CWE-862

Missing Authorization

ClassIncompleteLikelihood: High

Description

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

Hierarchy (View 1000)

Parents

CWE-285

Children

Related attack patterns (CAPEC)

CAPEC-665

CVEs mapped to this weakness (5,392)

page 170 of 270

CVE	Vendor / Product	Sev	Risk	CVSS	Published	Description
CVE-2025-62078	WordPress Easy Upload Files During Checkout	Med	0.28	4.3	Dec 31, 2025	Missing Authorization vulnerability in Fahad Mahmood Easy Upload Files During Checkout easy-upload-files-during-checkout allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Upload Files During Checkout: from n/a through <= 3.0.0.
CVE-2025-49339	Digages Direct Payments direct-payments-wp	Med	0.28	4.3	Dec 31, 2025	Missing Authorization vulnerability in Digages Direct Payments WP direct-payments-wp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Direct Payments WP: from n/a through <= 1.3.2.
CVE-2025-63004	WordPress All In One Accessibility	Med	0.28	4.3	Dec 31, 2025	Missing Authorization vulnerability in Skynet Technologies USA LLC All in One Accessibility all-in-one-accessibility allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects All in One Accessibility: from n/a through <= 1.15.
CVE-2025-62751	Extendthemes Vireo	Med	0.28	4.3	Dec 31, 2025	Missing Authorization vulnerability in extendthemes Vireo vireo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Vireo: from n/a through <= 1.0.24.
CVE-2025-62154	WordPress AI Content Writing Assistant	Med	0.28	4.3	Dec 31, 2025	Missing Authorization vulnerability in recorp AI Content Writing Assistant (Content Writer, ChatGPT, Image Generator) All in One ai-content-writing-assistant allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AI Content Writing Assistant…
CVE-2025-62150	WordPress History Timeline	Med	0.28	4.3	Dec 31, 2025	Missing Authorization vulnerability in themesawesome History Timeline timeline-awesome allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects History Timeline: from n/a through <= 1.0.6.
CVE-2025-62132	WordPress Tasty Recipes Lite	Med	0.28	4.3	Dec 31, 2025	Missing Authorization vulnerability in Strategy11 Team Tasty Recipes Lite tasty-recipes-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tasty Recipes Lite: from n/a through <= 1.1.5.
CVE-2025-62131	WordPress Tasty Recipes Lite	Med	0.28	4.3	Dec 31, 2025	Missing Authorization vulnerability in Strategy11 Team Tasty Recipes Lite tasty-recipes-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tasty Recipes Lite: from n/a through <= 1.1.5.
CVE-2025-62130	WordPress Accordion Slider Gallery	Med	0.28	4.3	Dec 31, 2025	Missing Authorization vulnerability in wpdiscover Accordion Slider Gallery accordion-slider-gallery allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Accordion Slider Gallery: from n/a through <= 2.7.
CVE-2025-62087	Web Builder 143 Sticky Notes for WP Dashboard	Med	0.28	4.3	Dec 31, 2025	Missing Authorization vulnerability in Web Builder 143 Sticky Notes for WP Dashboard wb-sticky-notes allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sticky Notes for WP Dashboard: from n/a through <= 1.2.4.
CVE-2025-49356	Mykola Lukin Orders Chat for WooCommerce	Med	0.28	4.3	Dec 31, 2025	Missing Authorization vulnerability in Mykola Lukin Orders Chat for WooCommerce orders-chat-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Orders Chat for WooCommerce: from n/a through <= 1.2.0.
CVE-2025-62091	Event Tickets with Ticket Scanner Serial Codes Generator and Validator with WooCommerce Support	Med	0.28	5.4	Dec 31, 2025	Missing Authorization vulnerability in Vollstart Serial Codes Generator and Validator with WooCommerce Support serial-codes-generator-and-validator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Serial Codes Generator and Validator…
CVE-2025-62128	SiteLock SiteLock Security – WP Hardening, Login Security & Malware Scans	Med	0.28	4.3	Dec 30, 2025	Missing Authorization vulnerability in SiteLock SiteLock Security – WP Hardening, Login Security & Malware Scans sitelock allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SiteLock Security – WP Hardening, Login Security & Malware…
CVE-2025-69091	WordPress Demo Importer Plus	Med	0.28	4.3	Dec 30, 2025	Missing Authorization vulnerability in Kraft Plugins Demo Importer Plus demo-importer-plus allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Demo Importer Plus: from n/a through <= 2.0.8.
CVE-2025-69023	WordPress Wp Discussion Board	Med	0.28	4.3	Dec 30, 2025	Missing Authorization vulnerability in Marketing Fire Discussion Board wp-discussion-board allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Discussion Board: from n/a through <= 2.5.7.
CVE-2025-69016	Averta Shortcodes And Extra Features For Phlox Theme	Med	0.28	4.3	Dec 30, 2025	Missing Authorization vulnerability in averta Shortcodes and extra features for Phlox theme auxin-elements allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Shortcodes and extra features for Phlox theme: from n/a through <= 2.17.15.
CVE-2025-69013	WordPress Stratum	Med	0.28	4.3	Dec 30, 2025	Missing Authorization vulnerability in jetmonsters Stratum stratum allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Stratum: from n/a through <= 1.6.1.
CVE-2025-69012	WordPress Event Organiser	Med	0.28	4.3	Dec 30, 2025	Missing Authorization vulnerability in Stephen Harris Event Organiser event-organiser allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Event Organiser: from n/a through <= 3.12.8.
CVE-2025-68995	Premio My Sticky Elements	Med	0.28	4.3	Dec 30, 2025	Missing Authorization vulnerability in Premio My Sticky Elements mystickyelements allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects My Sticky Elements: from n/a through <= 2.3.3.
CVE-2025-68592	Wpadminify Wp Adminify	Med	0.28	4.3	Dec 24, 2025	Missing Authorization vulnerability in Liton Arefin WP Adminify adminify allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Adminify: from n/a through <= 4.0.6.1.

