CWE-862

Missing Authorization

ClassIncompleteLikelihood: High

Description

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

Hierarchy (View 1000)

Parents

CWE-285

Children

Related attack patterns (CAPEC)

CAPEC-665

CVEs mapped to this weakness (5,492)

page 158 of 275

CVE	Vendor / Product	Sev	Risk	CVSS	EPSS	Published	Description
CVE-2026-4925	Devolutions Server	Med	0.33	5.0	0.00	Apr 1, 2026	Improper access control in the users MFA feature in Devolutions Server allows an authenticated user to bypass administrator-enforced restrictions and remove their own multi-factor authentication (MFA) configuration via a crafted request. This issue affects Server: from…
CVE-2026-32442	E2pdf E2pdf	Med	0.33	5.0	0.00	Mar 13, 2026	Missing Authorization vulnerability in E2Pdf e2pdf e2pdf allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects e2pdf: from n/a through <= 1.28.15.
CVE-2026-27688	SAP NetWeaver Application Server for ABAP	Med	0.33	5.0	0.00	Mar 10, 2026	Due to a missing authorization check in SAP NetWeaver Application Server for ABAP, an authenticated attacker with user privileges could read Database Analyzer Log Files via a specific RFC function module. The attacker with the necessary privileges to execute this function module…
CVE-2025-58968	Christiaan Pieterse MaxiBlocks	Med	0.33	5.0	0.00	Sep 22, 2025	Missing Authorization vulnerability in Christiaan Pieterse MaxiBlocks maxi-blocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MaxiBlocks: from n/a through <= 2.1.3.
CVE-2025-43311	Apple Inc. macOS	Med	0.33	5.1	0.00	Sep 15, 2025	This issue was addressed with additional entitlement checks. This issue is fixed in macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26. An app may be able to access protected user data.
CVE-2025-58606	WordPress Saaslauncher	Med	0.33	5.0	0.00	Sep 3, 2025	Missing Authorization vulnerability in cozythemes SaasLauncher saaslauncher allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SaasLauncher: from n/a through <= 1.3.0.
CVE-2025-49289	WordPress PDF For Wpforms	Med	0.33	5.0	0.00	Jun 6, 2025	Missing Authorization vulnerability in add-ons.org PDF for WPForms pdf-for-wpforms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PDF for WPForms: from n/a through <= 5.5.0.
CVE-2025-47560	WordPress Mapsvg	Med	0.33	5.0	0.00	May 16, 2025	Missing Authorization vulnerability in RomanCode MapSVG mapsvg allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MapSVG: from n/a through < 8.6.13.
CVE-2025-32684	WordPress Mapsvg	Med	0.33	5.0	0.00	Apr 9, 2025	Missing Authorization vulnerability in RomanCode MapSVG mapsvg-lite-interactive-vector-maps allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MapSVG: from n/a through <= 8.6.4.
CVE-2023-24407	Wpdevart Booking Calendar	Med	0.33	5.0	0.00	Dec 9, 2024	Missing Authorization vulnerability in WpDevArt Booking calendar, Appointment Booking System allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Booking calendar, Appointment Booking System: from n/a through 3.2.3.
