CWE-862

Missing Authorization

ClassIncompleteLikelihood: High

Description

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

Hierarchy (View 1000)

Parents

CWE-285

Children

Related attack patterns (CAPEC)

CAPEC-665

CVEs mapped to this weakness (5,492)

page 146 of 275

CVE	Vendor / Product	Sev	Risk	CVSS	EPSS	Published	Description
CVE-2024-54417	WordPress Pixproof	Med	0.34	5.3	0.01	Dec 16, 2024	Missing Authorization vulnerability in pixelgrade PixProof pixproof allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects PixProof: from n/a through <= 2.0.1.
CVE-2024-54310	Aslam Khan Gouran Gou Manage My Account Menu	Med	0.34	5.3	0.00	Dec 13, 2024	Missing Authorization vulnerability in Aslam Khan Gouran Gou Manage My Account Menu gou-wc-account-tabs allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Gou Manage My Account Menu: from n/a through <= 1.0.1.8.
CVE-2023-44149	WordPress Brands For Woocommerce	Med	0.34	5.3	0.00	Dec 13, 2024	Missing Authorization vulnerability in BeRocket Brands for WooCommerce brands-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Brands for WooCommerce: from n/a through <= 3.8.2.2.
CVE-2023-44147	WordPress Comment Blacklist Updater	Med	0.34	5.3	0.00	Dec 13, 2024	Missing Authorization vulnerability in apasionados Comment Blacklist Updater comment-blacklist-updater allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Comment Blacklist Updater: from n/a through <= 1.1.0.
CVE-2023-41952	WordPress Fluentform	Med	0.34	5.3	0.00	Dec 13, 2024	Missing Authorization vulnerability in Contact Form - WPManageNinja LLC FluentForm allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects FluentForm: from n/a through 5.0.8.
CVE-2023-41875	Wpdirectorykit Wp Directory Kit	Med	0.34	5.3	0.01	Dec 13, 2024	Missing Authorization vulnerability in wpdirectorykit.com WP Directory Kit allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Directory Kit: from n/a through 1.2.6.
CVE-2023-41849	WordPress Posts Like Dislike	Med	0.34	5.3	0.00	Dec 13, 2024	Missing Authorization vulnerability in WP Happy Coders Posts Like Dislike allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Posts Like Dislike: from n/a through 1.1.0.
CVE-2023-41848	Majeedraza Carousel Slider	Med	0.34	5.3	0.00	Dec 13, 2024	Missing Authorization vulnerability in Majeed Raza Carousel Slider allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Carousel Slider: from n/a through 2.2.2.
CVE-2023-41803	WordPress Bitpay Checkout For Woocommerce	Med	0.34	5.3	0.00	Dec 13, 2024	Missing Authorization vulnerability in BitPay BitPay Checkout for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects BitPay Checkout for WooCommerce: from n/a through 4.1.0.
CVE-2023-41690	Wiser Notify WiserNotify Social Proof	Med	0.34	5.3	0.00	Dec 13, 2024	Missing Authorization vulnerability in Wiser Notify WiserNotify Social Proof allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WiserNotify Social Proof: from n/a through 2.5.
CVE-2023-39997	Supsystic Popup	Med	0.34	5.3	0.01	Dec 13, 2024	Missing Authorization vulnerability in supsystic.com Popup by Supsystic allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Popup by Supsystic: from n/a through 1.10.19.
CVE-2023-39996	WordPress Accordion And Accordion Slider	Med	0.34	5.3	0.00	Dec 13, 2024	Missing Authorization vulnerability in WP OnlineSupport, Essential Plugin Accordion and Accordion Slider allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Accordion and Accordion Slider: from n/a through 1.2.4.
CVE-2023-39305	WordPress Yet Another Stars Rating	Med	0.34	5.3	0.00	Dec 13, 2024	Missing Authorization vulnerability in Dash Labs Yet Another Stars Rating yet-another-stars-rating allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Yet Another Stars Rating: from n/a through <= 3.4.3.
CVE-2023-38480	Certain Dev Booster Elementor Addons	Med	0.34	5.3	0.00	Dec 13, 2024	Missing Authorization vulnerability in Certain Dev Booster Elementor Addons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Booster Elementor Addons: from n/a through 1.4.9.
CVE-2023-38479	Codents Simple Googlebot Visit	Med	0.34	5.3	0.00	Dec 13, 2024	Missing Authorization vulnerability in Codents Simple Googlebot Visit allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simple Googlebot Visit: from n/a through 1.2.4.
CVE-2023-37969	The African Boss Checkout with Zelle on Woocommerce	Med	0.34	5.3	0.00	Dec 13, 2024	Missing Authorization vulnerability in The African Boss Checkout with Zelle on Woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Checkout with Zelle on Woocommerce: from n/a through 3.1.
CVE-2023-36681	Coolplugins Cryptocurrency Widgets	Med	0.34	5.3	0.01	Dec 13, 2024	Missing Authorization vulnerability in Cool Plugins Cryptocurrency Widgets – Price Ticker & Coins List allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Cryptocurrency Widgets – Price Ticker & Coins List: from n/a through 2.6.2.
CVE-2023-36528	FeedbackWP kk Star Ratings	Med	0.34	5.3	0.00	Dec 13, 2024	Missing Authorization vulnerability in FeedbackWP kk Star Ratings allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects kk Star Ratings: from n/a through 5.4.3.
CVE-2023-36506	WordPress Yith Woocommerce Waiting List	Med	0.34	5.3	0.00	Dec 13, 2024	Missing Authorization vulnerability in YITH YITH WooCommerce Waiting List allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects YITH WooCommerce Waiting List: from n/a through 2.13.0.
CVE-2023-35875	Jegstudio Gutenverse	Med	0.34	5.3	0.00	Dec 13, 2024	Missing Authorization vulnerability in Jegstudio Gutenverse allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Gutenverse: from n/a through 1.8.5.

