CWE-862

Missing Authorization

ClassIncompleteLikelihood: High

Description

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

Hierarchy (View 1000)

Parents

CWE-285

Children

Related attack patterns (CAPEC)

CAPEC-665

CVEs mapped to this weakness (5,392)

page 178 of 270

CVE	Vendor / Product	Sev	Risk	CVSS	Published	Description
CVE-2025-12202	Ajayrandhawa User Management PHP Mysql	Med	0.28	4.3	Oct 27, 2025	A security flaw has been discovered in ajayrandhawa User-Management-PHP-MYSQL web up to fedcf58797bf2791591606f7b61fdad99ad8bff1. This vulnerability affects unknown code. Performing manipulation results in cross-site request forgery. The attack can be initiated remotely. The…
CVE-2025-11255	WordPress Password Policy Manager	Med	0.28	4.3	Oct 25, 2025	The Password Policy Manager \| Password Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'moppm_ajax' AJAX endpoint in all versions up to, and including, 2.0.5. This makes it possible for authenticated…
CVE-2025-12014	NGINX Cache Optimizer NGINX Cache Optimizer	Med	0.28	4.3	Oct 24, 2025	The NGINX Cache Optimizer plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'nginxcacheoptimizer-blacklist-update' AJAX action in all versions up to, and including, 1.1. This makes it possible for authenticated…
CVE-2025-11887	WordPress Cx Supervisor	Med	0.28	4.3	Oct 24, 2025	The Supervisor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several AJAX functions in all versions up to, and including, 1.3.2. This makes it possible for authenticated attackers, with Subscriber-level access and…
CVE-2025-11257	WordPress LLM Hubspot Blog Import	Med	0.28	4.3	Oct 24, 2025	The LLM Hubspot Blog Import plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'process_save_blogs' AJAX endpoint in all versions up to, and including, 1.0.1. This makes it possible for authenticated attackers, with…
CVE-2025-11172	WordPress Check Plagiarism	Med	0.28	4.3	Oct 24, 2025	The Check Plagiarism plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the chk_plag_mine_plugin_wpse10500_admin_action() function in all versions up to, and including, 2.0. This makes it possible for authenticated…
CVE-2025-10901	Originality.ai AI Checker	Med	0.28	4.3	Oct 24, 2025	The Originality.ai AI Checker plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'ai_get_table' function in all versions up to, and including, 1.0.16. This makes it possible for authenticated attackers, with…
CVE-2025-62073	Sovlix MeetingHub	Med	0.28	4.3	Oct 22, 2025	Missing Authorization vulnerability in Sovlix MeetingHub meetinghub.This issue affects MeetingHub: from n/a through <= 1.23.9.
CVE-2025-62072	Etoilewebdesign Front End Users	Med	0.28	4.3	Oct 22, 2025	Missing Authorization vulnerability in Rustaurius Front End Users front-end-only-users.This issue affects Front End Users: from n/a through <= 3.2.33.
CVE-2025-62071	Repuso Repuso	Med	0.28	4.3	Oct 22, 2025	Missing Authorization vulnerability in Repuso Social proof testimonials and reviews by Repuso social-testimonials-and-reviews-widget.This issue affects Social proof testimonials and reviews by Repuso: from n/a through <= 5.29.
CVE-2025-62070	WowRevenue WowRevenue	Med	0.28	4.3	Oct 22, 2025	Missing Authorization vulnerability in WPXPO WowRevenue revenue.This issue affects WowRevenue: from n/a through <= 1.2.13.
CVE-2025-62052	Horea Radu One Page Express Companion	Med	0.28	4.3	Oct 22, 2025	Missing Authorization vulnerability in Horea Radu One Page Express Companion one-page-express-companion.This issue affects One Page Express Companion: from n/a through <= 1.6.43.
CVE-2025-62021	WordPress Acknowledgify	Med	0.28	4.3	Oct 22, 2025	Missing Authorization vulnerability in Made Neat Acknowledgify acknowledgify.This issue affects Acknowledgify: from n/a through <= 1.1.3.
CVE-2025-62013	WordPress Uichemy	Med	0.28	4.3	Oct 22, 2025	Missing Authorization vulnerability in POSIMYTH UiChemy uichemy.This issue affects UiChemy: from n/a through <= 4.0.0.
CVE-2025-62006	Veronalabs Wp Sms	Med	0.28	5.4	Oct 22, 2025	Missing Authorization vulnerability in VeronaLabs WP SMS wp-sms.This issue affects WP SMS: from n/a through <= 7.0.1.
CVE-2025-49937	Syed Balkhi Smash Balloon Social Post Feed	Med	0.28	4.3	Oct 22, 2025	Missing Authorization vulnerability in Syed Balkhi Smash Balloon Social Post Feed custom-facebook-feed allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Smash Balloon Social Post Feed: from n/a through <= 4.3.2.
CVE-2025-49922	WordPress Wpematico Rss Feed Fetcher	Med	0.28	4.3	Oct 22, 2025	Missing Authorization vulnerability in etruel WPeMatico RSS Feed Fetcher wpematico allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPeMatico RSS Feed Fetcher: from n/a through <= 2.8.3.
CVE-2025-49907	Realmag777 MDTF	Med	0.28	4.3	Oct 22, 2025	Missing Authorization vulnerability in RealMag777 MDTF wp-meta-data-filter-and-taxonomy-filter allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MDTF: from n/a through <= 1.3.3.9.
CVE-2025-11742	WordPress Woo Smart Wishlist	Med	0.28	4.3	Oct 18, 2025	The WPC Smart Wishlist for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'wishlist_quickview' AJAX action in all versions up to, and including, 5.0.4. This makes it possible for authenticated attackers,…
CVE-2025-11378	Shortpixel Image Optimizer – Optimize Images, Convert WebP & AVIF	Med	0.28	5.4	Oct 18, 2025	The ShortPixel Image Optimizer – Optimize Images, Convert WebP & AVIF plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'shortpixel_ajaxRequest' AJAX action in all versions up to, and including, 6.3.4. This makes…

