CWE-862

Missing Authorization

ClassIncompleteLikelihood: High

Description

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

Hierarchy (View 1000)

Parents

CWE-285

Children

Related attack patterns (CAPEC)

CAPEC-665

CVEs mapped to this weakness (5,490)

page 162 of 275

CVE	Vendor / Product	Sev	Risk	CVSS	Published	Description
CVE-2026-9582	Sourcecodester CET Automated Grading System with AI Predictive Analytics	Med	0.28	4.3	May 26, 2026	A security flaw has been discovered in SourceCodester CET Automated Grading System with AI Predictive Analytics 1.0. This affects an unknown function. Performing a manipulation results in cross-site request forgery. The attack is possible to be carried out remotely. The exploit…
CVE-2026-25444	Magepeople inc. WpBookingly	Med	0.28	4.3	May 26, 2026	Missing Authorization vulnerability in Magepeople inc. WpBookingly allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WpBookingly: from n/a through 1.2.9.
CVE-2026-24520	WordPress B Tiktok Feed	Med	0.28	4.3	May 26, 2026	Missing Authorization vulnerability in bPlugins Tiktok Feed allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Tiktok Feed: from n/a through 1.0.24.
CVE-2026-24638	WordPress RepairBuddy	Med	0.28	4.3	May 26, 2026	Missing Authorization vulnerability in Webful Creations RepairBuddy allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects RepairBuddy: from n/a through 4.1121.
CVE-2026-24582	WordPress Flextable	Med	0.28	4.3	May 25, 2026	Missing Authorization vulnerability in WPPOOL FlexTable allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects FlexTable: from n/a through 3.24.0.
CVE-2026-24527	WordPress Autoship Cloud	Med	0.28	4.3	May 25, 2026	Missing Authorization vulnerability in Patterns in the cloud Autoship Cloud for WooCommerce Subscription Products allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Autoship Cloud for WooCommerce Subscription Products: from n/a through…
CVE-2026-24545	WordPress Qr Redirector	Med	0.28	4.3	May 25, 2026	Missing Authorization vulnerability in Nikki Blight QR Redirector allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects QR Redirector: from n/a through 2.0.3.
CVE-2026-9486	Remyandrade Student Grades Management System	Med	0.28	4.3	May 25, 2026	A security flaw has been discovered in SourceCodester Student Grades Management System 1.0. This affects an unknown part. The manipulation results in cross-site request forgery. The attack can be executed remotely. The exploit has been released to the public and may be used for…
CVE-2026-9303	Calcom Cal.com	Med	0.28	4.3	May 23, 2026	A vulnerability was identified in calcom cal.diy up to 4.9.4. Impacted is an unknown function. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit is publicly available and might be used. The vendor was contacted…
CVE-2026-9246	Devolutions Server	Med	0.28	4.3	May 22, 2026	Improper access control in the entry documentation and attachment features in Devolutions Server allows an authenticated user with vault read access to retrieve the documentation and attachments of sealed entries via a crafted API request. This issue affects : * Devolutions…
CVE-2026-9224	Go Vela Server	Med	0.28	4.3	May 22, 2026	Missing authorization in the user profile update feature in Devolutions Server allows an authenticated Active Directory user to modify their own profile attributes via a crafted API request. This issue affects : * Devolutions Server 2026.1.6.0 through 2026.1.16.0 * …
CVE-2026-8692	Vedrixa Vedrixa Forms	Med	0.28	4.3	May 22, 2026	The Vedrixa Forms – User Registration Form, Signup Form & Drag & Drop Form Builder plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.1.1. This is due to the plugin not properly verifying that a user is authorized to perform an…
CVE-2026-7249	WordPress Location Weather	Med	0.28	4.3	May 22, 2026	The Location Weather plugin for WordPress is vulnerable to unauthorized modification of data due to missing capability checks on the `splw_update_block_options()` and `lwp_clean_weather_transients()` functions in all versions up to, and including, 3.0.2. This makes it possible…
CVE-2026-2518	WordPress Fastx	Med	0.28	4.3	May 22, 2026	The FastX theme for WordPress is vulnerable to unauthorized limited plugin installation and activation due to missing capability checks on the 'ultp_install_callback' and 'ultp_activate_callback' functions in all versions up to, and including, 1.0.2. This makes it possible for…
CVE-2026-4843	WordPress Import Products From Gsheet For Woo Importer	Med	0.28	4.3	May 21, 2026	The GSheet For Woo Importer plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the process_ajax_restore_action() function in all versions up to, and including, 2.3.1. This makes it possible for authenticated attackers, with…
CVE-2026-27424	WP Chill Image Photo Gallery Final Tiles Grid	Med	0.28	4.3	May 20, 2026	Missing Authorization vulnerability in WP Chill Image Photo Gallery Final Tiles Grid allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Image Photo Gallery Final Tiles Grid: from n/a through 3.6.11.
CVE-2026-44392	Movabletype Movabletype	Med	0.28	4.3	May 20, 2026	Missing authorization vulnerability exists in Movable Type. Under certain conditions, when a user without administrator privileges signs in to the product, unintended update processing may be executed.
CVE-2026-8610	ConoHa TypeSquare Webfonts for ConoHa	Med	0.28	4.3	May 20, 2026	The TypeSquare Webfonts for ConoHa plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 2.0.4. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated…
CVE-2026-45442	WordPress Presto Player	Med	0.28	4.3	May 19, 2026	Missing Authorization vulnerability in Brainstorm Force Presto Player allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Presto Player: from n/a through 4.1.3.
CVE-2026-45244	CodexBar Summarize	Med	0.28	5.4	May 18, 2026	Summarize prior to 0.15.1 contains a missing authorization vulnerability that allows attackers to execute browser automation actions without per-call user approval when the extension automation feature is enabled. Attackers can influence the agent through malicious page or…

