CWE-862

Missing Authorization

ClassIncompleteLikelihood: High

Description

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

Hierarchy (View 1000)

Parents

CWE-285

Children

Related attack patterns (CAPEC)

CAPEC-665

CVEs mapped to this weakness (5,492)

page 145 of 275

CVE	Vendor / Product	Sev	Risk	CVSS	EPSS	Published	Description
CVE-2023-47183	Givewp Givewp	Med	0.34	5.3	0.00	Jan 2, 2025	Missing Authorization vulnerability in StellarWP GiveWP give allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GiveWP: from n/a through <= 2.33.1.
CVE-2023-46639	FeedbackWP kk Star Ratings	Med	0.34	5.3	0.00	Jan 2, 2025	Missing Authorization vulnerability in FeedbackWP kk Star Ratings allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects kk Star Ratings: from n/a through 5.4.5.
CVE-2023-46637	WordPress Generate Dummy Posts	Med	0.34	5.3	0.00	Jan 2, 2025	Missing Authorization vulnerability in Saurav Sharma Generate Dummy Posts allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Generate Dummy Posts: from n/a through 1.0.0.
CVE-2023-46635	Yithemes Yith Woocommerce Product Add Ons	Med	0.34	5.3	0.00	Jan 2, 2025	Missing Authorization vulnerability in YITHEMES YITH WooCommerce Product Add-Ons yith-woocommerce-product-add-ons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects YITH WooCommerce Product Add-Ons: from n/a through <= 4.2.0.
CVE-2023-46608	WPDO DoLogin Security	Med	0.34	5.3	0.00	Jan 2, 2025	Missing Authorization vulnerability in WPDO DoLogin Security dologin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects DoLogin Security: from n/a through <= 3.7.1.
CVE-2023-46606	WordPress Atomchat	Med	0.34	5.3	0.00	Jan 2, 2025	Missing Authorization vulnerability in Team AtomChat AtomChat atomchat allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AtomChat: from n/a through <= 1.1.4.
CVE-2023-46605	Ruslan Suhar Convertful	Med	0.34	5.3	0.00	Jan 2, 2025	Missing Authorization vulnerability in Ruslan Suhar Convertful – Your Ultimate On-Site Conversion Tool allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Convertful – Your Ultimate On-Site Conversion Tool: from n/a through 2.5.
CVE-2023-46309	Gvectors Wpdiscuz	Med	0.34	5.3	0.00	Jan 2, 2025	Missing Authorization vulnerability in AdvancedCoding wpDiscuz wpdiscuz allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects wpDiscuz: from n/a through <= 7.6.10.
CVE-2023-46206	WordPress Mw Wp Form	Med	0.34	5.3	0.00	Jan 2, 2025	Missing Authorization vulnerability in Webの相談所 MW WP Form mw-wp-form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MW WP Form: from n/a through <= 4.4.5.
CVE-2023-46083	WordPress Kali Forms	Med	0.34	5.3	0.00	Jan 2, 2025	Missing Authorization vulnerability in WP Chill Kali Forms kali-forms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Kali Forms: from n/a through <= 2.3.27.
CVE-2023-46082	WordPress Broken Link Finder	Med	0.34	5.3	0.00	Jan 2, 2025	Missing Authorization vulnerability in Cyberlord92 Broken Link Checker \| Finder broken-link-finder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Broken Link Checker \| Finder: from n/a through <= 2.4.2.
CVE-2023-46073	WordPress Dx Delete Attached Media	Med	0.34	5.3	0.00	Jan 2, 2025	Missing Authorization vulnerability in Mario Peshev DX Delete Attached Media dx-delete-attached-media allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects DX Delete Attached Media: from n/a through <= 2.0.5.1.
CVE-2023-45766	Ays Pro Poll Maker	Med	0.34	5.3	0.00	Jan 2, 2025	Missing Authorization vulnerability in Ays Pro Poll Maker poll-maker allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Poll Maker: from n/a through <= 4.7.1.
CVE-2023-45649	Codepeople Appointment Hour Booking	Med	0.34	5.3	0.00	Jan 2, 2025	Missing Authorization vulnerability in codepeople Appointment Hour Booking appointment-hour-booking allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Appointment Hour Booking: from n/a through <= 1.4.23.
CVE-2023-44258	Schemaapp Schema App Structured Data	Med	0.34	5.3	0.00	Jan 2, 2025	Missing Authorization vulnerability in vberkel Schema App Structured Data schema-app-structured-data-for-schemaorg allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Schema App Structured Data: from n/a through <= 1.23.1.
CVE-2024-49694	WordPress My Wp Brand	Med	0.34	5.3	0.00	Dec 31, 2024	Missing Authorization vulnerability in imw3 My Wp Brand my-wp-brand.This issue affects My Wp Brand: from n/a through <= 1.1.2.
CVE-2023-48775	WordPress Wp Cleanfix	Med	0.34	5.3	0.00	Dec 31, 2024	Missing Authorization vulnerability in Gfazioli WP Cleanfix allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Cleanfix: from n/a through 5.6.2.
CVE-2024-55999	WordPress XML Multilanguage Sitemap Generator	Med	0.34	5.3	0.00	Dec 16, 2024	Missing Authorization vulnerability in Marco Giannini XML Multilanguage Sitemap Generator xml-multilanguage-sitemap-generator.This issue affects XML Multilanguage Sitemap Generator: from n/a through <= 2.0.6.
CVE-2024-56009	spreadr Spreadr Woocommerce	Med	0.34	5.3	0.00	Dec 16, 2024	Missing Authorization vulnerability in spreadr Spreadr Woocommerce spreadr-for-woocomerce allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Spreadr Woocommerce: from n/a through <= 1.0.4.
CVE-2024-55993	WordPress Job Board Manager	Med	0.34	5.3	0.01	Dec 16, 2024	Missing Authorization vulnerability in PickPlugins Job Board Manager job-board-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Job Board Manager: from n/a through <= 2.1.61.

