CWE-862

Missing Authorization

ClassIncompleteLikelihood: High

Description

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

Hierarchy (View 1000)

Parents

CWE-285

Children

Related attack patterns (CAPEC)

CAPEC-665

CVEs mapped to this weakness (5,392)

page 173 of 270

CVE	Vendor / Product	Sev	Risk	CVSS	Published	Description
CVE-2025-67588	Elementor Website Builder	Med	0.28	4.3	Dec 9, 2025	Missing Authorization vulnerability in Elementor Elementor Website Builder elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Elementor Website Builder: from n/a through <= 3.33.0.
CVE-2025-67474	Ultimatemember Forumwp	Med	0.28	4.3	Dec 9, 2025	Missing Authorization vulnerability in Ultimate Member ForumWP forumwp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ForumWP: from n/a through <= 2.1.4.
CVE-2025-67468	Crmperks Integration For Salesforce And Contact Form 7\, Wpforms\, Elementor\, Ninja Forms	Med	0.28	4.3	Dec 9, 2025	Missing Authorization vulnerability in CRM Perks Integration for Salesforce and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms cf7-salesforce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Integration for Salesforce and…
CVE-2025-67466	WordPress Trinity Audio	Med	0.28	4.3	Dec 9, 2025	Missing Authorization vulnerability in sergiotrinity Trinity Audio trinity-audio allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Trinity Audio: from n/a through <= 5.23.3.
CVE-2025-66534	WordPress Theaisle	Med	0.28	4.3	Dec 9, 2025	Missing Authorization vulnerability in Elated-Themes The Aisle theaisle allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects The Aisle: from n/a through <= 2.9.
CVE-2025-66532	Qodeinteractive Powerlift	Med	0.28	4.3	Dec 9, 2025	Missing Authorization vulnerability in Mikado-Themes Powerlift powerlift allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Powerlift: from n/a through < 3.2.1.
CVE-2025-66530	Webba Booking Webba Booking	Med	0.28	4.3	Dec 9, 2025	Missing Authorization vulnerability in Webba Appointment Booking Webba Booking webba-booking-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Webba Booking: from n/a through <= 6.2.1.
CVE-2025-66528	Villatheme Woocommerce Thank You Page Customizer	Med	0.28	4.3	Dec 9, 2025	Missing Authorization vulnerability in VillaTheme Thank You Page Customizer for WooCommerce woo-thank-you-page-customizer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Thank You Page Customizer for WooCommerce: from n/a through <=…
CVE-2025-66527	VanKarWai Lobo	Med	0.28	4.3	Dec 9, 2025	Missing Authorization vulnerability in VanKarWai Lobo lobo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Lobo: from n/a through <= 2.8.6.
CVE-2025-66526	WordPress Tablesome	Med	0.28	4.3	Dec 9, 2025	Missing Authorization vulnerability in Essekia Tablesome tablesome allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tablesome: from n/a through <= 1.1.34.
CVE-2025-66525	Elastic Email Sender Elastic Email Sender	Med	0.28	4.3	Dec 9, 2025	Missing Authorization vulnerability in Elastic Email Elastic Email Sender elastic-email-sender allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Elastic Email Sender: from n/a through <= 1.2.20.
CVE-2025-64257	WordPress My Tickets	Med	0.28	4.3	Dec 9, 2025	Missing Authorization vulnerability in Joe Dolson My Tickets my-tickets allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects My Tickets: from n/a through <= 2.1.0.
CVE-2025-63077	Leevio Happy Addons For Elementor	Med	0.28	4.3	Dec 9, 2025	Missing Authorization vulnerability in HappyMonster Happy Addons for Elementor happy-elementor-addons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Happy Addons for Elementor: from n/a through <= 3.20.3.
CVE-2025-63067	WordPress Porto Functionality	Med	0.28	4.3	Dec 9, 2025	Missing Authorization vulnerability in p-themes Porto Theme - Functionality porto-functionality allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Porto Theme - Functionality: from n/a through < 3.7.3.
CVE-2025-63056	Bestwebsoft Contact Form by BestWebSoft	Med	0.28	4.3	Dec 9, 2025	Missing Authorization vulnerability in bestwebsoft Contact Form by BestWebSoft contact-form-plugin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Contact Form by BestWebSoft: from n/a through <= 4.3.6.
CVE-2025-63025	Xagio SEO xagio-seo	Med	0.28	4.3	Dec 9, 2025	Missing Authorization vulnerability in Xagio SEO Xagio SEO xagio-seo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Xagio SEO: from n/a through <= 7.1.0.37.
CVE-2025-63015	WordPress Woo Payment Gateway Paysera	Med	0.28	4.3	Dec 9, 2025	Missing Authorization vulnerability in paysera WooCommerce Payment Gateway - Paysera woo-payment-gateway-paysera allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WooCommerce Payment Gateway - Paysera: from n/a through <= 3.10.0.
CVE-2025-63006	Metagauss Eventprime	Med	0.28	4.3	Dec 9, 2025	Missing Authorization vulnerability in Metagauss EventPrime eventprime-event-calendar-management allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects EventPrime: from n/a through <= 4.2.4.1.
CVE-2025-62996	Code Amp Custom Layouts – Post + Product grids made easy	Med	0.28	4.3	Dec 9, 2025	Missing Authorization vulnerability in Code Amp Custom Layouts – Post + Product grids made easy custom-layouts allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Custom Layouts – Post + Product grids made easy: from n/a through <=…
CVE-2025-62993	WordPress Notification For Telegram	Med	0.28	4.3	Dec 9, 2025	Missing Authorization vulnerability in rainafarai Notification for Telegram notification-for-telegram allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Notification for Telegram: from n/a through <= 3.5.1.

