CWE-862

Missing Authorization

ClassIncompleteLikelihood: High

Description

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

Hierarchy (View 1000)

Parents

CWE-285

Children

Related attack patterns (CAPEC)

CAPEC-665

CVEs mapped to this weakness (5,492)

page 139 of 275

CVE	Vendor / Product	Sev	Risk	CVSS	Published	Description
CVE-2025-39388	WordPress Analyticswp	Med	0.34	5.3	May 19, 2025	Missing Authorization vulnerability in Solid Plugins AnalyticsWP allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects AnalyticsWP: from n/a through 2.0.0.
CVE-2025-39373	WordPress Jnews	Med	0.34	5.3	May 19, 2025	Missing Authorization vulnerability in jegtheme JNews jnews allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JNews: from n/a through <= 11.6.16.
CVE-2025-39368	WordPress Rootspersona	Med	0.34	5.3	May 19, 2025	Missing Authorization vulnerability in ed4becky Rootspersona rootspersona allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Rootspersona: from n/a through <= 3.7.5.
CVE-2025-39353	Themegoods Grand Restaurant	Med	0.34	5.3	May 19, 2025	Missing Authorization vulnerability in ThemeGoods Grand Restaurant grandrestaurant allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Grand Restaurant: from n/a through <= 7.0.
CVE-2025-26867	WordPress Bulk	Med	0.34	5.3	May 19, 2025	Missing Authorization vulnerability in Themes4WP Bulk allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Bulk: from n/a through 1.0.11.
CVE-2025-48346	WordPress Embed And Integrate Etsy Shop	Med	0.34	5.3	May 19, 2025	Missing Authorization vulnerability in Embed360 Embed and Integrate Etsy Shop embed-and-integrate-etsy-shop allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Embed and Integrate Etsy Shop: from n/a through <= 1.0.8.
CVE-2025-48282	WordPress Majestic Support	Med	0.34	5.3	May 19, 2025	Missing Authorization vulnerability in Majestic Support Majestic Support majestic-support allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Majestic Support: from n/a through <= 1.1.0.
CVE-2025-48272	Wpjobportal Wp Job Portal	Med	0.34	5.3	May 19, 2025	Missing Authorization vulnerability in wpjobportal WP Job Portal wp-job-portal allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Job Portal: from n/a through <= 2.3.2.
CVE-2025-48117	WordPress Woocommerce Pos	Med	0.34	5.3	May 16, 2025	Missing Authorization vulnerability in kilbot WooCommerce POS woocommerce-pos allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WooCommerce POS: from n/a through <= 1.7.8.
CVE-2025-48116	Myeventon Eventon Lite	Med	0.34	5.3	May 16, 2025	Missing Authorization vulnerability in Ashan Perera EventON eventon-lite allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects EventON: from n/a through <= 2.4.4.
CVE-2025-47564	ashanjay EventON	Med	0.34	5.3	May 16, 2025	Missing Authorization vulnerability in ashanjay EventON eventon allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects EventON: from n/a through <= 4.9.8.
CVE-2025-47563	Villatheme Curcy	Med	0.34	5.3	May 16, 2025	Missing Authorization vulnerability in villatheme CURCY woocommerce-multi-currency allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects CURCY: from n/a through <= 2.3.7.
CVE-2025-32296	WordPress Simple Link Directory	Med	0.34	5.3	May 16, 2025	Missing Authorization vulnerability in quantumcloud Simple Link Directory qc-simple-link-directory allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simple Link Directory: from n/a through < 14.8.1.
CVE-2025-31630	moton The Business	Med	0.34	5.3	May 16, 2025	Missing Authorization vulnerability in themeton The Business allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects The Business: from n/a through 1.6.1.
CVE-2025-31071	Themeton HotStar	Med	0.34	5.3	May 16, 2025	Missing Authorization vulnerability in themeton HotStar – Multi-Purpose Business Theme allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects HotStar – Multi-Purpose Business Theme: from n/a through 1.4.
CVE-2025-31066	WordPress Acerola	Med	0.34	5.3	May 16, 2025	Missing Authorization vulnerability in themeton Acerola acerola allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Acerola: from n/a through <= 1.6.5.
CVE-2025-31065	WordPress Rozario	Med	0.34	5.3	May 16, 2025	Missing Authorization vulnerability in themeton Rozario allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Rozario: from n/a through 1.4.
CVE-2024-56006	Automattic Jetpack Debug Tools	Med	0.34	5.3	May 15, 2025	Missing Authorization vulnerability in Automattic Jetpack Debug Tools.This issue affects Jetpack Debug Tools: from n/a before 2.0.1.
CVE-2025-43004	—	Med	0.34	5.3	May 13, 2025	Due to a security misconfiguration vulnerability, customers can develop Production Operator Dashboards (PODs) that enable outside users to access customer data when they access these dashboards. Since no mechanisms exist to enforce authentication, malicious unauthenticated users…
CVE-2025-47688	Advancedfilemanager Advanced File Manager	Med	0.34	5.3	May 7, 2025	Missing Authorization vulnerability in Saad Iqbal Advanced File Manager file-manager-advanced allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Advanced File Manager: from n/a through <= 5.3.1.

