CWE-862

Missing Authorization

ClassIncompleteLikelihood: High

Description

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

Hierarchy (View 1000)

Parents

CWE-285

Children

Related attack patterns (CAPEC)

CAPEC-665

CVEs mapped to this weakness (5,480)

page 168 of 274

CVE	Vendor / Product	Sev	Risk	CVSS	Published	Description
CVE-2026-25375	WP Chill Image Photo Gallery Final Tiles Grid	Med	0.28	4.3	Feb 19, 2026	Missing Authorization vulnerability in WP Chill Image Photo Gallery Final Tiles Grid final-tiles-grid-gallery-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Image Photo Gallery Final Tiles Grid: from n/a through <= 3.6.10.
CVE-2026-25363	Fooplugins Foogallery	Med	0.28	4.3	Feb 19, 2026	Missing Authorization vulnerability in FooPlugins FooGallery foogallery allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects FooGallery: from n/a through <= 3.1.11.
CVE-2026-25335	Ays Pro Secure Copy Content Protection And Content Locking	Med	0.28	4.3	Feb 19, 2026	Missing Authorization vulnerability in Ays Pro Secure Copy Content Protection and Content Locking secure-copy-content-protection allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Secure Copy Content Protection and Content Locking: from…
CVE-2026-25330	WordPress Publishpress Authors	Med	0.28	4.3	Feb 19, 2026	Missing Authorization vulnerability in PublishPress PublishPress Authors publishpress-authors allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PublishPress Authors: from n/a through <= 4.10.1.
CVE-2026-25329	Expresstech Quiz And Survey Master	Med	0.28	4.3	Feb 19, 2026	Missing Authorization vulnerability in ExpressTech Systems Quiz And Survey Master quiz-master-next allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Quiz And Survey Master: from n/a through <= 10.3.4.
CVE-2026-25323	WordPress Osm	Med	0.28	4.3	Feb 19, 2026	Missing Authorization vulnerability in MiKa OSM osm allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects OSM: from n/a through <= 6.1.12.
CVE-2026-25318	Wisernotify team WiserReview Product Reviews for WooCommerce	Med	0.28	4.3	Feb 19, 2026	Missing Authorization vulnerability in Wisernotify team WiserReview Product Reviews for WooCommerce wiser-review allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WiserReview Product Reviews for WooCommerce: from n/a through <= 2.9.
CVE-2026-25314	WordPress Table Of Contents	Med	0.28	4.3	Feb 19, 2026	Missing Authorization vulnerability in WP Messiah TOP Table Of Contents top-table-of-contents allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects TOP Table Of Contents: from n/a through <= 1.3.31.
CVE-2026-25308	Smp7, Wp.insider Simple Membership	Med	0.28	4.3	Feb 19, 2026	Missing Authorization vulnerability in wp.insider Simple Membership simple-membership allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simple Membership: from n/a through <= 4.6.9.
CVE-2026-25003	madalin.ungureanu Client Portal	Med	0.28	4.3	Feb 19, 2026	Missing Authorization vulnerability in madalin.ungureanu Client Portal client-portal allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Client Portal: from n/a through <= 1.2.1.
