProductRequest AJAX action. This makes it possible for unauthenticated attackers to…
CVE-2025-14365MedDec 13, 2025
WordPress
Eyewear Prescription Form
risk 0.34cvss 5.3epss 0.00
The Eyewear prescription form plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 6.0.1. This is due to missing capability checks on the RemoveItems AJAX action. This makes it possible for unauthenticated attackers to delete…
CVE-2025-13093MedDec 13, 2025
Devs CRM
Devs CRM – Manage tasks, attendance and teams all together
risk 0.34cvss 5.3epss 0.00
The Devs CRM – Manage tasks, attendance and teams all together plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the '/wp-json/devs-crm/v1/bulk-update' REST-API endpoint in all versions up to, and including, 1.1.8.…
CVE-2025-13092MedDec 13, 2025
WordPress
Devs CRM
risk 0.34cvss 5.3epss 0.00
The Devs CRM – Manage tasks, attendance and teams all together plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the /wp-json/devs-crm/v1/attendances REST API Endpoint in all versions up to, and including, 1.1.8. This makes…
CVE-2025-12655MedDec 12, 2025
WordPress
Hippoo Mobile App For Woocommerce
risk 0.34cvss 5.3epss 0.00
The Hippoo Mobile App for WooCommerce plugin for WordPress is vulnerable to arbitrary file write via a missing authorization check in all versions up to, and including, 1.7.1. This is due to the REST API endpoint `/wp-json/hippoo/v1/wc/token/save_callback/{token_id}` being…
CVE-2025-13314MedDec 12, 2025
WordPress
Filter Plus
risk 0.34cvss 5.3epss 0.00
The Product Filtering by Categories, Tags, Price Range for WooCommerce – Filter Plus plugin for WordPress is vulnerable to unauthorized modification of data in all versions up to, and including, 1.1.6 due to a missing capability check on the 'filter_save_settings' and…