CWE-862

Missing Authorization

ClassIncompleteLikelihood: High

Description

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

Hierarchy (View 1000)

Parents

CWE-285

Children

Related attack patterns (CAPEC)

CAPEC-665

CVEs mapped to this weakness (5,492)

page 151 of 275

CVE	Vendor / Product	Sev	Risk	CVSS	EPSS	Published	Description
CVE-2024-37468	Blazethemes Newsmatic	Med	0.34	5.3	0.00	Nov 1, 2024	Missing Authorization vulnerability in blazethemes Newsmatic allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Newsmatic: from n/a through 1.3.1.
CVE-2024-37456	Noptin Noptin	Med	0.34	5.3	0.00	Nov 1, 2024	Missing Authorization vulnerability in Noptin Newsletter Noptin allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Noptin: from n/a through 3.4.2.
CVE-2024-37444	Wpmudev Defender	Med	0.34	5.3	0.01	Nov 1, 2024	Missing Authorization vulnerability in WPMU DEV - Your All-in-One WordPress Platform Defender Security defender-security.This issue affects Defender Security: from n/a through <= 4.7.1.
CVE-2024-37427	WordPress Timetics	Med	0.34	5.3	0.00	Nov 1, 2024	Missing Authorization vulnerability in Arraytics Timetics allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Timetics: from n/a through 1.0.21.
CVE-2024-37411	Progress (organisation) Progress	Med	0.34	5.3	0.00	Nov 1, 2024	Missing Authorization vulnerability in Progress Planner Progress Planner progress-planner.This issue affects Progress Planner: from n/a through <= 0.9.1.
CVE-2024-37276	Fifu Featured Image From URL	Med	0.34	5.3	0.00	Nov 1, 2024	Missing Authorization vulnerability in fifu.App Featured Image from URL allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Featured Image from URL: from n/a through 4.8.1.
CVE-2024-37269	WordPress Masterstudy Elementor Widgets	Med	0.34	5.3	0.00	Nov 1, 2024	Missing Authorization vulnerability in StylemixThemes Masterstudy Elementor Widgets allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Masterstudy Elementor Widgets: from n/a through 1.2.2.
CVE-2024-37255	Wpmet Elementskit Elementor Addons	Med	0.34	5.3	0.00	Nov 1, 2024	Missing Authorization vulnerability in Roxnor ElementsKit Elementor addons Lite elementskit-lite.This issue affects ElementsKit Elementor addons Lite: from n/a through <= 3.1.4.
CVE-2024-37226	Kanban For Wordpress Kanban Boards For Wordpress	Med	0.34	5.3	0.00	Nov 1, 2024	Missing Authorization vulnerability in Kanban for WordPress Kanban Boards for WordPress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Kanban Boards for WordPress: from n/a through 2.5.21.
CVE-2024-37220	WordPress Optinly	Med	0.34	5.3	0.00	Nov 1, 2024	Missing Authorization vulnerability in OptinlyHQ Optinly allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Optinly: from n/a through 1.0.18.
CVE-2024-37123	Vowelweb Ibtana	Med	0.34	5.3	0.00	Nov 1, 2024	Missing Authorization vulnerability in VowelWeb Ibtana allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ibtana: from n/a through 1.2.3.3.
CVE-2024-50454	Seopress Seopress	Med	0.34	5.3	0.00	Oct 29, 2024	Missing Authorization vulnerability in Benjamin Denis SEOPress wp-seopress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SEOPress: from n/a through <= 8.1.1.
CVE-2024-50422	Macromedia Breeze	Med	0.34	5.3	0.01	Oct 29, 2024	Missing Authorization vulnerability in Cloudways Breeze breeze allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Breeze: from n/a through <= 2.1.14.
CVE-2024-50421	Wpovernight Woocommerce Pdf Invoices\& Packing Slips	Med	0.34	5.3	0.00	Oct 29, 2024	Missing Authorization vulnerability in WP Overnight WooCommerce PDF Invoices & Packing Slips woocommerce-pdf-invoices-packing-slips allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WooCommerce PDF Invoices & Packing Slips: from n/a…
CVE-2024-8430	WordPress Spice Starter Sites	Med	0.34	5.3	0.00	Oct 1, 2024	The Spice Starter Sites plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the spice_starter_sites_importer_creater function in all versions up to, and including, 1.2.5. This makes it possible for unauthenticated…
CVE-2024-43214	Wpexperts Mycred	Med	0.34	5.3	0.00	Aug 26, 2024	Missing Authorization vulnerability in Saad Iqbal myCred mycred.This issue affects myCred: from n/a through <= 2.7.2.
CVE-2024-7390	WordPress Wp Testimonial Widget	Med	0.34	5.3	0.00	Aug 21, 2024	The WP Testimonial Widget plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the fnSaveTestimonailOrder function in all versions up to, and including, 3.1. This makes it possible for unauthenticated attackers to change…
CVE-2023-4730	WordPress Ladipage	Med	0.34	5.3	0.00	Aug 17, 2024	The LadiApp plugn for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the init_endpoint() function hooked via 'init' in versions up to, and including, 4.3. This makes it possible for unauthenticated attackers to modify a variety…
CVE-2024-2508	WordPress Mobile Menu	Med	0.34	5.3	0.00	Jul 31, 2024	The WP Mobile Menu plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save_menu_item_icon function in all versions up to, and including, 2.8.4.4. This makes it possible for unauthenticated attackers to add the…
CVE-2024-5545	WordPress Motors	Med	0.34	5.3	0.00	Jul 2, 2024	The Motors – Car Dealer, Classifieds & Listing plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the stm_edit_delete_user_car function in all versions up to, and including, 1.4.8. This makes it possible for…

