CWE-862

Missing Authorization

ClassIncompleteLikelihood: High

Description

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

Hierarchy (View 1000)

Parents

CWE-285

Children

Related attack patterns (CAPEC)

CAPEC-665

CVEs mapped to this weakness (5,492)

page 150 of 275

CVE	Vendor / Product	Sev	Risk	CVSS	EPSS	Published	Description
CVE-2024-44038	Sunshinephotocart Sunshine Photo Cart	Med	0.34	5.3	0.00	Nov 1, 2024	Missing Authorization vulnerability in sunshinephotocart Sunshine Photo Cart sunshine-photo-cart allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sunshine Photo Cart: from n/a through <= 3.2.9.
CVE-2024-44019	Renzojohnson Contact Form 7 Campaign Monitor Extension	Med	0.34	5.3	0.00	Nov 1, 2024	Missing Authorization vulnerability in Renzo Johnson Contact Form 7 Campaign Monitor Extension contact-form-7-campaign-monitor-extension.This issue affects Contact Form 7 Campaign Monitor Extension: from n/a through <= 0.4.67.
CVE-2024-43290	Atarim Atarim	Med	0.34	5.3	0.00	Nov 1, 2024	Missing Authorization vulnerability in Vito Peleg Atarim atarim-visual-collaboration.This issue affects Atarim: from n/a through <= 4.0.1.
CVE-2024-43270	Wpbackitup Backup And Restore Wordpress	Med	0.34	5.3	0.00	Nov 1, 2024	Missing Authorization vulnerability in WPBackItUp Backup and Restore WordPress allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Backup and Restore WordPress: from n/a through 1.50.
CVE-2024-43253	Zaytech Smart Online Order For Clover	Med	0.34	5.3	0.01	Nov 1, 2024	Missing Authorization vulnerability in ZAYTECH Smart Online Order for Clover clover-online-orders.This issue affects Smart Online Order for Clover: from n/a through <= 1.5.6.
CVE-2024-43219	WooCommerce WooCommerce	Med	0.34	5.3	0.00	Nov 1, 2024	Missing Authorization vulnerability in ووکامرس فارسی Persian WooCommerce allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Persian WooCommerce: from n/a through 7.1.6.
CVE-2024-43159	Themegrill Masteriyo	Med	0.34	5.3	0.00	Nov 1, 2024	Missing Authorization vulnerability in masteriyo Masteriyo - LMS learning-management-system.This issue affects Masteriyo - LMS: from n/a through <= 1.11.6.
CVE-2024-43120	XSERVER Inc. TypeSquare Webfonts	Med	0.34	5.3	0.00	Nov 1, 2024	Missing Authorization vulnerability in XSERVER Inc. TypeSquare Webfonts allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects TypeSquare Webfonts: from n/a through 2.0.7.
CVE-2024-39654	Fetch Designs Sign Up Sheets	Med	0.34	5.3	0.00	Nov 1, 2024	Missing Authorization vulnerability in Fetch Designs Sign-up Sheets sign-up-sheets.This issue affects Sign-up Sheets: from n/a through <= 2.2.12.
CVE-2024-39625	WordPress Icegram	Med	0.34	5.3	0.00	Nov 1, 2024	Missing Authorization vulnerability in icegram Icegram allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Icegram: from n/a through 3.1.24.
CVE-2024-38794	Ronald Huereca Custom Query Blocks	Med	0.34	5.3	0.00	Nov 1, 2024	Missing Authorization vulnerability in MediaRon LLC Custom Query Blocks allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Custom Query Blocks: from n/a through 5.2.0.
CVE-2024-38792	WordPress Conveythis Translate	Med	0.34	5.3	0.00	Nov 1, 2024	Missing Authorization vulnerability in ConveyThis Translate Team Language Translate Widget for WordPress – ConveyThis allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Language Translate Widget for WordPress – ConveyThis: from n/a through 234.
CVE-2024-38745	Rymera Wholesale Suite	Med	0.34	5.3	0.00	Nov 1, 2024	Missing Authorization vulnerability in Rymera Web Co Wholesale Suite allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Wholesale Suite: from n/a through 2.1.12.
CVE-2024-38743	Upqode Plum: Spin Wheel & Email Pop-up	Med	0.34	5.3	0.00	Nov 1, 2024	Access Control vulnerability in Upqode Plum: Spin Wheel & Email Pop-up allows . This issue affects Plum: Spin Wheel & Email Pop-up: from n/a through 2.0.
CVE-2024-38702	WordPress Product Delivery Date For Woocommerce Lite	Med	0.34	5.3	0.01	Nov 1, 2024	Missing Authorization vulnerability in Tyche Softwares Product Delivery Date for WooCommerce – Lite allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Product Delivery Date for WooCommerce – Lite: from n/a through 2.7.2.
CVE-2024-38690	WordPress Ipanorama 360 Virtual Tour Builder	Med	0.34	5.3	0.00	Nov 1, 2024	Missing Authorization vulnerability in Avirtum iPanorama 360 WordPress Virtual Tour Builder allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects iPanorama 360 WordPress Virtual Tour Builder: from n/a through 1.8.3.
CVE-2024-37926	Alex Volkov Wp Accessibility Helper (wah)	Med	0.34	5.3	0.00	Nov 1, 2024	Missing Authorization vulnerability in Alex Volkov WP Accessibility Helper (WAH) allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WP Accessibility Helper (WAH): from n/a through 0.6.2.9.
CVE-2024-37921	Kibokolabs Chained Quiz	Med	0.34	5.3	0.00	Nov 1, 2024	Missing Authorization vulnerability in Kiboko Labs Chained Quiz allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Chained Quiz: from n/a through 1.3.2.8.
CVE-2024-37506	WordPress Charitable	Med	0.34	5.3	0.00	Nov 1, 2024	Missing Authorization vulnerability in Charitable Donations & Fundraising Team Charitable allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Charitable: from n/a through 1.8.1.7.
CVE-2024-37475	WordPress Newspack Newsletters	Med	0.34	5.3	0.00	Nov 1, 2024	Missing Authorization vulnerability in Automattic Newspack Newsletters allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Newspack Newsletters: from n/a through 2.13.2.

