CWE-862
Missing Authorization
Description
The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-665
CVEs mapped to this weakness (5,549)
page 13 of 278| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-13232 | Hig | 0.57 | 8.8 | 0.00 | Mar 5, 2025 | The WordPress Awesome Import & Export Plugin - Import & Export WordPress Data plugin for WordPress is vulnerable arbitrary SQL Execution and privilege escalation due to a missing capability check on the renderImport() function in all versions up to, and including, 4.1.1. This… | ||
| CVE-2025-27270 | Cri | 0.57 | 9.8 | 0.00 | Mar 3, 2025 | Missing Authorization vulnerability in enituretechnology Residential Address Detection residential-address-detection allows Privilege Escalation.This issue affects Residential Address Detection: from n/a through <= 2.5.4. | ||
| CVE-2025-1682 | Hig | 0.57 | 8.8 | 0.01 | Feb 28, 2025 | The Cardealer theme for WordPress is vulnerable to privilege escalation in versions up to, and including, 1.6.4 due to missing capability check on the 'save_settings' function. This makes it possible for authenticated attackers, with subscriber-level access and above, to modify… | ||
| CVE-2024-12296 | Hig | 0.57 | 8.8 | 0.00 | Feb 12, 2025 | The Apus Framework plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the 'import_page_options' function in all versions up to, and including, 2.4. This makes it possible for… | ||
| CVE-2024-13653 | Hig | 0.57 | 8.8 | 0.00 | Feb 12, 2025 | The ZoxPress - The All-In-One WordPress News Theme theme for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the 'backup_options' and 'restore_options' functions in all versions up to, and… | ||
| CVE-2024-13643 | Hig | 0.57 | 8.8 | 0.01 | Feb 11, 2025 | The Zox News - Professional WordPress News & Magazine Theme plugin for WordPress is vulnerable to unauthorized data modification. This vulnerability can lead to privilege escalation and denial of service conditions due to missing capability checks on the backup_options() and… | ||
| CVE-2025-24734 | Hig | 0.57 | 8.8 | 0.01 | Jan 27, 2025 | Missing Authorization vulnerability in CodeSolz Better Find and Replace real-time-auto-find-and-replace allows Privilege Escalation.This issue affects Better Find and Replace: from n/a through <= 1.6.7. | ||
| CVE-2024-12202 | Hig | 0.57 | 8.8 | 0.01 | Jan 7, 2025 | The Croma Music plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the 'ironMusic_ajax' function in all versions up to, and including, 3.6. This makes it possible for authenticated… | ||
| CVE-2024-12535 | Hig | 0.57 | 8.6 | 0.01 | Jan 7, 2025 | The Host PHP Info plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check when including the 'phpinfo' function in all versions up to, and including, 1.0.4. This makes it possible for unauthenticated attackers to read configuration… | ||
| CVE-2024-56061 | Hig | 0.57 | 8.8 | 0.00 | Dec 31, 2024 | Missing Authorization vulnerability in Ateeq Rafeeq RepairBuddy computer-repair-shop allows Privilege Escalation.This issue affects RepairBuddy: from n/a through <= 3.8119. | ||
| CVE-2024-56211 | Hig | 0.57 | 8.8 | 0.00 | Dec 31, 2024 | Missing Authorization vulnerability in DeluxeThemes Userpro userpro.This issue affects Userpro: from n/a through <= 5.1.9. | ||
| CVE-2024-12881 | Hig | 0.57 | 8.8 | 0.00 | Dec 24, 2024 | The PlugVersions – Easily rollback to previous versions of your plugins plugin for WordPress is vulnerable to arbitrary file uploads due to a missing capability check on the eos_plugin_reviews_restore_version() function in all versions up to, and including, 0.0.7. This makes… | ||
| CVE-2024-56048 | Hig | 0.57 | 8.8 | 0.01 | Dec 18, 2024 | Missing Authorization vulnerability in VibeThemes WPLMS wplms_plugin allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WPLMS: from n/a through <= 1.9.9. | ||
| CVE-2024-12259 | Hig | 0.57 | 8.8 | 0.01 | Dec 18, 2024 | The CRM WordPress Plugin – RepairBuddy plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.8120. This is due to the plugin not properly validating a user's identity prior to updating their email through the… | ||
| CVE-2024-54379 | Hig | 0.57 | 8.8 | 0.01 | Dec 16, 2024 | Missing Authorization vulnerability in blokhauswp Minterpress minterpress allows Privilege Escalation.This issue affects Minterpress: from n/a through <= 1.0.5. | ||
| CVE-2024-54378 | Hig | 0.57 | 8.8 | 0.01 | Dec 16, 2024 | Missing Authorization vulnerability in Quietly Quietly Insights quietly-insights allows Privilege Escalation.This issue affects Quietly Insights: from n/a through <= 1.2.2. | ||
| CVE-2023-33996 | Hig | 0.57 | 8.8 | 0.01 | Dec 13, 2024 | Missing Authorization vulnerability in СleanTalk - Anti-Spam Protection Spam protection, AntiSpam, FireWall by CleanTalk allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Spam protection, AntiSpam, FireWall by CleanTalk: from n/a through… | ||
| CVE-2024-11443 | Hig | 0.57 | 8.8 | 0.00 | Dec 12, 2024 | The de:branding plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the debranding_save() function in all versions up to, and including, 1.0.2. This makes it possible for authenticated… | ||
| CVE-2024-11323 | Hig | 0.57 | 8.8 | 0.00 | Dec 6, 2024 | The AI Quiz | Quiz Maker plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the ai_quiz_update_style() function in all versions up to, and including, 1.1. This makes it possible for… | ||
| CVE-2024-53938 | Hig | 0.57 | 8.8 | 0.00 | Dec 2, 2024 | An issue was discovered in Victure RX1800 WiFi 6 Router (software EN_V1.0.0_r12_110933, hardware 1.0) devices. The TELNET service is enabled by default and exposed over the LAN. The root account is accessible without a password, allowing attackers to achieve full control over… |
- risk 0.57cvss 8.8epss 0.00
The WordPress Awesome Import & Export Plugin - Import & Export WordPress Data plugin for WordPress is vulnerable arbitrary SQL Execution and privilege escalation due to a missing capability check on the renderImport() function in all versions up to, and including, 4.1.1. This…
- risk 0.57cvss 9.8epss 0.00
Missing Authorization vulnerability in enituretechnology Residential Address Detection residential-address-detection allows Privilege Escalation.This issue affects Residential Address Detection: from n/a through <= 2.5.4.