CVE-2025-62078MedDec 31, 2025
WordPress
Easy Upload Files During Checkout
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in Fahad Mahmood Easy Upload Files During Checkout easy-upload-files-during-checkout allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Upload Files During Checkout: from n/a through <= 3.0.0.
CVE-2025-49339MedDec 31, 2025
Digages Direct Payments
direct-payments-wp
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in Digages Direct Payments WP direct-payments-wp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Direct Payments WP: from n/a through <= 1.3.2.
CVE-2025-63004MedDec 31, 2025
WordPress
All In One Accessibility
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in Skynet Technologies USA LLC All in One Accessibility all-in-one-accessibility allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects All in One Accessibility: from n/a through <= 1.15.
CVE-2025-62751MedDec 31, 2025
Extendthemes
Vireo
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in extendthemes Vireo vireo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Vireo: from n/a through <= 1.0.24.
CVE-2025-62154MedDec 31, 2025
WordPress
AI Content Writing Assistant
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in recorp AI Content Writing Assistant (Content Writer, ChatGPT, Image Generator) All in One ai-content-writing-assistant allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AI Content Writing Assistant…
CVE-2025-62150MedDec 31, 2025
WordPress
History Timeline
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in themesawesome History Timeline timeline-awesome allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects History Timeline: from n/a through <= 1.0.6.
CVE-2025-62132MedDec 31, 2025
WordPress
Tasty Recipes Lite
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in Strategy11 Team Tasty Recipes Lite tasty-recipes-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tasty Recipes Lite: from n/a through <= 1.1.5.
CVE-2025-62131MedDec 31, 2025
WordPress
Tasty Recipes Lite
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in Strategy11 Team Tasty Recipes Lite tasty-recipes-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tasty Recipes Lite: from n/a through <= 1.1.5.
CVE-2025-62130MedDec 31, 2025
WordPress
Accordion Slider Gallery
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in wpdiscover Accordion Slider Gallery accordion-slider-gallery allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Accordion Slider Gallery: from n/a through <= 2.7.
CVE-2025-62087MedDec 31, 2025
Web Builder 143
Sticky Notes for WP Dashboard
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in Web Builder 143 Sticky Notes for WP Dashboard wb-sticky-notes allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sticky Notes for WP Dashboard: from n/a through <= 1.2.4.
CVE-2025-49356MedDec 31, 2025
Mykola Lukin
Orders Chat for WooCommerce
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in Mykola Lukin Orders Chat for WooCommerce orders-chat-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Orders Chat for WooCommerce: from n/a through <= 1.2.0.
CVE-2025-62091MedDec 31, 2025
Event Tickets with Ticket Scanner
Serial Codes Generator and Validator with WooCommerce Support
risk 0.28cvss 5.4epss 0.00
Missing Authorization vulnerability in Vollstart Serial Codes Generator and Validator with WooCommerce Support serial-codes-generator-and-validator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Serial Codes Generator and Validator…
CVE-2025-62128MedDec 30, 2025
SiteLock
SiteLock Security – WP Hardening, Login Security & Malware Scans
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in SiteLock SiteLock Security – WP Hardening, Login Security & Malware Scans sitelock allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SiteLock Security – WP Hardening, Login Security & Malware…
CVE-2025-69091MedDec 30, 2025
WordPress
Demo Importer Plus
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in Kraft Plugins Demo Importer Plus demo-importer-plus allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Demo Importer Plus: from n/a through <= 2.0.8.
CVE-2025-69023MedDec 30, 2025
WordPress
Wp Discussion Board
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in Marketing Fire Discussion Board wp-discussion-board allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Discussion Board: from n/a through <= 2.5.7.
CVE-2025-69016MedDec 30, 2025
Averta
Shortcodes And Extra Features For Phlox Theme
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in averta Shortcodes and extra features for Phlox theme auxin-elements allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Shortcodes and extra features for Phlox theme: from n/a through <= 2.17.15.
CVE-2025-69013MedDec 30, 2025
WordPress
Stratum
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in jetmonsters Stratum stratum allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Stratum: from n/a through <= 1.6.1.
CVE-2025-69012MedDec 30, 2025
WordPress
Event Organiser
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in Stephen Harris Event Organiser event-organiser allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Event Organiser: from n/a through <= 3.12.8.
CVE-2025-68995MedDec 30, 2025
Premio
My Sticky Elements
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in Premio My Sticky Elements mystickyelements allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects My Sticky Elements: from n/a through <= 2.3.3.
CVE-2025-68592MedDec 24, 2025
Wpadminify
Wp Adminify
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in Liton Arefin WP Adminify adminify allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Adminify: from n/a through <= 4.0.6.1.