CWE-862

Missing Authorization

ClassIncompleteLikelihood: High

Description

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

Hierarchy (View 1000)

Parents

CWE-285

Children

Related attack patterns (CAPEC)

CAPEC-665

CVEs mapped to this weakness (5,492)

page 137 of 275

CVE	Vendor / Product	Sev	Risk	CVSS	Published	Description
CVE-2025-30929	WordPress Fluxtore	Med	0.34	5.3	Jul 4, 2025	Missing Authorization vulnerability in amazewp fluXtore fluxtore allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects fluXtore: from n/a through <= 1.6.0.
CVE-2025-29012	kamleshyadav CF7 7 Mailchimp Add-on	Med	0.34	5.3	Jul 4, 2025	Missing Authorization vulnerability in kamleshyadav CF7 7 Mailchimp Add-on CF7-mailchimp-addon allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CF7 7 Mailchimp Add-on: from n/a through < 2.4.
CVE-2025-24757	AndonDesign UDesign Core	Med	0.34	5.3	Jul 4, 2025	Missing Authorization vulnerability in AndonDesign uDesign udesign.This issue affects uDesign: from n/a through <= 4.11.2.
CVE-2025-24748	Theme Fusion Avada	Med	0.34	5.3	Jul 4, 2025	Missing Authorization vulnerability in ThemeFusion Avada avada.This issue affects Avada: from n/a through <= 7.11.10.
CVE-2025-53304	WordPress Contact Form 7 Hide Success Message	Med	0.34	5.3	Jun 27, 2025	Missing Authorization vulnerability in Rohil Contact Form – 7 : Hide Success Message contact-form-7-hide-success-message allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Contact Form – 7 : Hide Success Message: from n/a through <= 1.1.4.
CVE-2025-53295	iCount iCount Payment Gateway	Med	0.34	5.3	Jun 27, 2025	Missing Authorization vulnerability in iCount iCount Payment Gateway icount allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects iCount Payment Gateway: from n/a through <= 2.0.7.
CVE-2025-53255	HurryTimer HurryTimer	Med	0.34	5.3	Jun 27, 2025	Missing Authorization vulnerability in Nabil Lemsieh HurryTimer hurrytimer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects HurryTimer: from n/a through <= 2.13.1.
CVE-2025-49997	WordPress Giveaways And Contests By Rafflepress	Med	0.34	5.3	Jun 20, 2025	Missing Authorization vulnerability in Syed Balkhi Giveaways and Contests by RafflePress rafflepress allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Giveaways and Contests by RafflePress: from n/a through <= 1.12.18.
CVE-2025-49996	WordPress Visitors Traffic Real Time Statistics	Med	0.34	5.3	Jun 20, 2025	Missing Authorization vulnerability in osama.esh WP Visitor Statistics (Real Time Traffic) wp-stats-manager allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WP Visitor Statistics (Real Time Traffic): from n/a through <= 8.4.
CVE-2025-49993	csarturas cookie-script-com	Med	0.34	5.3	Jun 20, 2025	Missing Authorization vulnerability in csarturas Cookie-Script.com cookie-script-com allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Cookie-Script.com: from n/a through <= 1.2.1.
CVE-2025-49991	WordPress Wp Recall	Med	0.34	5.3	Jun 20, 2025	Missing Authorization vulnerability in tggfref WP-Recall allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects WP-Recall: from n/a through 16.26.14.
CVE-2025-49990	Contentstudio Contentstudio	Med	0.34	5.3	Jun 20, 2025	Missing Authorization vulnerability in contentstudio Contentstudio contentstudio allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Contentstudio: from n/a through <= 1.3.7.
CVE-2025-49989	Appcheap App Builder	Med	0.34	5.3	Jun 20, 2025	Missing Authorization vulnerability in App Cheap App Builder app-builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects App Builder: from n/a through <= 5.5.6.
CVE-2025-49988	Renzojohnson Contact Form 7 Extension For Mailchimp	Med	0.34	5.3	Jun 20, 2025	Missing Authorization vulnerability in Renzo Johnson Contact Form 7 AWeber Extension integrate-contact-form-7-and-aweber allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Contact Form 7 AWeber Extension: from n/a through <= 0.1.40.
CVE-2025-49987	WordPress CRM ERP Business Solution	Med	0.34	5.3	Jun 20, 2025	Missing Authorization vulnerability in WPFactory CRM ERP Business Solution crm-erp-business-solution allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CRM ERP Business Solution: from n/a through <= 1.13.
CVE-2025-49986	WordPress Video List Manager	Med	0.34	5.3	Jun 20, 2025	Missing Authorization vulnerability in thanhtungtnt Video List Manager video-list-manager allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Video List Manager: from n/a through <= 1.7.
CVE-2025-49872	Wpexperts Mycred	Med	0.34	5.3	Jun 17, 2025	Missing Authorization vulnerability in Saad Iqbal myCred mycred allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects myCred: from n/a through <= 2.9.4.2.
CVE-2025-49864	WordPress Addfreestats	Med	0.34	5.3	Jun 17, 2025	Missing Authorization vulnerability in AFS Analytics AFS Analytics addfreestats allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects AFS Analytics: from n/a through <= 4.21.
CVE-2025-5815	Traffic Monitor Traffic Monitor	Med	0.34	5.3	Jun 13, 2025	The Traffic Monitor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the tfcm_maybe_set_bot_flags() function in all versions up to, and including, 3.2.2. This makes it possible for unauthenticated attackers to disabled…
CVE-2025-49509	Roland Beaussant Audio Editor & Recorder	Med	0.34	5.3	Jun 10, 2025	Missing Authorization vulnerability in Roland Beaussant Audio Editor & Recorder audio-editor-recorder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Audio Editor & Recorder: from n/a through <= 2.2.1.

