CWE-862
Missing Authorization
Description
The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-665
CVEs mapped to this weakness (5,492)
page 142 of 275| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-31533 | Med | 0.34 | 5.3 | 0.00 | Mar 31, 2025 | Missing Authorization vulnerability in Salesmate.io Salesmate Add-On for Gravity Forms gf-salesmate-add-on allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Salesmate Add-On for Gravity Forms: from n/a through <= 2.0.3. | ||
| CVE-2025-31386 | Med | 0.34 | 5.3 | 0.00 | Mar 31, 2025 | Missing Authorization vulnerability in simplepress Simple:Press simplepress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simple:Press: from n/a through <= 6.11.5. | ||
| CVE-2025-31469 | Med | 0.34 | 5.3 | 0.00 | Mar 28, 2025 | Missing Authorization vulnerability in webrangers Clear Sucuri Cache clear-sucuri-cache allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Clear Sucuri Cache: from n/a through <= 1.4. | ||
| CVE-2025-22740 | Med | 0.34 | 5.3 | 0.00 | Mar 27, 2025 | Missing Authorization vulnerability in Automattic Sensei LMS sensei-lms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sensei LMS: from n/a through <= 4.24.4. | ||
| CVE-2025-22739 | Med | 0.34 | 5.3 | 0.00 | Mar 27, 2025 | Missing Authorization vulnerability in ThimPress LearnPress learnpress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LearnPress: from n/a through <= 4.2.7.5. | ||
| CVE-2025-22629 | Med | 0.34 | 5.3 | 0.00 | Mar 27, 2025 | Missing Authorization vulnerability in iNET iNET Webkit inet-webkit allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects iNET Webkit: from n/a through <= 1.2.2. | ||
| CVE-2025-30887 | Med | 0.34 | 5.3 | 0.00 | Mar 27, 2025 | Missing Authorization vulnerability in magepeopleteam WpEvently mage-eventpress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WpEvently: from n/a through <= 4.2.9. | ||
| CVE-2025-30866 | Med | 0.34 | 5.3 | 0.00 | Mar 27, 2025 | Missing Authorization vulnerability in Giannis Kipouros Terms & Conditions Per Product terms-and-conditions-per-product allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Terms & Conditions Per Product: from n/a through <= 1.2.15. | ||
| CVE-2025-30839 | Med | 0.34 | 5.3 | 0.00 | Mar 27, 2025 | Missing Authorization vulnerability in magepeopleteam Taxi Booking Manager for WooCommerce ecab-taxi-booking-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Taxi Booking Manager for WooCommerce: from n/a through <= 1.2.1. | ||
| CVE-2025-30830 | Med | 0.34 | 5.3 | 0.00 | Mar 27, 2025 | Missing Authorization vulnerability in Hossni Mubarak Cool Author Box hm-cool-author-box-widget allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Cool Author Box: from n/a through <= 2.9.9. | ||
| CVE-2025-30828 | Med | 0.34 | 5.3 | 0.00 | Mar 27, 2025 | Missing Authorization vulnerability in Arraytics Timetics timetics allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Timetics: from n/a through <= 1.0.29. | ||
| CVE-2025-30821 | Med | 0.34 | 5.3 | 0.01 | Mar 27, 2025 | Missing Authorization vulnerability in otacke SNORDIAN's H5PxAPIkatchu h5pxapikatchu allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects SNORDIAN's H5PxAPIkatchu: from n/a through <= 0.4.14. | ||
| CVE-2025-30790 | Med | 0.34 | 5.3 | 0.00 | Mar 27, 2025 | Missing Authorization vulnerability in alexvtn Chatbox Manager wa-chatbox-manager allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Chatbox Manager: from n/a through <= 1.2.2. | ||
| CVE-2025-30592 | Med | 0.34 | 5.3 | 0.00 | Mar 24, 2025 | Missing Authorization vulnerability in WesternDeal Advanced Dewplayer advanced-dewplayer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Advanced Dewplayer: from n/a through <= 1.6. | ||
| CVE-2025-30591 | Med | 0.34 | 5.3 | 0.00 | Mar 24, 2025 | Missing Authorization vulnerability in tuyennv Music Press Pro music-press-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Music Press Pro: from n/a through <= 1.4.6. | ||
| CVE-2025-30581 | Med | 0.34 | 5.3 | 0.00 | Mar 24, 2025 | Missing Authorization vulnerability in PluginOps Top Bar ultimate-bar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Top Bar: from n/a through <= 3.3. | ||
| CVE-2025-1285 | Med | 0.34 | 5.3 | 0.00 | Mar 14, 2025 | The Resido - Real Estate WordPress Theme theme for WordPress is vulnerable to unauthorized access due to a missing capability check on the delete_api_key and save_api_key AJAX actions in all versions up to, and including, 3.6. This makes it possible for unauthenticated attackers… | ||
| CVE-2025-0955 | Med | 0.34 | 5.3 | 0.00 | Mar 14, 2025 | The VidoRev Extensions plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the 'vidorev_import_single_video' AJAX action in all versions up to, and including, 2.9.9.9.9.9.5. This makes it possible for unauthenticated attackers to import… | ||
