CWE-862

Missing Authorization

ClassIncompleteLikelihood: High

Description

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

Hierarchy (View 1000)

Parents

CWE-285

Children

Related attack patterns (CAPEC)

CAPEC-665

CVEs mapped to this weakness (5,492)

page 141 of 275

CVE	Vendor / Product	Sev	Risk	CVSS	EPSS	Published	Description
CVE-2025-32258	WordPress Simple Website Logo	Med	0.34	5.3	0.00	Apr 4, 2025	Missing Authorization vulnerability in InfoGiants Simple Website Logo simple-website-logo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simple Website Logo: from n/a through <= 1.1.
CVE-2025-32254	Iqonicdesign Wpbookit	Med	0.34	5.3	0.00	Apr 4, 2025	Missing Authorization vulnerability in Iqonic Design WPBookit wpbookit allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WPBookit: from n/a through <= 1.0.7.
CVE-2025-32253	WordPress Course Booking System	Med	0.34	5.3	0.01	Apr 4, 2025	Missing Authorization vulnerability in ComMotion Course Booking System course-booking-system allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Course Booking System: from n/a through <= 6.1.
CVE-2025-32252	Kreaweb Genealogy	Med	0.34	5.3	0.00	Apr 4, 2025	Missing Authorization vulnerability in Black and White WP Genealogy – Your Family History Website wpgenealogy allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Genealogy – Your Family History Website: from n/a through <= 0.1.9.
CVE-2025-32225	Wp Eventmanager Wp Event Manager	Med	0.34	5.3	0.00	Apr 4, 2025	Missing Authorization vulnerability in WP Event Manager WP Event Manager wp-event-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Event Manager: from n/a through <= 3.2.0.
CVE-2025-31628	WordPress Sliced Invoices	Med	0.34	5.3	0.00	Apr 1, 2025	Missing Authorization vulnerability in SlicedInvoices Sliced Invoices sliced-invoices allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sliced Invoices: from n/a through <= 3.10.0.
CVE-2025-31872	WordPress Wp Clone Any Post Type	Med	0.34	5.3	0.00	Apr 1, 2025	Missing Authorization vulnerability in Galaxy Weblinks WP Clone any post type wp-clone-any-post-type allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Clone any post type: from n/a through <= 3.6.
CVE-2025-31868	Joomsky Js Job Manager	Med	0.34	5.3	0.00	Apr 1, 2025	Missing Authorization vulnerability in JoomSky JS Job Manager js-jobs allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JS Job Manager: from n/a through <= 2.0.2.
CVE-2025-31863	WordPress Agency Toolkit	Med	0.34	5.3	0.00	Apr 1, 2025	Missing Authorization vulnerability in inspry Agency Toolkit agency-toolkit allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Agency Toolkit: from n/a through <= 1.0.24.
CVE-2025-31862	WordPress Job Board Manager	Med	0.34	5.3	0.00	Apr 1, 2025	Missing Authorization vulnerability in PickPlugins Job Board Manager job-board-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Job Board Manager: from n/a through <= 2.1.61.
CVE-2025-31848	Wpfactory Adverts	Med	0.34	5.3	0.00	Apr 1, 2025	Missing Authorization vulnerability in WPFactory Adverts adverts-click-tracker allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Adverts: from n/a through <= 1.4.
CVE-2025-31836	WordPress Review Manager	Med	0.34	5.3	0.00	Apr 1, 2025	Missing Authorization vulnerability in matthewrubin Review Manager review-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Review Manager: from n/a through <= 2.5.0.
CVE-2025-31834	themeglow JobBoard Job listing	Med	0.34	5.3	0.00	Apr 1, 2025	Missing Authorization vulnerability in themeglow JobBoard Job listing job-board-light allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JobBoard Job listing: from n/a through <= 1.2.8.
CVE-2025-31822	WordPress Wp Simple HTML Sitemap	Med	0.34	5.3	0.00	Apr 1, 2025	Missing Authorization vulnerability in Ashish Ajani WP Simple HTML Sitemap wp-simple-html-sitemap allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Simple HTML Sitemap: from n/a through <= 3.5.
CVE-2025-31810	WordPress Question Answer	Med	0.34	5.3	0.00	Apr 1, 2025	Missing Authorization vulnerability in PickPlugins Question Answer question-answer allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Question Answer: from n/a through <= 1.2.73.
CVE-2025-31786	WordPress Simple Icons	Med	0.34	5.3	0.00	Apr 1, 2025	Missing Authorization vulnerability in Travis Simple Icons simple-icons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simple Icons: from n/a through <= 2.8.4.
CVE-2025-31777	BeastThemes Clockinator Lite	Med	0.34	5.3	0.00	Apr 1, 2025	Missing Authorization vulnerability in BeastThemes Clockinator Lite clockify-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Clockinator Lite: from n/a through <= 1.0.9.
CVE-2025-31773	WordPress Ship Per Product	Med	0.34	5.3	0.00	Apr 1, 2025	Missing Authorization vulnerability in cedcommerce Ship Per Product ship-per-product allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Ship Per Product: from n/a through <= 2.1.0.
CVE-2025-31765	WordPress Gdpr Cookie Notice	Med	0.34	5.3	0.00	Apr 1, 2025	Missing Authorization vulnerability in themeqx GDPR Cookie Notice gdpr-cookie-notice allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GDPR Cookie Notice: from n/a through <= 1.2.0.
CVE-2025-31618	Jaap Jansma Connector to CiviCRM with CiviMcRestFace	Med	0.34	5.3	0.00	Mar 31, 2025	Missing Authorization vulnerability in Jaap Jansma Connector to CiviCRM with CiviMcRestFace connector-civicrm-mcrestface allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Connector to CiviCRM with CiviMcRestFace: from n/a through <=…