CVE-2026-2504	WordPress Request A Quote	Med	0.28	4.3	Feb 19, 2026	The Dealia – Request a quote plugin for WordPress is vulnerable to unauthorized modification of data due to missing capability checks on multiple AJAX handlers in all versions up to, and including, 1.0.7. The admin nonce (DEALIA_ADMIN_NONCE) is exposed to all users with…
CVE-2025-14864	Virusdie Virusdie - One-click website security plugin for WordPress	Med	0.28	4.3	Feb 19, 2026	The Virusdie - One-click website security plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.1.7. This is due to missing capability checks on the `vd_get_apikey` function which is hooked to `wp_ajax_virusdie_apikey`. This…
CVE-2025-14427	WordPress Security Shield 2010	Med	0.28	4.3	Feb 19, 2026	The Shield Security: Blocks Bots, Protects Users, and Prevents Security Breaches plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the `MfaEmailDisable` action in all versions up to, and including, 21.0.9. This makes it…
CVE-2025-12081	WordPress Acf Photo Gallery Field	Med	0.28	4.3	Feb 19, 2026	The ACF Photo Gallery Field plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the "acf_photo_gallery_edit_save" function in all versions up to, and including, 3.0. This makes it possible for authenticated attackers, with…
CVE-2025-12027	Mesmerize Companion Mesmerize Companion	Med	0.28	4.3	Feb 19, 2026	The Mesmerize Companion plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on the "openPageInCustomizer" and "openPageInDefaultEditor" functions in all versions up to, and including, 1.6.158. This makes it…
CVE-2026-2658	Newbee Ltd Newbee Mall	Med	0.28	4.3	Feb 18, 2026	A vulnerability was found in newbee-ltd newbee-mall up to a069069b07027613bf0e7f571736be86f431faee. Affected is an unknown function of the component Multiple Endpoints. Performing a manipulation results in cross-site request forgery. Remote exploitation of the attack is…
CVE-2026-1655	WordPress Eventprime	Med	0.28	4.3	Feb 18, 2026	The EventPrime plugin for WordPress is vulnerable to unauthorized post modification due to missing authorization checks in all versions up to, and including, 4.2.8.4. This is due to the save_frontend_event_submission function accepting a user-controlled event_id parameter and…
CVE-2026-2633	WordPress Gutenberg Blocks With AI	Med	0.28	4.3	Feb 18, 2026	The Gutenberg Blocks with AI by Kadence WP plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 3.6.1. This is due to a missing capability check in the `process_image_data_ajax_callback()` function which handles the…
CVE-2026-1640	—	Med	0.28	4.3	Feb 18, 2026	The Taskbuilder – WordPress Project Management & Task Management plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 5.0.2. This is due to missing authorization checks on the project and task comment submission functions (AJAX…
CVE-2026-1906	WordPress Woocommerce PDF Invoices Packing Slips	Med	0.28	4.3	Feb 18, 2026	The PDF Invoices & Packing Slips for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.6.0 via the `wpo_ips_edi_save_order_customer_peppol_identifiers` AJAX action due to missing capability checks and order…