CVE-2024-44038MedNov 1, 2024
Sunshinephotocart
Sunshine Photo Cart
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in sunshinephotocart Sunshine Photo Cart sunshine-photo-cart allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sunshine Photo Cart: from n/a through <= 3.2.9.
CVE-2024-44019MedNov 1, 2024
Renzojohnson
Contact Form 7 Campaign Monitor Extension
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in Renzo Johnson Contact Form 7 Campaign Monitor Extension contact-form-7-campaign-monitor-extension.This issue affects Contact Form 7 Campaign Monitor Extension: from n/a through <= 0.4.67.
CVE-2024-43290MedNov 1, 2024
Atarim
Atarim
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in Vito Peleg Atarim atarim-visual-collaboration.This issue affects Atarim: from n/a through <= 4.0.1.
CVE-2024-43270MedNov 1, 2024
Wpbackitup
Backup And Restore Wordpress
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in WPBackItUp Backup and Restore WordPress allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Backup and Restore WordPress: from n/a through 1.50.
CVE-2024-43253MedNov 1, 2024
Zaytech
Smart Online Order For Clover
risk 0.34cvss 5.3epss 0.01
Missing Authorization vulnerability in ZAYTECH Smart Online Order for Clover clover-online-orders.This issue affects Smart Online Order for Clover: from n/a through <= 1.5.6.
CVE-2024-43219MedNov 1, 2024
WooCommerce
WooCommerce
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in ووکامرس فارسی Persian WooCommerce allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Persian WooCommerce: from n/a through 7.1.6.
CVE-2024-43159MedNov 1, 2024
Themegrill
Masteriyo
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in masteriyo Masteriyo - LMS learning-management-system.This issue affects Masteriyo - LMS: from n/a through <= 1.11.6.
CVE-2024-43120MedNov 1, 2024
XSERVER Inc.
TypeSquare Webfonts
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in XSERVER Inc. TypeSquare Webfonts allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects TypeSquare Webfonts: from n/a through 2.0.7.
CVE-2024-39654MedNov 1, 2024
Fetch Designs
Sign Up Sheets
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in Fetch Designs Sign-up Sheets sign-up-sheets.This issue affects Sign-up Sheets: from n/a through <= 2.2.12.
CVE-2024-39625MedNov 1, 2024
WordPress
Icegram
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in icegram Icegram allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Icegram: from n/a through 3.1.24.
CVE-2024-38794MedNov 1, 2024
Ronald Huereca
Custom Query Blocks
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in MediaRon LLC Custom Query Blocks allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Custom Query Blocks: from n/a through 5.2.0.
CVE-2024-38792MedNov 1, 2024
WordPress
Conveythis Translate
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in ConveyThis Translate Team Language Translate Widget for WordPress – ConveyThis allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Language Translate Widget for WordPress – ConveyThis: from n/a through 234.
CVE-2024-38745MedNov 1, 2024
Rymera
Wholesale Suite
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in Rymera Web Co Wholesale Suite allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Wholesale Suite: from n/a through 2.1.12.
CVE-2024-38743MedNov 1, 2024
Upqode
Plum: Spin Wheel & Email Pop-up
risk 0.34cvss 5.3epss 0.00
Access Control vulnerability in Upqode Plum: Spin Wheel & Email Pop-up allows . This issue affects Plum: Spin Wheel & Email Pop-up: from n/a through 2.0.
CVE-2024-38702MedNov 1, 2024
WordPress
Product Delivery Date For Woocommerce Lite
risk 0.34cvss 5.3epss 0.01
Missing Authorization vulnerability in Tyche Softwares Product Delivery Date for WooCommerce – Lite allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Product Delivery Date for WooCommerce – Lite: from n/a through 2.7.2.
CVE-2024-38690MedNov 1, 2024
WordPress
Ipanorama 360 Virtual Tour Builder
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in Avirtum iPanorama 360 WordPress Virtual Tour Builder allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects iPanorama 360 WordPress Virtual Tour Builder: from n/a through 1.8.3.
CVE-2024-37926MedNov 1, 2024
Alex Volkov
Wp Accessibility Helper (wah)
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in Alex Volkov WP Accessibility Helper (WAH) allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WP Accessibility Helper (WAH): from n/a through 0.6.2.9.
CVE-2024-37921MedNov 1, 2024
Kibokolabs
Chained Quiz
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in Kiboko Labs Chained Quiz allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Chained Quiz: from n/a through 1.3.2.8.
CVE-2024-37506MedNov 1, 2024
WordPress
Charitable
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in Charitable Donations & Fundraising Team Charitable allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Charitable: from n/a through 1.8.1.7.
CVE-2024-37475MedNov 1, 2024
WordPress
Newspack Newsletters
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in Automattic Newspack Newsletters allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Newspack Newsletters: from n/a through 2.13.2.