CWE-862

Missing Authorization

ClassIncompleteLikelihood: High

Description

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

Hierarchy (View 1000)

Parents

CWE-285

Children

Related attack patterns (CAPEC)

CAPEC-665

CVEs mapped to this weakness (5,492)

page 138 of 275

CVE	Vendor / Product	Sev	Risk	CVSS	Published	Description
CVE-2025-5814	WordPress Profiler What Slowing Down	Med	0.34	5.3	Jun 7, 2025	The Profiler – What Slowing Down Your WP plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wpsd_plugin_control() function in all versions up to, and including, 1.0.0. This makes it possible for unauthenticated…
CVE-2025-49441	WordPress Interactive Map Of Florida	Med	0.34	5.3	Jun 6, 2025	Missing Authorization vulnerability in WP Map Plugins Interactive Regional Map of Florida interactive-map-of-florida allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Interactive Regional Map of Florida: from n/a through <= 1.0.
CVE-2025-49324	WordPress Job Board Manager	Med	0.34	5.3	Jun 6, 2025	Missing Authorization vulnerability in PickPlugins Job Board Manager job-board-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Job Board Manager: from n/a through <= 2.1.60.
CVE-2025-49320	FraudLabs Pro FraudLabs Pro for WooCommerce	Med	0.34	5.3	Jun 6, 2025	Missing Authorization vulnerability in fraudlabspro FraudLabs Pro for WooCommerce fraudlabs-pro-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects FraudLabs Pro for WooCommerce: from n/a through <= 2.22.11.
CVE-2025-49270	Wp CRM Wp CRM System	Med	0.34	5.3	Jun 6, 2025	Missing Authorization vulnerability in Mario Peshev WP-CRM System wp-crm-system allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WP-CRM System: from n/a through <= 3.4.2.
CVE-2025-49268	Soft8soft Verge3d	Med	0.34	5.3	Jun 6, 2025	Missing Authorization vulnerability in Soft8Soft LLC Verge3D verge3d allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Verge3D: from n/a through <= 4.9.4.
CVE-2025-49241	Bobbingwide Oik	Med	0.34	5.3	Jun 6, 2025	Missing Authorization vulnerability in bobbingwide oik oik allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects oik: from n/a through <= 4.15.1.
CVE-2025-49236	WordPress Raychat	Med	0.34	5.3	Jun 6, 2025	Missing Authorization vulnerability in raychat Raychat raychat allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Raychat: from n/a through <= 2.1.0.
CVE-2025-31000	Miguel Fuentes Payment QR WooCommerce	Med	0.34	5.3	Jun 6, 2025	Missing Authorization vulnerability in Miguel Fuentes Payment QR WooCommerce payment-qr-woo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Payment QR WooCommerce: from n/a through <= 1.1.6.
CVE-2025-30945	Taskbuilder Taskbuilder	Med	0.34	5.3	Jun 6, 2025	Missing Authorization vulnerability in taskbuilder Taskbuilder taskbuilder allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Taskbuilder: from n/a through <= 4.0.7.
CVE-2025-30934	WordPress OS Diagnosis Generator	Med	0.34	5.3	Jun 6, 2025	Missing Authorization vulnerability in OLIVESYSTEM 診断ジェネレータ作成プラグイン os-diagnosis-generator allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects 診断ジェネレータ作成プラグイン: from n/a through <= 1.4.16.
CVE-2025-29006	Centangle-Team Centangle-Team	Med	0.34	5.3	Jun 6, 2025	Missing Authorization vulnerability in centangle Direct Checkout for WooCommerce Lite woo-direct-checkout-lite allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Direct Checkout for WooCommerce Lite: from n/a through <= 1.0.3.
CVE-2025-28997	WordPress Wp Autokeyword	Med	0.34	5.3	Jun 6, 2025	Missing Authorization vulnerability in EXEIdeas International WP AutoKeyword wp-autokeyword allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP AutoKeyword: from n/a through <= 1.0.
CVE-2025-28995	WordPress Viral Loops Wp Integration	Med	0.34	5.3	Jun 6, 2025	Missing Authorization vulnerability in viralloops Viral Loops WP Integration viral-loops-wp-integration allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Viral Loops WP Integration: from n/a through <= 3.8.1.
CVE-2025-24763	Pascal Casier bbPress API	Med	0.34	5.3	Jun 6, 2025	Missing Authorization vulnerability in Pascal Casier bbPress API bbp-api allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects bbPress API: from n/a through <= 1.0.14.
CVE-2025-23971	WordPress Ki Live Video Conferences	Med	0.34	5.3	Jun 6, 2025	Missing Authorization vulnerability in whassan KI Live Video Conferences ki-live-video-conferences allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects KI Live Video Conferences: from n/a through <= 5.5.15.
CVE-2025-48337	WordPress Quickcab	Med	0.34	5.3	Jun 6, 2025	Missing Authorization vulnerability in QuickcabWP QuickCab.This issue affects QuickCab: from n/a through 1.3.3.
CVE-2025-40673	DinoRANK DinoRANK	Med	0.34	—	May 28, 2025	A Missing Authorization vulnerability has been found in DinoRANK. This vulnerability allows an attacker to access invoices of any user via accessing endpoint '/facturas/YYYY-MM/SDRYYMM-XXXXX.pdf' because there is no access control. The pdf filename can be obtained via OSINT, …
CVE-2025-2506	EDB pglogical	Med	0.34	5.3	May 22, 2025	When pglogical attempts to replicate data, it does not verify it is using a replication connection, which means a user with CONNECT access to a database configured for replication can execute the pglogical command to obtain read access to replicated tables. When pglogical runs…
CVE-2025-39460	Thimpress Eduma	Med	0.34	5.3	May 19, 2025	Missing Authorization vulnerability in ThimPress Eduma eduma allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Eduma: from n/a through <= 5.6.4.