CVE-2026-25375MedFeb 19, 2026
WP Chill
Image Photo Gallery Final Tiles Grid
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in WP Chill Image Photo Gallery Final Tiles Grid final-tiles-grid-gallery-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Image Photo Gallery Final Tiles Grid: from n/a through <= 3.6.10.
CVE-2026-25363MedFeb 19, 2026
Fooplugins
Foogallery
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in FooPlugins FooGallery foogallery allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects FooGallery: from n/a through <= 3.1.11.
CVE-2026-25335MedFeb 19, 2026
Ays Pro
Secure Copy Content Protection And Content Locking
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in Ays Pro Secure Copy Content Protection and Content Locking secure-copy-content-protection allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Secure Copy Content Protection and Content Locking: from…
CVE-2026-25330MedFeb 19, 2026
WordPress
Publishpress Authors
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in PublishPress PublishPress Authors publishpress-authors allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PublishPress Authors: from n/a through <= 4.10.1.
CVE-2026-25329MedFeb 19, 2026
Expresstech
Quiz And Survey Master
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in ExpressTech Systems Quiz And Survey Master quiz-master-next allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Quiz And Survey Master: from n/a through <= 10.3.4.
CVE-2026-25323MedFeb 19, 2026
WordPress
Osm
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in MiKa OSM osm allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects OSM: from n/a through <= 6.1.12.
CVE-2026-25318MedFeb 19, 2026
Wisernotify team
WiserReview Product Reviews for WooCommerce
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in Wisernotify team WiserReview Product Reviews for WooCommerce wiser-review allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WiserReview Product Reviews for WooCommerce: from n/a through <= 2.9.
CVE-2026-25314MedFeb 19, 2026
WordPress
Table Of Contents
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in WP Messiah TOP Table Of Contents top-table-of-contents allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects TOP Table Of Contents: from n/a through <= 1.3.31.
CVE-2026-25308MedFeb 19, 2026
Smp7, Wp.insider
Simple Membership
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in wp.insider Simple Membership simple-membership allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simple Membership: from n/a through <= 4.6.9.
CVE-2026-25003MedFeb 19, 2026
madalin.ungureanu
Client Portal
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in madalin.ungureanu Client Portal client-portal allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Client Portal: from n/a through <= 1.2.1.
CVE-2026-2504MedFeb 19, 2026
WordPress
Request A Quote
risk 0.28cvss 4.3epss 0.00
The Dealia – Request a quote plugin for WordPress is vulnerable to unauthorized modification of data due to missing capability checks on multiple AJAX handlers in all versions up to, and including, 1.0.7. The admin nonce (DEALIA_ADMIN_NONCE) is exposed to all users with…
CVE-2025-14864MedFeb 19, 2026
Virusdie
Virusdie - One-click website security plugin for WordPress
risk 0.28cvss 4.3epss 0.00
The Virusdie - One-click website security plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.1.7. This is due to missing capability checks on the `vd_get_apikey` function which is hooked to `wp_ajax_virusdie_apikey`. This…
CVE-2025-14427MedFeb 19, 2026
WordPress
Security Shield 2010
risk 0.28cvss 4.3epss 0.00
The Shield Security: Blocks Bots, Protects Users, and Prevents Security Breaches plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the `MfaEmailDisable` action in all versions up to, and including, 21.0.9. This makes it…
CVE-2025-12081MedFeb 19, 2026
WordPress
Acf Photo Gallery Field
risk 0.28cvss 4.3epss 0.00
The ACF Photo Gallery Field plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the "acf_photo_gallery_edit_save" function in all versions up to, and including, 3.0. This makes it possible for authenticated attackers, with…
CVE-2025-12027MedFeb 19, 2026
Mesmerize Companion
Mesmerize Companion
risk 0.28cvss 4.3epss 0.00
The Mesmerize Companion plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on the "openPageInCustomizer" and "openPageInDefaultEditor" functions in all versions up to, and including, 1.6.158. This makes it…
CVE-2026-2658MedFeb 18, 2026
Newbee Ltd
Newbee Mall
risk 0.28cvss 4.3epss 0.00
A vulnerability was found in newbee-ltd newbee-mall up to a069069b07027613bf0e7f571736be86f431faee. Affected is an unknown function of the component Multiple Endpoints. Performing a manipulation results in cross-site request forgery. Remote exploitation of the attack is…
CVE-2026-1655MedFeb 18, 2026
WordPress
Eventprime
risk 0.28cvss 4.3epss 0.00
The EventPrime plugin for WordPress is vulnerable to unauthorized post modification due to missing authorization checks in all versions up to, and including, 4.2.8.4. This is due to the save_frontend_event_submission function accepting a user-controlled event_id parameter and…
CVE-2026-2633MedFeb 18, 2026
WordPress
Gutenberg Blocks With AI
risk 0.28cvss 4.3epss 0.00
The Gutenberg Blocks with AI by Kadence WP plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 3.6.1. This is due to a missing capability check in the `process_image_data_ajax_callback()` function which handles the…
CVE-2026-1640MedFeb 18, 2026
risk 0.28cvss 4.3epss 0.00
The Taskbuilder – WordPress Project Management & Task Management plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 5.0.2. This is due to missing authorization checks on the project and task comment submission functions (AJAX…
CVE-2026-1906MedFeb 18, 2026
WordPress
Woocommerce PDF Invoices Packing Slips
risk 0.28cvss 4.3epss 0.00
The PDF Invoices & Packing Slips for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.6.0 via the `wpo_ips_edi_save_order_customer_peppol_identifiers` AJAX action due to missing capability checks and order…