CVE-2024-37468MedNov 1, 2024
Blazethemes
Newsmatic
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in blazethemes Newsmatic allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Newsmatic: from n/a through 1.3.1.
CVE-2024-37456MedNov 1, 2024
Noptin
Noptin
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in Noptin Newsletter Noptin allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Noptin: from n/a through 3.4.2.
CVE-2024-37444MedNov 1, 2024
Wpmudev
Defender
risk 0.34cvss 5.3epss 0.01
Missing Authorization vulnerability in WPMU DEV - Your All-in-One WordPress Platform Defender Security defender-security.This issue affects Defender Security: from n/a through <= 4.7.1.
CVE-2024-37427MedNov 1, 2024
WordPress
Timetics
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in Arraytics Timetics allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Timetics: from n/a through 1.0.21.
CVE-2024-37411MedNov 1, 2024
Progress (organisation)
Progress
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in Progress Planner Progress Planner progress-planner.This issue affects Progress Planner: from n/a through <= 0.9.1.
CVE-2024-37276MedNov 1, 2024
Fifu
Featured Image From URL
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in fifu.App Featured Image from URL allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Featured Image from URL: from n/a through 4.8.1.
CVE-2024-37269MedNov 1, 2024
WordPress
Masterstudy Elementor Widgets
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in StylemixThemes Masterstudy Elementor Widgets allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Masterstudy Elementor Widgets: from n/a through 1.2.2.
CVE-2024-37255MedNov 1, 2024
Wpmet
Elementskit Elementor Addons
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in Roxnor ElementsKit Elementor addons Lite elementskit-lite.This issue affects ElementsKit Elementor addons Lite: from n/a through <= 3.1.4.
CVE-2024-37226MedNov 1, 2024
Kanban For Wordpress
Kanban Boards For Wordpress
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in Kanban for WordPress Kanban Boards for WordPress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Kanban Boards for WordPress: from n/a through 2.5.21.
CVE-2024-37220MedNov 1, 2024
WordPress
Optinly
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in OptinlyHQ Optinly allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Optinly: from n/a through 1.0.18.
CVE-2024-37123MedNov 1, 2024
Vowelweb
Ibtana
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in VowelWeb Ibtana allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ibtana: from n/a through 1.2.3.3.
CVE-2024-50454MedOct 29, 2024
Seopress
Seopress
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in Benjamin Denis SEOPress wp-seopress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SEOPress: from n/a through <= 8.1.1.
CVE-2024-50422MedOct 29, 2024
Macromedia
Breeze
risk 0.34cvss 5.3epss 0.01
Missing Authorization vulnerability in Cloudways Breeze breeze allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Breeze: from n/a through <= 2.1.14.
CVE-2024-50421MedOct 29, 2024
Wpovernight
Woocommerce Pdf Invoices\& Packing Slips
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in WP Overnight WooCommerce PDF Invoices & Packing Slips woocommerce-pdf-invoices-packing-slips allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WooCommerce PDF Invoices & Packing Slips: from n/a…
CVE-2024-8430MedOct 1, 2024
WordPress
Spice Starter Sites
risk 0.34cvss 5.3epss 0.00
The Spice Starter Sites plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the spice_starter_sites_importer_creater function in all versions up to, and including, 1.2.5. This makes it possible for unauthenticated…
CVE-2024-43214MedAug 26, 2024
Wpexperts
Mycred
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in Saad Iqbal myCred mycred.This issue affects myCred: from n/a through <= 2.7.2.
CVE-2024-7390MedAug 21, 2024
WordPress
Wp Testimonial Widget
risk 0.34cvss 5.3epss 0.00
The WP Testimonial Widget plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the fnSaveTestimonailOrder function in all versions up to, and including, 3.1. This makes it possible for unauthenticated attackers to change…
CVE-2023-4730MedAug 17, 2024
WordPress
Ladipage
risk 0.34cvss 5.3epss 0.00
The LadiApp plugn for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the init_endpoint() function hooked via 'init' in versions up to, and including, 4.3. This makes it possible for unauthenticated attackers to modify a variety…
CVE-2024-2508MedJul 31, 2024
WordPress
Mobile Menu
risk 0.34cvss 5.3epss 0.00
The WP Mobile Menu plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save_menu_item_icon function in all versions up to, and including, 2.8.4.4. This makes it possible for unauthenticated attackers to add the…
CVE-2024-5545MedJul 2, 2024
WordPress
Motors
risk 0.34cvss 5.3epss 0.00
The Motors – Car Dealer, Classifieds & Listing plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the stm_edit_delete_user_car function in all versions up to, and including, 1.4.8. This makes it possible for…