CWE-862

Missing Authorization

ClassIncompleteLikelihood: High

Description

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

Hierarchy (View 1000)

Parents

CWE-285

Children

Related attack patterns (CAPEC)

CAPEC-665

CVEs mapped to this weakness (5,496)

page 130 of 275

CVE	Vendor / Product	Sev	Risk	CVSS	Published	Description
CVE-2025-67563	Wpexperts Post SMTP	Med	0.34	5.3	Dec 9, 2025	Missing Authorization vulnerability in Saad Iqbal Post SMTP post-smtp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Post SMTP: from n/a through <= 3.6.1.
CVE-2025-63069	Vinod Dalvi Ivory Search	Med	0.34	5.3	Dec 9, 2025	Missing Authorization vulnerability in Vinod Dalvi Ivory Search add-search-to-menu allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ivory Search: from n/a through <= 5.5.12.
CVE-2025-63063	Yandex.metrics Project Yandex Metrics	Med	0.34	5.3	Dec 9, 2025	Missing Authorization vulnerability in Yandex Metrika Yandex.Metrica wp-yandex-metrika allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Yandex.Metrica: from n/a through <= 1.2.2.
CVE-2025-63054	Expresstech Quiz And Survey Master	Med	0.34	5.3	Dec 9, 2025	Missing Authorization vulnerability in ExpressTech Systems Quiz And Survey Master quiz-master-next allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Quiz And Survey Master: from n/a through <= 10.3.2.
CVE-2025-63049	Cridio Listingpro	Med	0.34	5.3	Dec 9, 2025	Missing Authorization vulnerability in CridioStudio ListingPro Lead Form listingpro-lead-form allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects ListingPro Lead Form: from n/a through <= 1.0.7.
CVE-2025-63047	Cridio Listingpro	Med	0.34	5.3	Dec 9, 2025	Missing Authorization vulnerability in CridioStudio ListingPro listingpro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ListingPro: from n/a through <= 2.9.9.
CVE-2025-63028	WordPress Traveler	Med	0.34	5.3	Dec 9, 2025	Missing Authorization vulnerability in shinetheme Traveler traveler allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Traveler: from n/a through <= 3.2.6.
CVE-2025-63023	Onepay Sri Lanka onepay-payment-gateway-for-woocommerce	Med	0.34	5.3	Dec 9, 2025	Missing Authorization vulnerability in Easy Payment Payment Gateway for PayPal on WooCommerce woo-paypal-gateway allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Payment Gateway for PayPal on WooCommerce: from n/a through <= 9.0.53.
CVE-2025-62870	WordPress Eupago Gateway For Woocommerce	Med	0.34	5.3	Dec 9, 2025	Missing Authorization vulnerability in Eupago Eupago Gateway For Woocommerce eupago-gateway-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Eupago Gateway For Woocommerce: from n/a through <= 4.7.1.
CVE-2025-62865	Evan Herman Post Cloner	Med	0.34	5.3	Dec 9, 2025	Missing Authorization vulnerability in Evan Herman Post Cloner post-cloner allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Post Cloner: from n/a through <= 1.0.0.
CVE-2025-62740	Wp CRM Wp CRM System	Med	0.34	5.3	Dec 9, 2025	Missing Authorization vulnerability in Mario Peshev WP-CRM System wp-crm-system allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP-CRM System: from n/a through <= 3.4.6.
CVE-2025-62738	mmattax Formstack Online Forms	Med	0.34	5.3	Dec 9, 2025	Missing Authorization vulnerability in mmattax Formstack Online Forms formstack allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Formstack Online Forms: from n/a through <= 2.0.2.
CVE-2025-62153	Quick Interest Slider Quick Interest Slider	Med	0.34	5.3	Dec 9, 2025	Missing Authorization vulnerability in Graham Quick Interest Slider quick-interest-slider allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Quick Interest Slider: from n/a through <= 3.1.7.
CVE-2025-62152	ConveyThis Conveythis	Med	0.34	5.3	Dec 9, 2025	Missing Authorization vulnerability in ConveyThis ConveyThis conveythis-translate allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ConveyThis: from n/a through <= 269.2.
CVE-2025-62151	Virtuaria Virtuaria PagBank / PagSeguro para Woocommerce	Med	0.34	5.3	Dec 9, 2025	Missing Authorization vulnerability in Virtuaria Virtuaria PagBank / PagSeguro para Woocommerce virtuaria-pagseguro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Virtuaria PagBank / PagSeguro para Woocommerce: from n/a through <=…
CVE-2025-62100	themerain ThemeRain Core	Med	0.34	5.3	Dec 9, 2025	Missing Authorization vulnerability in themerain ThemeRain Core themerain-core allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ThemeRain Core: from n/a through <= 1.1.9.
CVE-2025-62085	Bertha Bertha AI	Med	0.34	5.3	Dec 9, 2025	Missing Authorization vulnerability in Bertha AI – Andrew Palmer BERTHA AI bertha-ai-free allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects BERTHA AI: from n/a through <= 1.13.
CVE-2025-49348	WordPress Pico	Med	0.34	5.3	Dec 9, 2025	Missing Authorization vulnerability in Hype Hype pico allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Hype: from n/a through <= 1.0.5.
CVE-2025-13666	Helloprint Helloprint	Med	0.34	5.3	Dec 6, 2025	The Helloprint plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 2.1.2. This is due to the plugin registering a public REST API endpoint without implementing authorization checks to verify request authenticity. This makes it possible…
CVE-2025-12355	WordPress Payaza	Med	0.34	5.3	Dec 5, 2025	The Payaza plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wp_ajax_nopriv_update_order_status' AJAX endpoint in all versions up to, and including, 0.3.8. This makes it possible for unauthenticated attackers to…

