CWE-862

Missing Authorization

ClassIncompleteLikelihood: High

Description

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

Hierarchy (View 1000)

Parents

CWE-285

Children

Related attack patterns (CAPEC)

CAPEC-665

CVEs mapped to this weakness (5,392)

page 172 of 270

CVE	Vendor / Product	Sev	Risk	CVSS	Published	Description
CVE-2025-64238	WordPress Wps Bidouille	Med	0.28	4.3	Dec 16, 2025	Missing Authorization vulnerability in NicolasKulka WPS Bidouille wps-bidouille allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPS Bidouille: from n/a through <= 1.33.1.
CVE-2025-59001	Themenectar Salient Core	Med	0.28	4.3	Dec 16, 2025	Missing Authorization vulnerability in ThemeNectar Salient Core salient-core allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Salient Core: from n/a through <= 3.0.8.
CVE-2025-54045	CreativeMindsSolutions CM On Demand Search And Replace	Med	0.28	4.3	Dec 16, 2025	Missing Authorization vulnerability in CreativeMindsSolutions CM On Demand Search And Replace cm-on-demand-search-and-replace allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CM On Demand Search And Replace: from n/a through <= 1.5.5.
CVE-2025-54005	Blueastral Page Builder\	Med	0.28	4.3	Dec 16, 2025	Missing Authorization vulnerability in sonalsinha21 SKT Page Builder skt-builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SKT Page Builder: from n/a through <= 4.9.
CVE-2025-13794	WordPress Auto Post Thumbnail	Med	0.28	4.3	Dec 16, 2025	The Auto Featured Image (Auto Post Thumbnail) plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the bulk_action_generate_handler function in all versions up to, and including, 4.2.1. This makes it possible for…
CVE-2025-14581	WordPress Happy Helpdesk Support Ticket System	Med	0.28	4.3	Dec 13, 2025	The HAPPY – Helpdesk Support Ticket System plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the 'submit_form_reply' AJAX action in all versions up to, and including, 1.0.9. This makes it possible for authenticated attackers, with…
CVE-2025-14540	WordPress Userback	Med	0.28	4.3	Dec 13, 2025	The Userback plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the userback_get_json function in all versions up to, and including, 1.0.15. This makes it possible for authenticated attackers, with Subscriber-level access and…
CVE-2025-14446	WordPress Easy Notify Lite	Med	0.28	5.4	Dec 13, 2025	The Popup Builder (Easy Notify Lite) plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the easynotify_cp_reset() function in all versions up to, and including, 1.1.37. This makes it possible for authenticated attackers,…
CVE-2025-14395	WordPress Popover Windows	Med	0.28	4.3	Dec 13, 2025	The Popover Windows plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on multiple ajax actions (e.g., pop_submit, poptheme_submit) in all versions up to, and including, 1.2. This makes it possible for authenticated…
CVE-2025-13403	WordPress Employee Spotlight	Med	0.28	4.3	Dec 13, 2025	The Employee Spotlight – Team Member Showcase & Meet the Team Plugin for WordPress is vulnerable to unauthorized tracking settings modification due to missing authorization validation on the employee_spotlight_check_optin() function in all versions up to, and including, 5.1.3.…