CVE-2024-42934	OpenIPMI OpenIPMI	Med	0.33	5.0	0.00	Oct 9, 2024	OpenIPMI before 2.0.36 has an out-of-bounds array access (for authentication type) in the ipmi_sim simulator, resulting in denial of service or (with very low probability) authentication bypass or code execution.
CVE-2024-3277	WordPress Yumpu Epaper Publishing	Med	0.33	5.0	0.00	May 30, 2024	The Yumpu ePaper publishing plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_handler function in all versions up to, and including, 2.0.24. This makes it possible for authenticated attackers, with…
CVE-2024-2619	Elementor Header & Footer Builder	Med	0.33	5.0	0.00	May 16, 2024	The Elementor Header & Footer Builder for WordPress is vulnerable to HTML Injection in all versions up to, and including, 1.6.26 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level permissions and…
CVE-2024-0447	Artibot Artibot	Med	0.33	5.0	0.01	Mar 13, 2024	The ArtiBot Free Chat Bot for WordPress WebSites plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the artibot_update function in all versions up to, and including, 1.1.6. This makes it possible for authenticated…
CVE-2024-47268	Qnap Surveillance Station Pro	Med	0.32	4.9	0.00	May 27, 2026	Missing authorization vulnerability in AddOns functionality in Synology Surveillance Station before 9.2.2-11575 and 9.2.2-9575 allows remote authenticated users with administrator privileges to obtain sensitive information via unspecified vectors.
CVE-2026-27346	Webwizards B2bking	Med	0.32	4.9	0.00	May 25, 2026	Missing Authorization vulnerability in Kings Plugins B2BKing allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects B2BKing: from n/a before 5.2.10.
CVE-2026-27673	SAP DB	Med	0.32	4.9	0.00	Apr 14, 2026	Due to a missing authorization check, SAP S/4HANA (Private Cloud and On-Premise) allows an authenticated user to delete files on the operating system and gain unauthorized control over file operations which could leads to no impact on Confidentiality, Low impact on Integrity and…
CVE-2026-39631	Igexsolutions Wpschoolpress	Med	0.32	4.9	0.00	Apr 8, 2026	Missing Authorization vulnerability in Ronik@UnlimitedWP WPSchoolPress wpschoolpress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPSchoolPress: from n/a through <= 2.2.35.
CVE-2026-24356	WordPress Getgenie	Med	0.32	4.9	0.00	Jan 22, 2026	Missing Authorization vulnerability in Roxnor GetGenie getgenie allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GetGenie: from n/a through <= 4.3.0.
CVE-2025-64631	Wclovers Wcfm Marketplace	Med	0.32	4.9	0.00	Dec 16, 2025	Missing Authorization vulnerability in WC Lovers WCFM Marketplace wc-multivendor-marketplace allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WCFM Marketplace: from n/a through <= 3.7.1.