| CVE-2025-28920 | Med | 0.34 | 5.3 | 0.00 | Mar 11, 2025 | Missing Authorization vulnerability in Jogesh Responsive Google Map responsive-google-map allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Responsive Google Map: from n/a through <= 3.1.5. | ||
| CVE-2025-28872 | Med | 0.34 | 5.3 | 0.00 | Mar 11, 2025 | Missing Authorization vulnerability in jwpegram Block Spam By Math Reloaded block-spam-by-math-reloaded allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Block Spam By Math Reloaded: from n/a through <= 2.2.4. |
- risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in Salesmate.io Salesmate Add-On for Gravity Forms gf-salesmate-add-on allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Salesmate Add-On for Gravity Forms: from n/a through <= 2.0.3.
- risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in simplepress Simple:Press simplepress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simple:Press: from n/a through <= 6.11.5.
- risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in webrangers Clear Sucuri Cache clear-sucuri-cache allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Clear Sucuri Cache: from n/a through <= 1.4.
- risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in Automattic Sensei LMS sensei-lms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sensei LMS: from n/a through <= 4.24.4.
- risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in ThimPress LearnPress learnpress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LearnPress: from n/a through <= 4.2.7.5.
- risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in iNET iNET Webkit inet-webkit allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects iNET Webkit: from n/a through <= 1.2.2.
- risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in magepeopleteam WpEvently mage-eventpress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WpEvently: from n/a through <= 4.2.9.
- risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in Giannis Kipouros Terms & Conditions Per Product terms-and-conditions-per-product allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Terms & Conditions Per Product: from n/a through <= 1.2.15.
- risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in magepeopleteam Taxi Booking Manager for WooCommerce ecab-taxi-booking-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Taxi Booking Manager for WooCommerce: from n/a through <= 1.2.1.
- risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in Hossni Mubarak Cool Author Box hm-cool-author-box-widget allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Cool Author Box: from n/a through <= 2.9.9.
- risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in Arraytics Timetics timetics allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Timetics: from n/a through <= 1.0.29.
- risk 0.34cvss 5.3epss 0.01
Missing Authorization vulnerability in otacke SNORDIAN's H5PxAPIkatchu h5pxapikatchu allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects SNORDIAN's H5PxAPIkatchu: from n/a through <= 0.4.14.
- risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in alexvtn Chatbox Manager wa-chatbox-manager allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Chatbox Manager: from n/a through <= 1.2.2.
- risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in WesternDeal Advanced Dewplayer advanced-dewplayer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Advanced Dewplayer: from n/a through <= 1.6.
- risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in tuyennv Music Press Pro music-press-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Music Press Pro: from n/a through <= 1.4.6.
- risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in PluginOps Top Bar ultimate-bar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Top Bar: from n/a through <= 3.3.
- risk 0.34cvss 5.3epss 0.00
The Resido - Real Estate WordPress Theme theme for WordPress is vulnerable to unauthorized access due to a missing capability check on the delete_api_key and save_api_key AJAX actions in all versions up to, and including, 3.6. This makes it possible for unauthenticated attackers…
- risk 0.34cvss 5.3epss 0.00
The VidoRev Extensions plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the 'vidorev_import_single_video' AJAX action in all versions up to, and including, 2.9.9.9.9.9.5. This makes it possible for unauthenticated attackers to import…
- risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in Jogesh Responsive Google Map responsive-google-map allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Responsive Google Map: from n/a through <= 3.1.5.
- risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in jwpegram Block Spam By Math Reloaded block-spam-by-math-reloaded allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Block Spam By Math Reloaded: from n/a through <= 2.2.4.