CVE-2025-67563MedDec 9, 2025
Wpexperts
Post SMTP
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in Saad Iqbal Post SMTP post-smtp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Post SMTP: from n/a through <= 3.6.1.
CVE-2025-63069MedDec 9, 2025
Vinod Dalvi
Ivory Search
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in Vinod Dalvi Ivory Search add-search-to-menu allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ivory Search: from n/a through <= 5.5.12.
CVE-2025-63063MedDec 9, 2025
Yandex.metrics Project
Yandex Metrics
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in Yandex Metrika Yandex.Metrica wp-yandex-metrika allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Yandex.Metrica: from n/a through <= 1.2.2.
CVE-2025-63054MedDec 9, 2025
Expresstech
Quiz And Survey Master
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in ExpressTech Systems Quiz And Survey Master quiz-master-next allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Quiz And Survey Master: from n/a through <= 10.3.2.
CVE-2025-63049MedDec 9, 2025
Cridio
Listingpro
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in CridioStudio ListingPro Lead Form listingpro-lead-form allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects ListingPro Lead Form: from n/a through <= 1.0.7.
CVE-2025-63047MedDec 9, 2025
Cridio
Listingpro
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in CridioStudio ListingPro listingpro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ListingPro: from n/a through <= 2.9.9.
CVE-2025-63028MedDec 9, 2025
WordPress
Traveler
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in shinetheme Traveler traveler allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Traveler: from n/a through <= 3.2.6.
CVE-2025-63023MedDec 9, 2025
Onepay Sri Lanka
onepay-payment-gateway-for-woocommerce
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in Easy Payment Payment Gateway for PayPal on WooCommerce woo-paypal-gateway allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Payment Gateway for PayPal on WooCommerce: from n/a through <= 9.0.53.
CVE-2025-62870MedDec 9, 2025
WordPress
Eupago Gateway For Woocommerce
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in Eupago Eupago Gateway For Woocommerce eupago-gateway-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Eupago Gateway For Woocommerce: from n/a through <= 4.7.1.
CVE-2025-62865MedDec 9, 2025
Evan Herman
Post Cloner
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in Evan Herman Post Cloner post-cloner allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Post Cloner: from n/a through <= 1.0.0.
CVE-2025-62740MedDec 9, 2025
Wp CRM
Wp CRM System
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in Mario Peshev WP-CRM System wp-crm-system allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP-CRM System: from n/a through <= 3.4.6.
CVE-2025-62738MedDec 9, 2025
mmattax
Formstack Online Forms
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in mmattax Formstack Online Forms formstack allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Formstack Online Forms: from n/a through <= 2.0.2.
CVE-2025-62153MedDec 9, 2025
Quick Interest Slider
Quick Interest Slider
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in Graham Quick Interest Slider quick-interest-slider allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Quick Interest Slider: from n/a through <= 3.1.7.
CVE-2025-62152MedDec 9, 2025
ConveyThis
Conveythis
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in ConveyThis ConveyThis conveythis-translate allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ConveyThis: from n/a through <= 269.2.
CVE-2025-62151MedDec 9, 2025
Virtuaria
Virtuaria PagBank / PagSeguro para Woocommerce
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in Virtuaria Virtuaria PagBank / PagSeguro para Woocommerce virtuaria-pagseguro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Virtuaria PagBank / PagSeguro para Woocommerce: from n/a through <=…
CVE-2025-62100MedDec 9, 2025
themerain
ThemeRain Core
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in themerain ThemeRain Core themerain-core allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ThemeRain Core: from n/a through <= 1.1.9.
CVE-2025-62085MedDec 9, 2025
Bertha
Bertha AI
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in Bertha AI – Andrew Palmer BERTHA AI bertha-ai-free allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects BERTHA AI: from n/a through <= 1.13.
CVE-2025-49348MedDec 9, 2025
WordPress
Pico
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in Hype Hype pico allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Hype: from n/a through <= 1.0.5.
CVE-2025-13666MedDec 6, 2025
Helloprint
Helloprint
risk 0.34cvss 5.3epss 0.00
The Helloprint plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 2.1.2. This is due to the plugin registering a public REST API endpoint without implementing authorization checks to verify request authenticity. This makes it possible…
CVE-2025-12355MedDec 5, 2025
WordPress
Payaza
risk 0.34cvss 5.3epss 0.00
The Payaza plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wp_ajax_nopriv_update_order_status' AJAX endpoint in all versions up to, and including, 0.3.8. This makes it possible for unauthenticated attackers to…