CVE-2025-67588MedDec 9, 2025
Elementor
Website Builder
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in Elementor Elementor Website Builder elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Elementor Website Builder: from n/a through <= 3.33.0.
CVE-2025-67474MedDec 9, 2025
Ultimatemember
Forumwp
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in Ultimate Member ForumWP forumwp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ForumWP: from n/a through <= 2.1.4.
CVE-2025-67468MedDec 9, 2025
Crmperks
Integration For Salesforce And Contact Form 7\, Wpforms\, Elementor\, Ninja Forms
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in CRM Perks Integration for Salesforce and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms cf7-salesforce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Integration for Salesforce and…
CVE-2025-67466MedDec 9, 2025
WordPress
Trinity Audio
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in sergiotrinity Trinity Audio trinity-audio allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Trinity Audio: from n/a through <= 5.23.3.
CVE-2025-66534MedDec 9, 2025
WordPress
Theaisle
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in Elated-Themes The Aisle theaisle allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects The Aisle: from n/a through <= 2.9.
CVE-2025-66532MedDec 9, 2025
Qodeinteractive
Powerlift
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in Mikado-Themes Powerlift powerlift allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Powerlift: from n/a through < 3.2.1.
CVE-2025-66530MedDec 9, 2025
Webba Booking
Webba Booking
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in Webba Appointment Booking Webba Booking webba-booking-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Webba Booking: from n/a through <= 6.2.1.
CVE-2025-66528MedDec 9, 2025
Villatheme
Woocommerce Thank You Page Customizer
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in VillaTheme Thank You Page Customizer for WooCommerce woo-thank-you-page-customizer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Thank You Page Customizer for WooCommerce: from n/a through <=…
CVE-2025-66527MedDec 9, 2025
VanKarWai
Lobo
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in VanKarWai Lobo lobo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Lobo: from n/a through <= 2.8.6.
CVE-2025-66526MedDec 9, 2025
WordPress
Tablesome
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in Essekia Tablesome tablesome allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tablesome: from n/a through <= 1.1.34.
CVE-2025-66525MedDec 9, 2025
Elastic Email Sender
Elastic Email Sender
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in Elastic Email Elastic Email Sender elastic-email-sender allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Elastic Email Sender: from n/a through <= 1.2.20.
CVE-2025-64257MedDec 9, 2025
WordPress
My Tickets
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in Joe Dolson My Tickets my-tickets allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects My Tickets: from n/a through <= 2.1.0.
CVE-2025-63077MedDec 9, 2025
Leevio
Happy Addons For Elementor
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in HappyMonster Happy Addons for Elementor happy-elementor-addons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Happy Addons for Elementor: from n/a through <= 3.20.3.
CVE-2025-63067MedDec 9, 2025
WordPress
Porto Functionality
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in p-themes Porto Theme - Functionality porto-functionality allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Porto Theme - Functionality: from n/a through < 3.7.3.
CVE-2025-63056MedDec 9, 2025
Bestwebsoft
Contact Form by BestWebSoft
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in bestwebsoft Contact Form by BestWebSoft contact-form-plugin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Contact Form by BestWebSoft: from n/a through <= 4.3.6.
CVE-2025-63025MedDec 9, 2025
Xagio SEO
xagio-seo
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in Xagio SEO Xagio SEO xagio-seo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Xagio SEO: from n/a through <= 7.1.0.37.
CVE-2025-63015MedDec 9, 2025
WordPress
Woo Payment Gateway Paysera
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in paysera WooCommerce Payment Gateway - Paysera woo-payment-gateway-paysera allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WooCommerce Payment Gateway - Paysera: from n/a through <= 3.10.0.
CVE-2025-63006MedDec 9, 2025
Metagauss
Eventprime
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in Metagauss EventPrime eventprime-event-calendar-management allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects EventPrime: from n/a through <= 4.2.4.1.
CVE-2025-62996MedDec 9, 2025
Code Amp
Custom Layouts – Post + Product grids made easy
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in Code Amp Custom Layouts – Post + Product grids made easy custom-layouts allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Custom Layouts – Post + Product grids made easy: from n/a through <=…
CVE-2025-62993MedDec 9, 2025
WordPress
Notification For Telegram
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in rainafarai Notification for Telegram notification-for-telegram allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Notification for Telegram: from n/a through <= 3.5.1.