CVE-2025-11164	Mavix Mavix Education	Med	0.28	4.3	Dec 13, 2025	The Mavix Education theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'mavix_education_activate_plugin' AJAX action in all versions up to, and including, 1.0. This makes it possible for authenticated attackers, with…
CVE-2025-14074	WordPress PDF for Contact Form 7 + Drag and Drop Template Builder	Med	0.28	4.3	Dec 12, 2025	The PDF for Contact Form 7 + Drag and Drop Template Builder plugin for WordPress is vulnerable to unauthorized post duplication due to a missing capability check on the 'rednumber_duplicate' function in all versions up to, and including, 6.3.3. This makes it possible for…
CVE-2025-14392	WordPress Simple Theme Changer	Med	0.28	4.3	Dec 12, 2025	The Simple Theme Changer plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the user_theme_admin, display_method_admin, and set_change_theme_button_name actions actions in all versions up to, and including, 1.0. This…
CVE-2025-14170	Simplegallery Simplegallery	Med	0.28	4.3	Dec 12, 2025	The Vimeo SimpleGallery plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 0.2. This is due to missing authorization checks on the `vimeogallery_admin` function hooked to `admin_menu`. This makes it possible for authenticated…
CVE-2025-14064	WordPress Buddytask	Med	0.28	5.4	Dec 12, 2025	The BuddyTask plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on multiple AJAX endpoints in all versions up to, and including, 1.3.0. This makes it possible for authenticated attackers, with Subscriber-level…
CVE-2025-14045	WordPress URL Media Uploader	Med	0.28	4.3	Dec 12, 2025	The URL Media Uploader plugin for WordPress is vulnerable to unauthorized safe file uploads due to a missing capability check on the url_media_uploader_url_upload_ajax_handler() function in all versions up to, and including, 1.0.1. This makes it possible for authenticated…
CVE-2025-67599	Webtoffee decorator-woocommerce-email-customizer	Med	0.28	4.3	Dec 9, 2025	Missing Authorization vulnerability in WebToffee WebToffee eCommerce Marketing Automation decorator-woocommerce-email-customizer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WebToffee eCommerce Marketing Automation: from n/a through…
CVE-2025-67597	WordPress Fluent Booking	Med	0.28	4.3	Dec 9, 2025	Missing Authorization vulnerability in Shahjahan Jewel Fluent Booking fluent-booking allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Fluent Booking: from n/a through <= 1.9.11.
CVE-2025-67592	Joedolson My Calendar	Med	0.28	4.3	Dec 9, 2025	Missing Authorization vulnerability in Joe Dolson My Calendar my-calendar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects My Calendar: from n/a through <= 3.6.16.
CVE-2025-67589	Wpovernight Woocommerce Pdf Invoices\& Packing Slips	Med	0.28	4.3	Dec 9, 2025	Missing Authorization vulnerability in WP Overnight WooCommerce PDF Invoices & Packing Slips woocommerce-pdf-invoices-packing-slips allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WooCommerce PDF Invoices & Packing Slips: from n/a…

