CWE-862

Missing Authorization

ClassIncompleteLikelihood: High

Description

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

Hierarchy (View 1000)

Parents

CWE-285

Children

Related attack patterns (CAPEC)

CAPEC-665

CVEs mapped to this weakness (5,392)

page 171 of 270

CVE	Vendor / Product	Sev	Risk	CVSS	Published	Description
CVE-2025-68588	Total Soft Ts Poll	Med	0.28	4.3	Dec 24, 2025	Missing Authorization vulnerability in totalsoft TS Poll poll-wp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects TS Poll: from n/a through <= 2.5.5.
CVE-2025-68587	Bob Watu Watu Quiz	Med	0.28	4.3	Dec 24, 2025	Missing Authorization vulnerability in Bob Watu Quiz watu allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Watu Quiz: from n/a through <= 3.4.5.
CVE-2025-68577	WordPress Virusdie	Med	0.28	4.3	Dec 24, 2025	Missing Authorization vulnerability in Virusdie Virusdie virusdie allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Virusdie: from n/a through <= 1.1.6.
CVE-2025-68535	Sunshinephotocart Sunshine Photo Cart	Med	0.28	4.3	Dec 24, 2025	Missing Authorization vulnerability in sunshinephotocart Sunshine Photo Cart sunshine-photo-cart allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sunshine Photo Cart: from n/a through <= 3.5.7.1.
CVE-2025-68523	Spiffyplugins Spiffy Calendar	Med	0.28	4.3	Dec 24, 2025	Missing Authorization vulnerability in Spiffy Plugins Spiffy Calendar spiffy-calendar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Spiffy Calendar: from n/a through <= 5.0.7.
CVE-2025-68522	Wpstream Wpstream	Med	0.28	4.3	Dec 24, 2025	Missing Authorization vulnerability in wpstream WpStream wpstream allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WpStream: from n/a through <= 4.9.5.
CVE-2023-28619	bnayawpguy Resoto	Med	0.28	4.3	Dec 24, 2025	Missing Authorization vulnerability in bnayawpguy Resoto allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Resoto: from n/a through 1.0.8.
CVE-2025-68557	WordPress Chakra Test	Med	0.28	4.3	Dec 23, 2025	Missing Authorization vulnerability in Vikas Ratudi Chakra test chakra-test allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Chakra test: from n/a through <= 1.0.1.
CVE-2023-25068	Mapro Collins Magazine Edge	Med	0.28	4.3	Dec 21, 2025	Missing Authorization vulnerability in Mapro Collins Magazine Edge allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Magazine Edge: from n/a through 1.13.
CVE-2025-14455	WordPress Final Tiles Grid Gallery Lite	Med	0.28	5.4	Dec 19, 2025	The Image Photo Gallery Final Tiles Grid plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.6.7. This is due to the plugin not properly verifying that a user is authorized to perform actions on gallery management functions. This…
CVE-2025-7047	Utarit Informatics Services Inc. SoliClub	Med	0.28	4.3	Dec 18, 2025	Missing Authorization vulnerability in Utarit Informatics Services Inc. SoliClub allows Privilege Abuse. This issue affects SoliClub: before 5.3.7.
CVE-2025-11369	WordPress Essential Blocks	Med	0.28	4.3	Dec 17, 2025	The Gutenberg Essential Blocks – Page Builder for Gutenberg Blocks & Patterns plugin for WordPress is vulnerable to unauthorized access of data due to a missing or incorrect capability checks on the get_instagram_access_token_callback, google_map_api_key_save_callback and…
CVE-2025-64248	WordPress Request A Quote	Med	0.28	4.3	Dec 16, 2025	Missing Authorization vulnerability in emarket-design Request a Quote request-a-quote allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Request a Quote: from n/a through <= 2.5.3.
CVE-2025-64247	edmon.parker Read More & Accordion	Med	0.28	4.3	Dec 16, 2025	Missing Authorization vulnerability in edmon.parker Read More & Accordion expand-maker allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Read More & Accordion: from n/a through <= 3.5.5.1.
CVE-2025-64246	WordPress Accessibility By Audioeye	Med	0.28	4.3	Dec 16, 2025	Missing Authorization vulnerability in netopsae Accessibility by AudioEye accessibility-by-audioeye allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Accessibility by AudioEye: from n/a through <= 1.0.49.
CVE-2025-64245	ryanpcmcquen Import external attachments	Med	0.28	4.3	Dec 16, 2025	Missing Authorization vulnerability in ryanpcmcquen Import external attachments import-external-attachments allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Import external attachments: from n/a through <= 1.5.12.
CVE-2025-64244	Codexpert Restrict Elementor Widgets, Columns and Sections	Med	0.28	4.3	Dec 16, 2025	Missing Authorization vulnerability in Codexpert, Inc Restrict Elementor Widgets, Columns and Sections restrict-elementor-widgets allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Restrict Elementor Widgets, Columns and Sections: from n/a…
CVE-2025-64243	WordPress Directory Pro	Med	0.28	4.3	Dec 16, 2025	Missing Authorization vulnerability in e-plugins Directory Pro directory-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Directory Pro: from n/a through <= 2.5.6.
CVE-2025-64242	WordPress Easy Property Listings	Med	0.28	4.3	Dec 16, 2025	Missing Authorization vulnerability in Merv Barrett Easy Property Listings easy-property-listings allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Property Listings: from n/a through <= 3.5.22.
CVE-2025-64241	Imtiaz Rayhan WP Coupons and Deals	Med	0.28	4.3	Dec 16, 2025	Missing Authorization vulnerability in Imtiaz Rayhan WP Coupons and Deals wp-coupons-and-deals allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Coupons and Deals: from n/a through <= 3.2.4.