CVE-2023-47183MedJan 2, 2025
Givewp
Givewp
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in StellarWP GiveWP give allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GiveWP: from n/a through <= 2.33.1.
CVE-2023-46639MedJan 2, 2025
FeedbackWP
kk Star Ratings
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in FeedbackWP kk Star Ratings allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects kk Star Ratings: from n/a through 5.4.5.
CVE-2023-46637MedJan 2, 2025
WordPress
Generate Dummy Posts
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in Saurav Sharma Generate Dummy Posts allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Generate Dummy Posts: from n/a through 1.0.0.
CVE-2023-46635MedJan 2, 2025
Yithemes
Yith Woocommerce Product Add Ons
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in YITHEMES YITH WooCommerce Product Add-Ons yith-woocommerce-product-add-ons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects YITH WooCommerce Product Add-Ons: from n/a through <= 4.2.0.
CVE-2023-46608MedJan 2, 2025
WPDO
DoLogin Security
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in WPDO DoLogin Security dologin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects DoLogin Security: from n/a through <= 3.7.1.
CVE-2023-46606MedJan 2, 2025
WordPress
Atomchat
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in Team AtomChat AtomChat atomchat allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AtomChat: from n/a through <= 1.1.4.
CVE-2023-46605MedJan 2, 2025
Ruslan Suhar
Convertful
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in Ruslan Suhar Convertful – Your Ultimate On-Site Conversion Tool allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Convertful – Your Ultimate On-Site Conversion Tool: from n/a through 2.5.
CVE-2023-46309MedJan 2, 2025
Gvectors
Wpdiscuz
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in AdvancedCoding wpDiscuz wpdiscuz allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects wpDiscuz: from n/a through <= 7.6.10.
CVE-2023-46206MedJan 2, 2025
WordPress
Mw Wp Form
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in Webの相談所 MW WP Form mw-wp-form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MW WP Form: from n/a through <= 4.4.5.
CVE-2023-46083MedJan 2, 2025
WordPress
Kali Forms
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in WP Chill Kali Forms kali-forms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Kali Forms: from n/a through <= 2.3.27.
CVE-2023-46082MedJan 2, 2025
WordPress
Broken Link Finder
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in Cyberlord92 Broken Link Checker | Finder broken-link-finder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Broken Link Checker | Finder: from n/a through <= 2.4.2.
CVE-2023-46073MedJan 2, 2025
WordPress
Dx Delete Attached Media
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in Mario Peshev DX Delete Attached Media dx-delete-attached-media allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects DX Delete Attached Media: from n/a through <= 2.0.5.1.
CVE-2023-45766MedJan 2, 2025
Ays Pro
Poll Maker
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in Ays Pro Poll Maker poll-maker allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Poll Maker: from n/a through <= 4.7.1.
CVE-2023-45649MedJan 2, 2025
Codepeople
Appointment Hour Booking
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in codepeople Appointment Hour Booking appointment-hour-booking allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Appointment Hour Booking: from n/a through <= 1.4.23.
CVE-2023-44258MedJan 2, 2025
Schemaapp
Schema App Structured Data
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in vberkel Schema App Structured Data schema-app-structured-data-for-schemaorg allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Schema App Structured Data: from n/a through <= 1.23.1.
CVE-2024-49694MedDec 31, 2024
WordPress
My Wp Brand
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in imw3 My Wp Brand my-wp-brand.This issue affects My Wp Brand: from n/a through <= 1.1.2.
CVE-2023-48775MedDec 31, 2024
WordPress
Wp Cleanfix
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in Gfazioli WP Cleanfix allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Cleanfix: from n/a through 5.6.2.
CVE-2024-55999MedDec 16, 2024
WordPress
XML Multilanguage Sitemap Generator
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in Marco Giannini XML Multilanguage Sitemap Generator xml-multilanguage-sitemap-generator.This issue affects XML Multilanguage Sitemap Generator: from n/a through <= 2.0.6.
CVE-2024-56009MedDec 16, 2024
spreadr
Spreadr Woocommerce
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in spreadr Spreadr Woocommerce spreadr-for-woocomerce allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Spreadr Woocommerce: from n/a through <= 1.0.4.
CVE-2024-55993MedDec 16, 2024
WordPress
Job Board Manager
risk 0.34cvss 5.3epss 0.01
Missing Authorization vulnerability in PickPlugins Job Board Manager job-board-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Job Board Manager: from n/a through <= 2.1.61.