CVE-2025-64238MedDec 16, 2025
WordPress
Wps Bidouille
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in NicolasKulka WPS Bidouille wps-bidouille allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPS Bidouille: from n/a through <= 1.33.1.
CVE-2025-59001MedDec 16, 2025
Themenectar
Salient Core
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in ThemeNectar Salient Core salient-core allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Salient Core: from n/a through <= 3.0.8.
CVE-2025-54045MedDec 16, 2025
CreativeMindsSolutions
CM On Demand Search And Replace
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in CreativeMindsSolutions CM On Demand Search And Replace cm-on-demand-search-and-replace allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CM On Demand Search And Replace: from n/a through <= 1.5.5.
CVE-2025-54005MedDec 16, 2025
Blueastral
Page Builder\
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in sonalsinha21 SKT Page Builder skt-builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SKT Page Builder: from n/a through <= 4.9.
CVE-2025-13794MedDec 16, 2025
WordPress
Auto Post Thumbnail
risk 0.28cvss 4.3epss 0.00
The Auto Featured Image (Auto Post Thumbnail) plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the bulk_action_generate_handler function in all versions up to, and including, 4.2.1. This makes it possible for…
CVE-2025-14581MedDec 13, 2025
WordPress
Happy Helpdesk Support Ticket System
risk 0.28cvss 4.3epss 0.00
The HAPPY – Helpdesk Support Ticket System plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the 'submit_form_reply' AJAX action in all versions up to, and including, 1.0.9. This makes it possible for authenticated attackers, with…
CVE-2025-14540MedDec 13, 2025
WordPress
Userback
risk 0.28cvss 4.3epss 0.00
The Userback plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the userback_get_json function in all versions up to, and including, 1.0.15. This makes it possible for authenticated attackers, with Subscriber-level access and…
CVE-2025-14446MedDec 13, 2025
WordPress
Easy Notify Lite
risk 0.28cvss 5.4epss 0.00
The Popup Builder (Easy Notify Lite) plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the easynotify_cp_reset() function in all versions up to, and including, 1.1.37. This makes it possible for authenticated attackers,…
CVE-2025-14395MedDec 13, 2025
WordPress
Popover Windows
risk 0.28cvss 4.3epss 0.00
The Popover Windows plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on multiple ajax actions (e.g., pop_submit, poptheme_submit) in all versions up to, and including, 1.2. This makes it possible for authenticated…
CVE-2025-13403MedDec 13, 2025
WordPress
Employee Spotlight
risk 0.28cvss 4.3epss 0.00
The Employee Spotlight – Team Member Showcase & Meet the Team Plugin for WordPress is vulnerable to unauthorized tracking settings modification due to missing authorization validation on the employee_spotlight_check_optin() function in all versions up to, and including, 5.1.3.…
CVE-2025-11164MedDec 13, 2025
Mavix
Mavix Education
risk 0.28cvss 4.3epss 0.00
The Mavix Education theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'mavix_education_activate_plugin' AJAX action in all versions up to, and including, 1.0. This makes it possible for authenticated attackers, with…
CVE-2025-14074MedDec 12, 2025
WordPress
PDF for Contact Form 7 + Drag and Drop Template Builder
risk 0.28cvss 4.3epss 0.00
The PDF for Contact Form 7 + Drag and Drop Template Builder plugin for WordPress is vulnerable to unauthorized post duplication due to a missing capability check on the 'rednumber_duplicate' function in all versions up to, and including, 6.3.3. This makes it possible for…
CVE-2025-14392MedDec 12, 2025
WordPress
Simple Theme Changer
risk 0.28cvss 4.3epss 0.00
The Simple Theme Changer plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the user_theme_admin, display_method_admin, and set_change_theme_button_name actions actions in all versions up to, and including, 1.0. This…
CVE-2025-14170MedDec 12, 2025
Simplegallery
Simplegallery
risk 0.28cvss 4.3epss 0.00
The Vimeo SimpleGallery plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 0.2. This is due to missing authorization checks on the `vimeogallery_admin` function hooked to `admin_menu`. This makes it possible for authenticated…
CVE-2025-14064MedDec 12, 2025
WordPress
Buddytask
risk 0.28cvss 5.4epss 0.00
The BuddyTask plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on multiple AJAX endpoints in all versions up to, and including, 1.3.0. This makes it possible for authenticated attackers, with Subscriber-level…
CVE-2025-14045MedDec 12, 2025
WordPress
URL Media Uploader
risk 0.28cvss 4.3epss 0.00
The URL Media Uploader plugin for WordPress is vulnerable to unauthorized safe file uploads due to a missing capability check on the url_media_uploader_url_upload_ajax_handler() function in all versions up to, and including, 1.0.1. This makes it possible for authenticated…
CVE-2025-67599MedDec 9, 2025
Webtoffee
decorator-woocommerce-email-customizer
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in WebToffee WebToffee eCommerce Marketing Automation decorator-woocommerce-email-customizer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WebToffee eCommerce Marketing Automation: from n/a through…
CVE-2025-67597MedDec 9, 2025
WordPress
Fluent Booking
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in Shahjahan Jewel Fluent Booking fluent-booking allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Fluent Booking: from n/a through <= 1.9.11.
CVE-2025-67592MedDec 9, 2025
Joedolson
My Calendar
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in Joe Dolson My Calendar my-calendar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects My Calendar: from n/a through <= 3.6.16.
CVE-2025-67589MedDec 9, 2025
Wpovernight
Woocommerce Pdf Invoices\& Packing Slips
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in WP Overnight WooCommerce PDF Invoices & Packing Slips woocommerce-pdf-invoices-packing-slips allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WooCommerce PDF Invoices & Packing Slips: from n/a…