CVE-2025-12202MedOct 27, 2025
Ajayrandhawa
User Management PHP Mysql
risk 0.28cvss 4.3epss 0.00
A security flaw has been discovered in ajayrandhawa User-Management-PHP-MYSQL web up to fedcf58797bf2791591606f7b61fdad99ad8bff1. This vulnerability affects unknown code. Performing manipulation results in cross-site request forgery. The attack can be initiated remotely. The…
CVE-2025-11255MedOct 25, 2025
WordPress
Password Policy Manager
risk 0.28cvss 4.3epss 0.00
The Password Policy Manager | Password Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'moppm_ajax' AJAX endpoint in all versions up to, and including, 2.0.5. This makes it possible for authenticated…
CVE-2025-12014MedOct 24, 2025
NGINX Cache Optimizer
NGINX Cache Optimizer
risk 0.28cvss 4.3epss 0.00
The NGINX Cache Optimizer plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'nginxcacheoptimizer-blacklist-update' AJAX action in all versions up to, and including, 1.1. This makes it possible for authenticated…
CVE-2025-11887MedOct 24, 2025
WordPress
Cx Supervisor
risk 0.28cvss 4.3epss 0.00
The Supervisor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several AJAX functions in all versions up to, and including, 1.3.2. This makes it possible for authenticated attackers, with Subscriber-level access and…
CVE-2025-11257MedOct 24, 2025
WordPress
LLM Hubspot Blog Import
risk 0.28cvss 4.3epss 0.00
The LLM Hubspot Blog Import plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'process_save_blogs' AJAX endpoint in all versions up to, and including, 1.0.1. This makes it possible for authenticated attackers, with…
CVE-2025-11172MedOct 24, 2025
WordPress
Check Plagiarism
risk 0.28cvss 4.3epss 0.00
The Check Plagiarism plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the chk_plag_mine_plugin_wpse10500_admin_action() function in all versions up to, and including, 2.0. This makes it possible for authenticated…
CVE-2025-10901MedOct 24, 2025
Originality.ai
AI Checker
risk 0.28cvss 4.3epss 0.00
The Originality.ai AI Checker plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'ai_get_table' function in all versions up to, and including, 1.0.16. This makes it possible for authenticated attackers, with…
CVE-2025-62073MedOct 22, 2025
Sovlix
MeetingHub
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in Sovlix MeetingHub meetinghub.This issue affects MeetingHub: from n/a through <= 1.23.9.
CVE-2025-62072MedOct 22, 2025
Etoilewebdesign
Front End Users
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in Rustaurius Front End Users front-end-only-users.This issue affects Front End Users: from n/a through <= 3.2.33.
CVE-2025-62071MedOct 22, 2025
Repuso
Repuso
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in Repuso Social proof testimonials and reviews by Repuso social-testimonials-and-reviews-widget.This issue affects Social proof testimonials and reviews by Repuso: from n/a through <= 5.29.
CVE-2025-62070MedOct 22, 2025
WowRevenue
WowRevenue
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in WPXPO WowRevenue revenue.This issue affects WowRevenue: from n/a through <= 1.2.13.
CVE-2025-62052MedOct 22, 2025
Horea Radu
One Page Express Companion
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in Horea Radu One Page Express Companion one-page-express-companion.This issue affects One Page Express Companion: from n/a through <= 1.6.43.
CVE-2025-62021MedOct 22, 2025
WordPress
Acknowledgify
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in Made Neat Acknowledgify acknowledgify.This issue affects Acknowledgify: from n/a through <= 1.1.3.
CVE-2025-62013MedOct 22, 2025
WordPress
Uichemy
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in POSIMYTH UiChemy uichemy.This issue affects UiChemy: from n/a through <= 4.0.0.
CVE-2025-62006MedOct 22, 2025
Veronalabs
Wp Sms
risk 0.28cvss 5.4epss 0.00
Missing Authorization vulnerability in VeronaLabs WP SMS wp-sms.This issue affects WP SMS: from n/a through <= 7.0.1.
CVE-2025-49937MedOct 22, 2025
Syed Balkhi
Smash Balloon Social Post Feed
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in Syed Balkhi Smash Balloon Social Post Feed custom-facebook-feed allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Smash Balloon Social Post Feed: from n/a through <= 4.3.2.
CVE-2025-49922MedOct 22, 2025
WordPress
Wpematico Rss Feed Fetcher
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in etruel WPeMatico RSS Feed Fetcher wpematico allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPeMatico RSS Feed Fetcher: from n/a through <= 2.8.3.
CVE-2025-49907MedOct 22, 2025
Realmag777
MDTF
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in RealMag777 MDTF wp-meta-data-filter-and-taxonomy-filter allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MDTF: from n/a through <= 1.3.3.9.
CVE-2025-11742MedOct 18, 2025
WordPress
Woo Smart Wishlist
risk 0.28cvss 4.3epss 0.00
The WPC Smart Wishlist for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'wishlist_quickview' AJAX action in all versions up to, and including, 5.0.4. This makes it possible for authenticated attackers,…
CVE-2025-11378MedOct 18, 2025
Shortpixel
Image Optimizer – Optimize Images, Convert WebP & AVIF
risk 0.28cvss 5.4epss 0.00
The ShortPixel Image Optimizer – Optimize Images, Convert WebP & AVIF plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'shortpixel_ajaxRequest' AJAX action in all versions up to, and including, 6.3.4. This makes…