CVE-2025-30929MedJul 4, 2025
WordPress
Fluxtore
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in amazewp fluXtore fluxtore allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects fluXtore: from n/a through <= 1.6.0.
CVE-2025-29012MedJul 4, 2025
kamleshyadav
CF7 7 Mailchimp Add-on
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in kamleshyadav CF7 7 Mailchimp Add-on CF7-mailchimp-addon allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CF7 7 Mailchimp Add-on: from n/a through < 2.4.
CVE-2025-24757MedJul 4, 2025
AndonDesign
UDesign Core
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in AndonDesign uDesign udesign.This issue affects uDesign: from n/a through <= 4.11.2.
CVE-2025-24748MedJul 4, 2025
Theme Fusion
Avada
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in ThemeFusion Avada avada.This issue affects Avada: from n/a through <= 7.11.10.
CVE-2025-53304MedJun 27, 2025
WordPress
Contact Form 7 Hide Success Message
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in Rohil Contact Form – 7 : Hide Success Message contact-form-7-hide-success-message allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Contact Form – 7 : Hide Success Message: from n/a through <= 1.1.4.
CVE-2025-53295MedJun 27, 2025
iCount
iCount Payment Gateway
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in iCount iCount Payment Gateway icount allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects iCount Payment Gateway: from n/a through <= 2.0.7.
CVE-2025-53255MedJun 27, 2025
HurryTimer
HurryTimer
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in Nabil Lemsieh HurryTimer hurrytimer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects HurryTimer: from n/a through <= 2.13.1.
CVE-2025-49997MedJun 20, 2025
WordPress
Giveaways And Contests By Rafflepress
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in Syed Balkhi Giveaways and Contests by RafflePress rafflepress allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Giveaways and Contests by RafflePress: from n/a through <= 1.12.18.
CVE-2025-49996MedJun 20, 2025
WordPress
Visitors Traffic Real Time Statistics
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in osama.esh WP Visitor Statistics (Real Time Traffic) wp-stats-manager allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WP Visitor Statistics (Real Time Traffic): from n/a through <= 8.4.
CVE-2025-49993MedJun 20, 2025
csarturas
cookie-script-com
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in csarturas Cookie-Script.com cookie-script-com allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Cookie-Script.com: from n/a through <= 1.2.1.
CVE-2025-49991MedJun 20, 2025
WordPress
Wp Recall
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in tggfref WP-Recall allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects WP-Recall: from n/a through 16.26.14.
CVE-2025-49990MedJun 20, 2025
Contentstudio
Contentstudio
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in contentstudio Contentstudio contentstudio allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Contentstudio: from n/a through <= 1.3.7.
CVE-2025-49989MedJun 20, 2025
Appcheap
App Builder
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in App Cheap App Builder app-builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects App Builder: from n/a through <= 5.5.6.
CVE-2025-49988MedJun 20, 2025
Renzojohnson
Contact Form 7 Extension For Mailchimp
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in Renzo Johnson Contact Form 7 AWeber Extension integrate-contact-form-7-and-aweber allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Contact Form 7 AWeber Extension: from n/a through <= 0.1.40.
CVE-2025-49987MedJun 20, 2025
WordPress
CRM ERP Business Solution
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in WPFactory CRM ERP Business Solution crm-erp-business-solution allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CRM ERP Business Solution: from n/a through <= 1.13.
CVE-2025-49986MedJun 20, 2025
WordPress
Video List Manager
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in thanhtungtnt Video List Manager video-list-manager allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Video List Manager: from n/a through <= 1.7.
CVE-2025-49872MedJun 17, 2025
Wpexperts
Mycred
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in Saad Iqbal myCred mycred allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects myCred: from n/a through <= 2.9.4.2.
CVE-2025-49864MedJun 17, 2025
WordPress
Addfreestats
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in AFS Analytics AFS Analytics addfreestats allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects AFS Analytics: from n/a through <= 4.21.
CVE-2025-5815MedJun 13, 2025
Traffic Monitor
Traffic Monitor
risk 0.34cvss 5.3epss 0.00
The Traffic Monitor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the tfcm_maybe_set_bot_flags() function in all versions up to, and including, 3.2.2. This makes it possible for unauthenticated attackers to disabled…
CVE-2025-49509MedJun 10, 2025
Roland Beaussant
Audio Editor & Recorder
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in Roland Beaussant Audio Editor & Recorder audio-editor-recorder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Audio Editor & Recorder: from n/a through <= 2.2.1.