- risk 0.57cvss 8.8epss 0.01
The Cardealer theme for WordPress is vulnerable to privilege escalation in versions up to, and including, 1.6.4 due to missing capability check on the 'save_settings' function. This makes it possible for authenticated attackers, with subscriber-level access and above, to modify…
- risk 0.57cvss 8.8epss 0.00
The Apus Framework plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the 'import_page_options' function in all versions up to, and including, 2.4. This makes it possible for…
- risk 0.57cvss 8.8epss 0.00
The ZoxPress - The All-In-One WordPress News Theme theme for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the 'backup_options' and 'restore_options' functions in all versions up to, and…
- risk 0.57cvss 8.8epss 0.01
The Zox News - Professional WordPress News & Magazine Theme plugin for WordPress is vulnerable to unauthorized data modification. This vulnerability can lead to privilege escalation and denial of service conditions due to missing capability checks on the backup_options() and…
- risk 0.57cvss 8.8epss 0.01
Missing Authorization vulnerability in CodeSolz Better Find and Replace real-time-auto-find-and-replace allows Privilege Escalation.This issue affects Better Find and Replace: from n/a through <= 1.6.7.
- risk 0.57cvss 8.8epss 0.01
The Croma Music plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the 'ironMusic_ajax' function in all versions up to, and including, 3.6. This makes it possible for authenticated…
- risk 0.57cvss 8.6epss 0.01
The Host PHP Info plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check when including the 'phpinfo' function in all versions up to, and including, 1.0.4. This makes it possible for unauthenticated attackers to read configuration…
- risk 0.57cvss 8.8epss 0.00
Missing Authorization vulnerability in Ateeq Rafeeq RepairBuddy computer-repair-shop allows Privilege Escalation.This issue affects RepairBuddy: from n/a through <= 3.8119.
- risk 0.57cvss 8.8epss 0.00
Missing Authorization vulnerability in DeluxeThemes Userpro userpro.This issue affects Userpro: from n/a through <= 5.1.9.
- risk 0.57cvss 8.8epss 0.00
The PlugVersions – Easily rollback to previous versions of your plugins plugin for WordPress is vulnerable to arbitrary file uploads due to a missing capability check on the eos_plugin_reviews_restore_version() function in all versions up to, and including, 0.0.7. This makes…
- risk 0.57cvss 8.8epss 0.01
Missing Authorization vulnerability in VibeThemes WPLMS wplms_plugin allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WPLMS: from n/a through <= 1.9.9.
- risk 0.57cvss 8.8epss 0.01
The CRM WordPress Plugin – RepairBuddy plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.8120. This is due to the plugin not properly validating a user's identity prior to updating their email through the…
- risk 0.57cvss 8.8epss 0.01
Missing Authorization vulnerability in blokhauswp Minterpress minterpress allows Privilege Escalation.This issue affects Minterpress: from n/a through <= 1.0.5.
- risk 0.57cvss 8.8epss 0.01
Missing Authorization vulnerability in Quietly Quietly Insights quietly-insights allows Privilege Escalation.This issue affects Quietly Insights: from n/a through <= 1.2.2.
- risk 0.57cvss 8.8epss 0.01
Missing Authorization vulnerability in СleanTalk - Anti-Spam Protection Spam protection, AntiSpam, FireWall by CleanTalk allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Spam protection, AntiSpam, FireWall by CleanTalk: from n/a through…
- risk 0.57cvss 8.8epss 0.00
The de:branding plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the debranding_save() function in all versions up to, and including, 1.0.2. This makes it possible for authenticated…
- risk 0.57cvss 8.8epss 0.00
The AI Quiz | Quiz Maker plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the ai_quiz_update_style() function in all versions up to, and including, 1.1. This makes it possible for…
- risk 0.57cvss 8.8epss 0.00
An issue was discovered in Victure RX1800 WiFi 6 Router (software EN_V1.0.0_r12_110933, hardware 1.0) devices. The TELNET service is enabled by default and exposed over the LAN. The root account is accessible without a password, allowing attackers to achieve full control over…