CVE-2025-32258MedApr 4, 2025
WordPress
Simple Website Logo
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in InfoGiants Simple Website Logo simple-website-logo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simple Website Logo: from n/a through <= 1.1.
CVE-2025-32254MedApr 4, 2025
Iqonicdesign
Wpbookit
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in Iqonic Design WPBookit wpbookit allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WPBookit: from n/a through <= 1.0.7.
CVE-2025-32253MedApr 4, 2025
WordPress
Course Booking System
risk 0.34cvss 5.3epss 0.01
Missing Authorization vulnerability in ComMotion Course Booking System course-booking-system allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Course Booking System: from n/a through <= 6.1.
CVE-2025-32252MedApr 4, 2025
Kreaweb
Genealogy
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in Black and White WP Genealogy – Your Family History Website wpgenealogy allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Genealogy – Your Family History Website: from n/a through <= 0.1.9.
CVE-2025-32225MedApr 4, 2025
Wp Eventmanager
Wp Event Manager
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in WP Event Manager WP Event Manager wp-event-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Event Manager: from n/a through <= 3.2.0.
CVE-2025-31628MedApr 1, 2025
WordPress
Sliced Invoices
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in SlicedInvoices Sliced Invoices sliced-invoices allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sliced Invoices: from n/a through <= 3.10.0.
CVE-2025-31872MedApr 1, 2025
WordPress
Wp Clone Any Post Type
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in Galaxy Weblinks WP Clone any post type wp-clone-any-post-type allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Clone any post type: from n/a through <= 3.6.
CVE-2025-31868MedApr 1, 2025
Joomsky
Js Job Manager
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in JoomSky JS Job Manager js-jobs allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JS Job Manager: from n/a through <= 2.0.2.
CVE-2025-31863MedApr 1, 2025
WordPress
Agency Toolkit
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in inspry Agency Toolkit agency-toolkit allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Agency Toolkit: from n/a through <= 1.0.24.
CVE-2025-31862MedApr 1, 2025
WordPress
Job Board Manager
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in PickPlugins Job Board Manager job-board-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Job Board Manager: from n/a through <= 2.1.61.
CVE-2025-31848MedApr 1, 2025
Wpfactory
Adverts
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in WPFactory Adverts adverts-click-tracker allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Adverts: from n/a through <= 1.4.
CVE-2025-31836MedApr 1, 2025
WordPress
Review Manager
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in matthewrubin Review Manager review-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Review Manager: from n/a through <= 2.5.0.
CVE-2025-31834MedApr 1, 2025
themeglow
JobBoard Job listing
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in themeglow JobBoard Job listing job-board-light allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JobBoard Job listing: from n/a through <= 1.2.8.
CVE-2025-31822MedApr 1, 2025
WordPress
Wp Simple HTML Sitemap
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in Ashish Ajani WP Simple HTML Sitemap wp-simple-html-sitemap allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Simple HTML Sitemap: from n/a through <= 3.5.
CVE-2025-31810MedApr 1, 2025
WordPress
Question Answer
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in PickPlugins Question Answer question-answer allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Question Answer: from n/a through <= 1.2.73.
CVE-2025-31786MedApr 1, 2025
WordPress
Simple Icons
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in Travis Simple Icons simple-icons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simple Icons: from n/a through <= 2.8.4.
CVE-2025-31777MedApr 1, 2025
BeastThemes
Clockinator Lite
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in BeastThemes Clockinator Lite clockify-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Clockinator Lite: from n/a through <= 1.0.9.
CVE-2025-31773MedApr 1, 2025
WordPress
Ship Per Product
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in cedcommerce Ship Per Product ship-per-product allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Ship Per Product: from n/a through <= 2.1.0.
CVE-2025-31765MedApr 1, 2025
WordPress
Gdpr Cookie Notice
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in themeqx GDPR Cookie Notice gdpr-cookie-notice allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GDPR Cookie Notice: from n/a through <= 1.2.0.
CVE-2025-31618MedMar 31, 2025
Jaap Jansma
Connector to CiviCRM with CiviMcRestFace
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in Jaap Jansma Connector to CiviCRM with CiviMcRestFace connector-civicrm-mcrestface allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Connector to CiviCRM with CiviMcRestFace: from n/a through <=…