CVE-2026-4925MedApr 1, 2026
Devolutions
Server
risk 0.33cvss 5.0epss 0.00
Improper access control in the users MFA feature in Devolutions Server allows an authenticated user to bypass administrator-enforced restrictions and remove their own multi-factor authentication (MFA) configuration via a crafted request. This issue affects Server: from…
CVE-2026-32442MedMar 13, 2026
E2pdf
E2pdf
risk 0.33cvss 5.0epss 0.00
Missing Authorization vulnerability in E2Pdf e2pdf e2pdf allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects e2pdf: from n/a through <= 1.28.15.
CVE-2026-27688MedMar 10, 2026
SAP
NetWeaver Application Server for ABAP
risk 0.33cvss 5.0epss 0.00
Due to a missing authorization check in SAP NetWeaver Application Server for ABAP, an authenticated attacker with user privileges could read Database Analyzer Log Files via a specific RFC function module. The attacker with the necessary privileges to execute this function module…
CVE-2025-58968MedSep 22, 2025
Christiaan Pieterse
MaxiBlocks
risk 0.33cvss 5.0epss 0.00
Missing Authorization vulnerability in Christiaan Pieterse MaxiBlocks maxi-blocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MaxiBlocks: from n/a through <= 2.1.3.
CVE-2025-43311MedSep 15, 2025
Apple Inc.
macOS
risk 0.33cvss 5.1epss 0.00
This issue was addressed with additional entitlement checks. This issue is fixed in macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26. An app may be able to access protected user data.
CVE-2025-58606MedSep 3, 2025
WordPress
Saaslauncher
risk 0.33cvss 5.0epss 0.00
Missing Authorization vulnerability in cozythemes SaasLauncher saaslauncher allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SaasLauncher: from n/a through <= 1.3.0.
CVE-2025-49289MedJun 6, 2025
WordPress
PDF For Wpforms
risk 0.33cvss 5.0epss 0.00
Missing Authorization vulnerability in add-ons.org PDF for WPForms pdf-for-wpforms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PDF for WPForms: from n/a through <= 5.5.0.
CVE-2025-47560MedMay 16, 2025
WordPress
Mapsvg
risk 0.33cvss 5.0epss 0.00
Missing Authorization vulnerability in RomanCode MapSVG mapsvg allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MapSVG: from n/a through < 8.6.13.
CVE-2025-32684MedApr 9, 2025
WordPress
Mapsvg
risk 0.33cvss 5.0epss 0.00
Missing Authorization vulnerability in RomanCode MapSVG mapsvg-lite-interactive-vector-maps allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MapSVG: from n/a through <= 8.6.4.
CVE-2023-24407MedDec 9, 2024
Wpdevart
Booking Calendar
risk 0.33cvss 5.0epss 0.00
Missing Authorization vulnerability in WpDevArt Booking calendar, Appointment Booking System allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Booking calendar, Appointment Booking System: from n/a through 3.2.3.
CVE-2024-42934MedOct 9, 2024
OpenIPMI
OpenIPMI
risk 0.33cvss 5.0epss 0.00
OpenIPMI before 2.0.36 has an out-of-bounds array access (for authentication type) in the ipmi_sim simulator, resulting in denial of service or (with very low probability) authentication bypass or code execution.
CVE-2024-3277MedMay 30, 2024
WordPress
Yumpu Epaper Publishing
risk 0.33cvss 5.0epss 0.00
The Yumpu ePaper publishing plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_handler function in all versions up to, and including, 2.0.24. This makes it possible for authenticated attackers, with…
CVE-2024-2619MedMay 16, 2024
Elementor
Header & Footer Builder
risk 0.33cvss 5.0epss 0.00
The Elementor Header & Footer Builder for WordPress is vulnerable to HTML Injection in all versions up to, and including, 1.6.26 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level permissions and…
CVE-2024-0447MedMar 13, 2024
Artibot
Artibot
risk 0.33cvss 5.0epss 0.01
The ArtiBot Free Chat Bot for WordPress WebSites plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the artibot_update function in all versions up to, and including, 1.1.6. This makes it possible for authenticated…
CVE-2024-47268MedMay 27, 2026
Qnap
Surveillance Station Pro
risk 0.32cvss 4.9epss 0.00
Missing authorization vulnerability in AddOns functionality in Synology Surveillance Station before 9.2.2-11575 and 9.2.2-9575 allows remote authenticated users with administrator privileges to obtain sensitive information via unspecified vectors.
CVE-2026-27346MedMay 25, 2026
Webwizards
B2bking
risk 0.32cvss 4.9epss 0.00
Missing Authorization vulnerability in Kings Plugins B2BKing allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects B2BKing: from n/a before 5.2.10.
CVE-2026-27673MedApr 14, 2026
SAP
DB
risk 0.32cvss 4.9epss 0.00
Due to a missing authorization check, SAP S/4HANA (Private Cloud and On-Premise) allows an authenticated user to delete files on the operating system and gain unauthorized control over file operations which could leads to no impact on Confidentiality, Low impact on Integrity and…
CVE-2026-39631MedApr 8, 2026
Igexsolutions
Wpschoolpress
risk 0.32cvss 4.9epss 0.00
Missing Authorization vulnerability in Ronik@UnlimitedWP WPSchoolPress wpschoolpress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPSchoolPress: from n/a through <= 2.2.35.
CVE-2026-24356MedJan 22, 2026
WordPress
Getgenie
risk 0.32cvss 4.9epss 0.00
Missing Authorization vulnerability in Roxnor GetGenie getgenie allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GetGenie: from n/a through <= 4.3.0.
CVE-2025-64631MedDec 16, 2025
Wclovers
Wcfm Marketplace
risk 0.32cvss 4.9epss 0.00
Missing Authorization vulnerability in WC Lovers WCFM Marketplace wc-multivendor-marketplace allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WCFM Marketplace: from n/a through <= 3.7.1.