CVE-2025-68588MedDec 24, 2025
Total Soft
Ts Poll
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in totalsoft TS Poll poll-wp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects TS Poll: from n/a through <= 2.5.5.
CVE-2025-68587MedDec 24, 2025
Bob Watu
Watu Quiz
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in Bob Watu Quiz watu allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Watu Quiz: from n/a through <= 3.4.5.
CVE-2025-68577MedDec 24, 2025
WordPress
Virusdie
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in Virusdie Virusdie virusdie allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Virusdie: from n/a through <= 1.1.6.
CVE-2025-68535MedDec 24, 2025
Sunshinephotocart
Sunshine Photo Cart
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in sunshinephotocart Sunshine Photo Cart sunshine-photo-cart allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sunshine Photo Cart: from n/a through <= 3.5.7.1.
CVE-2025-68523MedDec 24, 2025
Spiffyplugins
Spiffy Calendar
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in Spiffy Plugins Spiffy Calendar spiffy-calendar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Spiffy Calendar: from n/a through <= 5.0.7.
CVE-2025-68522MedDec 24, 2025
Wpstream
Wpstream
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in wpstream WpStream wpstream allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WpStream: from n/a through <= 4.9.5.
CVE-2023-28619MedDec 24, 2025
bnayawpguy
Resoto
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in bnayawpguy Resoto allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Resoto: from n/a through 1.0.8.
CVE-2025-68557MedDec 23, 2025
WordPress
Chakra Test
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in Vikas Ratudi Chakra test chakra-test allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Chakra test: from n/a through <= 1.0.1.
CVE-2023-25068MedDec 21, 2025
Mapro Collins
Magazine Edge
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in Mapro Collins Magazine Edge allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Magazine Edge: from n/a through 1.13.
CVE-2025-14455MedDec 19, 2025
WordPress
Final Tiles Grid Gallery Lite
risk 0.28cvss 5.4epss 0.00
The Image Photo Gallery Final Tiles Grid plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.6.7. This is due to the plugin not properly verifying that a user is authorized to perform actions on gallery management functions. This…
CVE-2025-7047MedDec 18, 2025
Utarit Informatics Services Inc.
SoliClub
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in Utarit Informatics Services Inc. SoliClub allows Privilege Abuse. This issue affects SoliClub: before 5.3.7.
CVE-2025-11369MedDec 17, 2025
WordPress
Essential Blocks
risk 0.28cvss 4.3epss 0.00
The Gutenberg Essential Blocks – Page Builder for Gutenberg Blocks & Patterns plugin for WordPress is vulnerable to unauthorized access of data due to a missing or incorrect capability checks on the get_instagram_access_token_callback, google_map_api_key_save_callback and…
CVE-2025-64248MedDec 16, 2025
WordPress
Request A Quote
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in emarket-design Request a Quote request-a-quote allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Request a Quote: from n/a through <= 2.5.3.
CVE-2025-64247MedDec 16, 2025
edmon.parker
Read More & Accordion
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in edmon.parker Read More & Accordion expand-maker allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Read More & Accordion: from n/a through <= 3.5.5.1.
CVE-2025-64246MedDec 16, 2025
WordPress
Accessibility By Audioeye
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in netopsae Accessibility by AudioEye accessibility-by-audioeye allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Accessibility by AudioEye: from n/a through <= 1.0.49.
CVE-2025-64245MedDec 16, 2025
ryanpcmcquen
Import external attachments
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in ryanpcmcquen Import external attachments import-external-attachments allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Import external attachments: from n/a through <= 1.5.12.
CVE-2025-64244MedDec 16, 2025
Codexpert
Restrict Elementor Widgets, Columns and Sections
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in Codexpert, Inc Restrict Elementor Widgets, Columns and Sections restrict-elementor-widgets allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Restrict Elementor Widgets, Columns and Sections: from n/a…
CVE-2025-64243MedDec 16, 2025
WordPress
Directory Pro
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in e-plugins Directory Pro directory-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Directory Pro: from n/a through <= 2.5.6.
CVE-2025-64242MedDec 16, 2025
WordPress
Easy Property Listings
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in Merv Barrett Easy Property Listings easy-property-listings allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Property Listings: from n/a through <= 3.5.22.
CVE-2025-64241MedDec 16, 2025
Imtiaz Rayhan
WP Coupons and Deals
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in Imtiaz Rayhan WP Coupons and Deals wp-coupons-and-deals allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Coupons and Deals: from n/a through <= 3.2.4.