CVE-2025-39388MedMay 19, 2025
WordPress
Analyticswp
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in Solid Plugins AnalyticsWP allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects AnalyticsWP: from n/a through 2.0.0.
CVE-2025-39373MedMay 19, 2025
WordPress
Jnews
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in jegtheme JNews jnews allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JNews: from n/a through <= 11.6.16.
CVE-2025-39368MedMay 19, 2025
WordPress
Rootspersona
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in ed4becky Rootspersona rootspersona allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Rootspersona: from n/a through <= 3.7.5.
CVE-2025-39353MedMay 19, 2025
Themegoods
Grand Restaurant
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in ThemeGoods Grand Restaurant grandrestaurant allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Grand Restaurant: from n/a through <= 7.0.
CVE-2025-26867MedMay 19, 2025
WordPress
Bulk
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in Themes4WP Bulk allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Bulk: from n/a through 1.0.11.
CVE-2025-48346MedMay 19, 2025
WordPress
Embed And Integrate Etsy Shop
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in Embed360 Embed and Integrate Etsy Shop embed-and-integrate-etsy-shop allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Embed and Integrate Etsy Shop: from n/a through <= 1.0.8.
CVE-2025-48282MedMay 19, 2025
WordPress
Majestic Support
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in Majestic Support Majestic Support majestic-support allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Majestic Support: from n/a through <= 1.1.0.
CVE-2025-48272MedMay 19, 2025
Wpjobportal
Wp Job Portal
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in wpjobportal WP Job Portal wp-job-portal allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Job Portal: from n/a through <= 2.3.2.
CVE-2025-48117MedMay 16, 2025
WordPress
Woocommerce Pos
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in kilbot WooCommerce POS woocommerce-pos allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WooCommerce POS: from n/a through <= 1.7.8.
CVE-2025-48116MedMay 16, 2025
Myeventon
Eventon Lite
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in Ashan Perera EventON eventon-lite allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects EventON: from n/a through <= 2.4.4.
CVE-2025-47564MedMay 16, 2025
ashanjay
EventON
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in ashanjay EventON eventon allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects EventON: from n/a through <= 4.9.8.
CVE-2025-47563MedMay 16, 2025
Villatheme
Curcy
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in villatheme CURCY woocommerce-multi-currency allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects CURCY: from n/a through <= 2.3.7.
CVE-2025-32296MedMay 16, 2025
WordPress
Simple Link Directory
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in quantumcloud Simple Link Directory qc-simple-link-directory allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simple Link Directory: from n/a through < 14.8.1.
CVE-2025-31630MedMay 16, 2025
moton
The Business
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in themeton The Business allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects The Business: from n/a through 1.6.1.
CVE-2025-31071MedMay 16, 2025
Themeton
HotStar
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in themeton HotStar – Multi-Purpose Business Theme allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects HotStar – Multi-Purpose Business Theme: from n/a through 1.4.
CVE-2025-31066MedMay 16, 2025
WordPress
Acerola
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in themeton Acerola acerola allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Acerola: from n/a through <= 1.6.5.
CVE-2025-31065MedMay 16, 2025
WordPress
Rozario
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in themeton Rozario allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Rozario: from n/a through 1.4.
CVE-2024-56006MedMay 15, 2025
Automattic
Jetpack Debug Tools
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in Automattic Jetpack Debug Tools.This issue affects Jetpack Debug Tools: from n/a before 2.0.1.
CVE-2025-43004MedMay 13, 2025
risk 0.34cvss 5.3epss 0.00
Due to a security misconfiguration vulnerability, customers can develop Production Operator Dashboards (PODs) that enable outside users to access customer data when they access these dashboards. Since no mechanisms exist to enforce authentication, malicious unauthenticated users…
CVE-2025-47688MedMay 7, 2025
Advancedfilemanager
Advanced File Manager
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in Saad Iqbal Advanced File Manager file-manager-advanced allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Advanced File Manager: from n/a through <= 5.3.1.