CVE-2026-9582MedMay 26, 2026
Sourcecodester
CET Automated Grading System with AI Predictive Analytics
risk 0.28cvss 4.3epss 0.00
A security flaw has been discovered in SourceCodester CET Automated Grading System with AI Predictive Analytics 1.0. This affects an unknown function. Performing a manipulation results in cross-site request forgery. The attack is possible to be carried out remotely. The exploit…
CVE-2026-25444MedMay 26, 2026
Magepeople inc.
WpBookingly
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in Magepeople inc. WpBookingly allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WpBookingly: from n/a through 1.2.9.
CVE-2026-24520MedMay 26, 2026
WordPress
B Tiktok Feed
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in bPlugins Tiktok Feed allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Tiktok Feed: from n/a through 1.0.24.
CVE-2026-24638MedMay 26, 2026
WordPress
RepairBuddy
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in Webful Creations RepairBuddy allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects RepairBuddy: from n/a through 4.1121.
CVE-2026-24582MedMay 25, 2026
WordPress
Flextable
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in WPPOOL FlexTable allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects FlexTable: from n/a through 3.24.0.
CVE-2026-24527MedMay 25, 2026
WordPress
Autoship Cloud
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in Patterns in the cloud Autoship Cloud for WooCommerce Subscription Products allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Autoship Cloud for WooCommerce Subscription Products: from n/a through…
CVE-2026-24545MedMay 25, 2026
WordPress
Qr Redirector
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in Nikki Blight QR Redirector allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects QR Redirector: from n/a through 2.0.3.
CVE-2026-9486MedMay 25, 2026
Remyandrade
Student Grades Management System
risk 0.28cvss 4.3epss 0.00
A security flaw has been discovered in SourceCodester Student Grades Management System 1.0. This affects an unknown part. The manipulation results in cross-site request forgery. The attack can be executed remotely. The exploit has been released to the public and may be used for…
CVE-2026-9303MedMay 23, 2026
Calcom
Cal.com
risk 0.28cvss 4.3epss 0.00
A vulnerability was identified in calcom cal.diy up to 4.9.4. Impacted is an unknown function. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit is publicly available and might be used. The vendor was contacted…
CVE-2026-9246MedMay 22, 2026
Devolutions
Server
risk 0.28cvss 4.3epss 0.00
Improper access control in the entry documentation and attachment features in Devolutions Server allows an authenticated user with vault read access to retrieve the documentation and attachments of sealed entries via a crafted API request. This issue affects : * Devolutions…
CVE-2026-9224MedMay 22, 2026
Go Vela
Server
risk 0.28cvss 4.3epss 0.00
Missing authorization in the user profile update feature in Devolutions Server allows an authenticated Active Directory user to modify their own profile attributes via a crafted API request. This issue affects : * Devolutions Server 2026.1.6.0 through 2026.1.16.0 * …
CVE-2026-8692MedMay 22, 2026
Vedrixa
Vedrixa Forms
risk 0.28cvss 4.3epss 0.00
The Vedrixa Forms – User Registration Form, Signup Form & Drag & Drop Form Builder plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.1.1. This is due to the plugin not properly verifying that a user is authorized to perform an…
CVE-2026-7249MedMay 22, 2026
WordPress
Location Weather
risk 0.28cvss 4.3epss 0.00
The Location Weather plugin for WordPress is vulnerable to unauthorized modification of data due to missing capability checks on the `splw_update_block_options()` and `lwp_clean_weather_transients()` functions in all versions up to, and including, 3.0.2. This makes it possible…
CVE-2026-2518MedMay 22, 2026
WordPress
Fastx
risk 0.28cvss 4.3epss 0.00
The FastX theme for WordPress is vulnerable to unauthorized limited plugin installation and activation due to missing capability checks on the 'ultp_install_callback' and 'ultp_activate_callback' functions in all versions up to, and including, 1.0.2. This makes it possible for…
CVE-2026-4843MedMay 21, 2026
WordPress
Import Products From Gsheet For Woo Importer
risk 0.28cvss 4.3epss 0.00
The GSheet For Woo Importer plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the process_ajax_restore_action() function in all versions up to, and including, 2.3.1. This makes it possible for authenticated attackers, with…
CVE-2026-27424MedMay 20, 2026
WP Chill
Image Photo Gallery Final Tiles Grid
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in WP Chill Image Photo Gallery Final Tiles Grid allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Image Photo Gallery Final Tiles Grid: from n/a through 3.6.11.
CVE-2026-44392MedMay 20, 2026
Movabletype
Movabletype
risk 0.28cvss 4.3epss 0.00
Missing authorization vulnerability exists in Movable Type. Under certain conditions, when a user without administrator privileges signs in to the product, unintended update processing may be executed.
CVE-2026-8610MedMay 20, 2026
ConoHa
TypeSquare Webfonts for ConoHa
risk 0.28cvss 4.3epss 0.00
The TypeSquare Webfonts for ConoHa plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 2.0.4. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated…
CVE-2026-45442MedMay 19, 2026
WordPress
Presto Player
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in Brainstorm Force Presto Player allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Presto Player: from n/a through 4.1.3.
CVE-2026-45244MedMay 18, 2026
CodexBar
Summarize
risk 0.28cvss 5.4epss 0.00
Summarize prior to 0.15.1 contains a missing authorization vulnerability that allows attackers to execute browser automation actions without per-call user approval when the extension automation feature is enabled. Attackers can influence the agent through malicious page or…