CVE-2025-5814MedJun 7, 2025
WordPress
Profiler What Slowing Down
risk 0.34cvss 5.3epss 0.00
The Profiler – What Slowing Down Your WP plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wpsd_plugin_control() function in all versions up to, and including, 1.0.0. This makes it possible for unauthenticated…
CVE-2025-49441MedJun 6, 2025
WordPress
Interactive Map Of Florida
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in WP Map Plugins Interactive Regional Map of Florida interactive-map-of-florida allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Interactive Regional Map of Florida: from n/a through <= 1.0.
CVE-2025-49324MedJun 6, 2025
WordPress
Job Board Manager
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in PickPlugins Job Board Manager job-board-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Job Board Manager: from n/a through <= 2.1.60.
CVE-2025-49320MedJun 6, 2025
FraudLabs Pro
FraudLabs Pro for WooCommerce
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in fraudlabspro FraudLabs Pro for WooCommerce fraudlabs-pro-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects FraudLabs Pro for WooCommerce: from n/a through <= 2.22.11.
CVE-2025-49270MedJun 6, 2025
Wp CRM
Wp CRM System
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in Mario Peshev WP-CRM System wp-crm-system allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WP-CRM System: from n/a through <= 3.4.2.
CVE-2025-49268MedJun 6, 2025
Soft8soft
Verge3d
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in Soft8Soft LLC Verge3D verge3d allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Verge3D: from n/a through <= 4.9.4.
CVE-2025-49241MedJun 6, 2025
Bobbingwide
Oik
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in bobbingwide oik oik allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects oik: from n/a through <= 4.15.1.
CVE-2025-49236MedJun 6, 2025
WordPress
Raychat
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in raychat Raychat raychat allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Raychat: from n/a through <= 2.1.0.
CVE-2025-31000MedJun 6, 2025
Miguel Fuentes
Payment QR WooCommerce
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in Miguel Fuentes Payment QR WooCommerce payment-qr-woo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Payment QR WooCommerce: from n/a through <= 1.1.6.
CVE-2025-30945MedJun 6, 2025
Taskbuilder
Taskbuilder
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in taskbuilder Taskbuilder taskbuilder allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Taskbuilder: from n/a through <= 4.0.7.
CVE-2025-30934MedJun 6, 2025
WordPress
OS Diagnosis Generator
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in OLIVESYSTEM 診断ジェネレータ作成プラグイン os-diagnosis-generator allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects 診断ジェネレータ作成プラグイン: from n/a through <= 1.4.16.
CVE-2025-29006MedJun 6, 2025
Centangle-Team
Centangle-Team
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in centangle Direct Checkout for WooCommerce Lite woo-direct-checkout-lite allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Direct Checkout for WooCommerce Lite: from n/a through <= 1.0.3.
CVE-2025-28997MedJun 6, 2025
WordPress
Wp Autokeyword
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in EXEIdeas International WP AutoKeyword wp-autokeyword allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP AutoKeyword: from n/a through <= 1.0.
CVE-2025-28995MedJun 6, 2025
WordPress
Viral Loops Wp Integration
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in viralloops Viral Loops WP Integration viral-loops-wp-integration allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Viral Loops WP Integration: from n/a through <= 3.8.1.
CVE-2025-24763MedJun 6, 2025
Pascal Casier
bbPress API
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in Pascal Casier bbPress API bbp-api allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects bbPress API: from n/a through <= 1.0.14.
CVE-2025-23971MedJun 6, 2025
WordPress
Ki Live Video Conferences
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in whassan KI Live Video Conferences ki-live-video-conferences allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects KI Live Video Conferences: from n/a through <= 5.5.15.
CVE-2025-48337MedJun 6, 2025
WordPress
Quickcab
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in QuickcabWP QuickCab.This issue affects QuickCab: from n/a through 1.3.3.
CVE-2025-40673MedMay 28, 2025
DinoRANK
DinoRANK
risk 0.34cvss —epss 0.00
A Missing Authorization vulnerability has been found in DinoRANK. This vulnerability allows an attacker to access invoices of any user via accessing endpoint '/facturas/YYYY-MM/SDRYYMM-XXXXX.pdf' because there is no access control. The pdf filename can be obtained via OSINT, …
CVE-2025-2506MedMay 22, 2025
EDB
pglogical
risk 0.34cvss 5.3epss 0.00
When pglogical attempts to replicate data, it does not verify it is using a replication connection, which means a user with CONNECT access to a database configured for replication can execute the pglogical command to obtain read access to replicated tables. When pglogical runs…
CVE-2025-39460MedMay 19, 2025
Thimpress
Eduma
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in ThimPress Eduma eduma allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Eduma: from n/a through <= 5.6.4.