CWE-862

Missing Authorization

ClassIncompleteLikelihood: High

Description

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

Hierarchy (View 1000)

Parents

CWE-285

Children

Related attack patterns (CAPEC)

CAPEC-665

CVEs mapped to this weakness (5,496)

page 129 of 275

CVE	Vendor / Product	Sev	Risk	CVSS	Published	Description
CVE-2022-46845	Essential Plugin Slider a SlidersPack	Med	0.34	5.3	Dec 9, 2025	Missing Authorization vulnerability in Essential Plugin Slider a SlidersPack allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Slider a SlidersPack: from n/a before 2.3.
CVE-2025-67586	Ronald Huereca Highlight and Share	Med	0.34	4.7	Dec 9, 2025	Missing Authorization vulnerability in Ronald Huereca Highlight and Share highlight-and-share allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Highlight and Share: from n/a through <= 5.2.0.
CVE-2025-67584	WordPress Godam	Med	0.34	5.3	Dec 9, 2025	Missing Authorization vulnerability in rtCamp GoDAM godam allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GoDAM: from n/a through <= 1.4.6.
CVE-2025-67583	Themeatelier Idonate	Med	0.34	5.3	Dec 9, 2025	Missing Authorization vulnerability in Foysal Imran IDonate idonate allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects IDonate: from n/a through <= 2.1.15.
CVE-2025-67582	Wbcomdesigns lock-my-bp	Med	0.34	5.3	Dec 9, 2025	Missing Authorization vulnerability in wbcomdesigns Wbcom Designs lock-my-bp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Wbcom Designs: from n/a through <= 2.1.1.
CVE-2025-67581	Themetechmount Truebooker	Med	0.34	5.3	Dec 9, 2025	Missing Authorization vulnerability in themetechmount TrueBooker truebooker-appointment-booking allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects TrueBooker: from n/a through <= 1.1.0.
CVE-2025-67580	WordPress Constant Contact Woocommerce	Med	0.34	5.3	Dec 9, 2025	Missing Authorization vulnerability in Constant Contact Constant Contact + WooCommerce constant-contact-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Constant Contact + WooCommerce: from n/a through <= 2.4.1.
CVE-2025-67579	WordPress User Extra Fields	Med	0.34	5.3	Dec 9, 2025	Missing Authorization vulnerability in vanquish User Extra Fields wp-user-extra-fields allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects User Extra Fields: from n/a through <= 16.8.
CVE-2025-67578	Rhys Wynne WP Email Capture	Med	0.34	5.3	Dec 9, 2025	Missing Authorization vulnerability in Rhys Wynne WP Email Capture wp-email-capture allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Email Capture: from n/a through <= 3.12.4.
CVE-2025-67577	hassantafreshi Easy Form Builder	Med	0.34	5.3	Dec 9, 2025	Missing Authorization vulnerability in hassantafreshi Easy Form Builder easy-form-builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Form Builder: from n/a through <= 3.8.20.
CVE-2025-67576	WordPress Simple Link Directory	Med	0.34	5.3	Dec 9, 2025	Missing Authorization vulnerability in QuantumCloud Simple Link Directory simple-link-directory allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simple Link Directory: from n/a through <= 8.8.3.
CVE-2025-67575	Andrew Lima Sitewide Notice WP	Med	0.34	5.3	Dec 9, 2025	Missing Authorization vulnerability in Andrew Lima Sitewide Notice WP sitewide-notice-wp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sitewide Notice WP: from n/a through <= 2.4.1.
CVE-2025-67574	Saasproject Booking Package Appointment Booking Calendar System	Med	0.34	5.3	Dec 9, 2025	Missing Authorization vulnerability in wpdevart Booking calendar, Appointment Booking System booking-calendar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Booking calendar, Appointment Booking System: from n/a through <= 3.2.30.
CVE-2025-67573	WordPress Sailing	Med	0.34	5.3	Dec 9, 2025	Missing Authorization vulnerability in ThimPress Sailing sailing allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sailing: from n/a through < 4.4.6.
CVE-2025-67572	WordPress Pennews	Med	0.34	5.3	Dec 9, 2025	Missing Authorization vulnerability in PenciDesign PenNews pennews allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PenNews: from n/a through < 6.7.4.
CVE-2025-67571	Getwpfunnels Wpfunnels	Med	0.34	5.3	Dec 9, 2025	Missing Authorization vulnerability in WPFunnels WPFunnels wpfunnels allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPFunnels: from n/a through <= 3.6.2.
CVE-2025-67570	Westerndeal WPForms Google Sheet Connector	Med	0.34	5.3	Dec 9, 2025	Missing Authorization vulnerability in WesternDeal WPForms Google Sheet Connector gsheetconnector-wpforms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPForms Google Sheet Connector: from n/a through <= 4.0.0.
CVE-2025-67569	AdForest AdForest	Med	0.34	5.3	Dec 9, 2025	Missing Authorization vulnerability in scriptsbundle AdForest adforest allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AdForest: from n/a through <= 6.0.11.
CVE-2025-67568	WordPress Basel	Med	0.34	5.3	Dec 9, 2025	Missing Authorization vulnerability in xtemos Basel basel allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Basel: from n/a through <= 5.9.1.
CVE-2025-67566	Wofficeio Woffice Core	Med	0.34	5.3	Dec 9, 2025	Missing Authorization vulnerability in WofficeIO Woffice Core woffice-core allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Woffice Core: from n/a through <= 5.4.30.