CVE-2024-54417MedDec 16, 2024
WordPress
Pixproof
risk 0.34cvss 5.3epss 0.01
Missing Authorization vulnerability in pixelgrade PixProof pixproof allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects PixProof: from n/a through <= 2.0.1.
CVE-2024-54310MedDec 13, 2024
Aslam Khan Gouran
Gou Manage My Account Menu
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in Aslam Khan Gouran Gou Manage My Account Menu gou-wc-account-tabs allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Gou Manage My Account Menu: from n/a through <= 1.0.1.8.
CVE-2023-44149MedDec 13, 2024
WordPress
Brands For Woocommerce
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in BeRocket Brands for WooCommerce brands-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Brands for WooCommerce: from n/a through <= 3.8.2.2.
CVE-2023-44147MedDec 13, 2024
WordPress
Comment Blacklist Updater
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in apasionados Comment Blacklist Updater comment-blacklist-updater allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Comment Blacklist Updater: from n/a through <= 1.1.0.
CVE-2023-41952MedDec 13, 2024
WordPress
Fluentform
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in Contact Form - WPManageNinja LLC FluentForm allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects FluentForm: from n/a through 5.0.8.
CVE-2023-41875MedDec 13, 2024
Wpdirectorykit
Wp Directory Kit
risk 0.34cvss 5.3epss 0.01
Missing Authorization vulnerability in wpdirectorykit.com WP Directory Kit allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Directory Kit: from n/a through 1.2.6.
CVE-2023-41849MedDec 13, 2024
WordPress
Posts Like Dislike
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in WP Happy Coders Posts Like Dislike allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Posts Like Dislike: from n/a through 1.1.0.
CVE-2023-41848MedDec 13, 2024
Majeedraza
Carousel Slider
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in Majeed Raza Carousel Slider allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Carousel Slider: from n/a through 2.2.2.
CVE-2023-41803MedDec 13, 2024
WordPress
Bitpay Checkout For Woocommerce
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in BitPay BitPay Checkout for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects BitPay Checkout for WooCommerce: from n/a through 4.1.0.
CVE-2023-41690MedDec 13, 2024
Wiser Notify
WiserNotify Social Proof
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in Wiser Notify WiserNotify Social Proof allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WiserNotify Social Proof: from n/a through 2.5.
CVE-2023-39997MedDec 13, 2024
Supsystic
Popup
risk 0.34cvss 5.3epss 0.01
Missing Authorization vulnerability in supsystic.com Popup by Supsystic allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Popup by Supsystic: from n/a through 1.10.19.
CVE-2023-39996MedDec 13, 2024
WordPress
Accordion And Accordion Slider
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in WP OnlineSupport, Essential Plugin Accordion and Accordion Slider allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Accordion and Accordion Slider: from n/a through 1.2.4.
CVE-2023-39305MedDec 13, 2024
WordPress
Yet Another Stars Rating
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in Dash Labs Yet Another Stars Rating yet-another-stars-rating allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Yet Another Stars Rating: from n/a through <= 3.4.3.
CVE-2023-38480MedDec 13, 2024
Certain Dev
Booster Elementor Addons
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in Certain Dev Booster Elementor Addons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Booster Elementor Addons: from n/a through 1.4.9.
CVE-2023-38479MedDec 13, 2024
Codents
Simple Googlebot Visit
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in Codents Simple Googlebot Visit allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simple Googlebot Visit: from n/a through 1.2.4.
CVE-2023-37969MedDec 13, 2024
The African Boss
Checkout with Zelle on Woocommerce
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in The African Boss Checkout with Zelle on Woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Checkout with Zelle on Woocommerce: from n/a through 3.1.
CVE-2023-36681MedDec 13, 2024
Coolplugins
Cryptocurrency Widgets
risk 0.34cvss 5.3epss 0.01
Missing Authorization vulnerability in Cool Plugins Cryptocurrency Widgets – Price Ticker & Coins List allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Cryptocurrency Widgets – Price Ticker & Coins List: from n/a through 2.6.2.
CVE-2023-36528MedDec 13, 2024
FeedbackWP
kk Star Ratings
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in FeedbackWP kk Star Ratings allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects kk Star Ratings: from n/a through 5.4.3.
CVE-2023-36506MedDec 13, 2024
WordPress
Yith Woocommerce Waiting List
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in YITH YITH WooCommerce Waiting List allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects YITH WooCommerce Waiting List: from n/a through 2.13.0.
CVE-2023-35875MedDec 13, 2024
Jegstudio
Gutenverse
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in Jegstudio Gutenverse allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Gutenverse: from n/a through 1.8.5.