CVE-2022-46845MedDec 9, 2025
Essential Plugin
Slider a SlidersPack
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in Essential Plugin Slider a SlidersPack allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Slider a SlidersPack: from n/a before 2.3.
CVE-2025-67586MedDec 9, 2025
Ronald Huereca
Highlight and Share
risk 0.34cvss 4.7epss 0.00
Missing Authorization vulnerability in Ronald Huereca Highlight and Share highlight-and-share allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Highlight and Share: from n/a through <= 5.2.0.
CVE-2025-67584MedDec 9, 2025
WordPress
Godam
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in rtCamp GoDAM godam allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GoDAM: from n/a through <= 1.4.6.
CVE-2025-67583MedDec 9, 2025
Themeatelier
Idonate
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in Foysal Imran IDonate idonate allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects IDonate: from n/a through <= 2.1.15.
CVE-2025-67582MedDec 9, 2025
Wbcomdesigns
lock-my-bp
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in wbcomdesigns Wbcom Designs lock-my-bp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Wbcom Designs: from n/a through <= 2.1.1.
CVE-2025-67581MedDec 9, 2025
Themetechmount
Truebooker
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in themetechmount TrueBooker truebooker-appointment-booking allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects TrueBooker: from n/a through <= 1.1.0.
CVE-2025-67580MedDec 9, 2025
WordPress
Constant Contact Woocommerce
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in Constant Contact Constant Contact + WooCommerce constant-contact-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Constant Contact + WooCommerce: from n/a through <= 2.4.1.
CVE-2025-67579MedDec 9, 2025
WordPress
User Extra Fields
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in vanquish User Extra Fields wp-user-extra-fields allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects User Extra Fields: from n/a through <= 16.8.
CVE-2025-67578MedDec 9, 2025
Rhys Wynne
WP Email Capture
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in Rhys Wynne WP Email Capture wp-email-capture allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Email Capture: from n/a through <= 3.12.4.
CVE-2025-67577MedDec 9, 2025
hassantafreshi
Easy Form Builder
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in hassantafreshi Easy Form Builder easy-form-builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Form Builder: from n/a through <= 3.8.20.
CVE-2025-67576MedDec 9, 2025
WordPress
Simple Link Directory
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in QuantumCloud Simple Link Directory simple-link-directory allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simple Link Directory: from n/a through <= 8.8.3.
CVE-2025-67575MedDec 9, 2025
Andrew Lima
Sitewide Notice WP
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in Andrew Lima Sitewide Notice WP sitewide-notice-wp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sitewide Notice WP: from n/a through <= 2.4.1.
CVE-2025-67574MedDec 9, 2025
Saasproject
Booking Package Appointment Booking Calendar System
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in wpdevart Booking calendar, Appointment Booking System booking-calendar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Booking calendar, Appointment Booking System: from n/a through <= 3.2.30.
CVE-2025-67573MedDec 9, 2025
WordPress
Sailing
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in ThimPress Sailing sailing allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sailing: from n/a through < 4.4.6.
CVE-2025-67572MedDec 9, 2025
WordPress
Pennews
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in PenciDesign PenNews pennews allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PenNews: from n/a through < 6.7.4.
CVE-2025-67571MedDec 9, 2025
Getwpfunnels
Wpfunnels
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in WPFunnels WPFunnels wpfunnels allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPFunnels: from n/a through <= 3.6.2.
CVE-2025-67570MedDec 9, 2025
Westerndeal
WPForms Google Sheet Connector
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in WesternDeal WPForms Google Sheet Connector gsheetconnector-wpforms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPForms Google Sheet Connector: from n/a through <= 4.0.0.
CVE-2025-67569MedDec 9, 2025
AdForest
AdForest
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in scriptsbundle AdForest adforest allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AdForest: from n/a through <= 6.0.11.
CVE-2025-67568MedDec 9, 2025
WordPress
Basel
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in xtemos Basel basel allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Basel: from n/a through <= 5.9.1.
CVE-2025-67566MedDec 9, 2025
Wofficeio
Woffice Core
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in WofficeIO Woffice Core woffice-core allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Woffice Core: from n/a through <= 5.4.30.