CWE-862

Missing Authorization

ClassIncompleteLikelihood: High

Description

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

Hierarchy (View 1000)

Parents

CWE-285

Children

Related attack patterns (CAPEC)

CAPEC-665

CVEs mapped to this weakness (5,392)

page 180 of 270

CVE	Vendor / Product	Sev	Risk	CVSS	Published	Description
CVE-2025-59551	WordPress Revive So	Med	0.28	4.3	Sep 22, 2025	Missing Authorization vulnerability in WP Chill Revive.so revive-so allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Revive.so: from n/a through <= 2.0.6.
CVE-2025-58957	Vikas Ratudi VPSUForm	Med	0.28	4.3	Sep 22, 2025	Missing Authorization vulnerability in Vikas Ratudi VPSUForm v-form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects VPSUForm: from n/a through <= 3.2.20.
CVE-2025-58668	Vibethemes WPLMS	Med	0.28	4.3	Sep 22, 2025	Missing Authorization vulnerability in VibeThemes WPLMS wplms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPLMS : from n/a through <= 4.970.
CVE-2025-58666	WordPress Website Chat Button Kommo Integration	Med	0.28	4.3	Sep 22, 2025	Missing Authorization vulnerability in Kommo Website Chat Button: Kommo integration website-chat-button-kommo-integration allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Website Chat Button: Kommo integration: from n/a through <= 1.3.1.
CVE-2025-58664	Azizul Hasan Text To Speech TTS Accessibility	Med	0.28	4.3	Sep 22, 2025	Missing Authorization vulnerability in Azizul Hasan Text To Speech TTS Accessibility text-to-audio allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Text To Speech TTS Accessibility: from n/a through <= 1.9.30.
CVE-2025-58663	Themeum Qubely	Med	0.28	4.3	Sep 22, 2025	Missing Authorization vulnerability in Themeum Qubely qubely allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Qubely: from n/a through <= 1.8.14.
CVE-2025-58251	Posimyth Sticky Header Effects for Elementor	Med	0.28	4.3	Sep 22, 2025	Missing Authorization vulnerability in POSIMYTH Sticky Header Effects for Elementor sticky-header-effects-for-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sticky Header Effects for Elementor: from n/a through <= 2.1.2.
CVE-2025-58221	WordPress Pilotpress	Med	0.28	4.3	Sep 22, 2025	Missing Authorization vulnerability in ONTRAPORT PilotPress pilotpress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PilotPress: from n/a through <= 2.0.36.
CVE-2025-57997	Trustpilot Trustpilot Reviews	Med	0.28	4.3	Sep 22, 2025	Missing Authorization vulnerability in Trustpilot Trustpilot Reviews trustpilot-reviews allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Trustpilot Reviews: from n/a through <= 2.5.925.
CVE-2025-57995	Detheme Dethemekit For Elementor	Med	0.28	4.3	Sep 22, 2025	Missing Authorization vulnerability in Detheme DethemeKit For Elementor dethemekit-for-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects DethemeKit For Elementor: from n/a through <= 2.1.10.
CVE-2025-57985	Mantrabrain Ultimate Watermark	Med	0.28	4.3	Sep 22, 2025	Missing Authorization vulnerability in MantraBrain Ultimate Watermark ultimate-watermark allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ultimate Watermark: from n/a through <= 1.1.
CVE-2025-57975	Radiustheme tlp-team	Med	0.28	4.3	Sep 22, 2025	Missing Authorization vulnerability in RadiusTheme Team tlp-team allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Team: from n/a through <= 5.0.6.
CVE-2025-57972	WordPress Support Ticket System For Woocommerce	Med	0.28	4.3	Sep 22, 2025	Missing Authorization vulnerability in WPFactory Helpdesk Support Ticket System for WooCommerce support-ticket-system-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Helpdesk Support Ticket System for WooCommerce: from…
CVE-2025-57969	Jeremy Saxey Hide WP Toolbar	Med	0.28	4.3	Sep 22, 2025	Missing Authorization vulnerability in Jeremy Saxey Hide WP Toolbar hide-wp-toolbar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Hide WP Toolbar: from n/a through <= 2.7.
CVE-2025-57961	Codexpert Codesigner	Med	0.28	4.3	Sep 22, 2025	Missing Authorization vulnerability in Codexpert, Inc CoDesigner woolementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CoDesigner: from n/a through <= 4.29.
CVE-2025-57936	Meitar Subresource Integrity (SRI) Manager	Med	0.28	4.3	Sep 22, 2025	Missing Authorization vulnerability in Meitar Subresource Integrity (SRI) Manager wp-sri allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Subresource Integrity (SRI) Manager: from n/a through <= 0.4.0.
CVE-2025-57917	—	Med	0.28	4.3	Sep 22, 2025	Missing Authorization vulnerability in printcart Printcart Web to Print Product Designer for WooCommerce printcart-integration allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Printcart Web to Print Product Designer for WooCommerce: from…
CVE-2025-53452	WordPress Event Rocket	Med	0.28	4.3	Sep 22, 2025	Missing Authorization vulnerability in Barry Event Rocket allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Event Rocket: from n/a through 3.3.
CVE-2025-8487	WordPress Kubio	Med	0.28	5.4	Sep 19, 2025	The Kubio AI Page Builder plugin for WordPress is vulnerable to unauthorized plugin installation due to a missing capability check on the kubio-image-hub-install-plugin AJAX action in all versions up to, and including, 2.6.3. This makes it possible for authenticated attackers,…
CVE-2025-0763	—	Med	0.28	4.3	Sep 11, 2025	The Ultimate Classified Listings plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save_custom_fields function in all versions up to, and including, 1.7. This makes it possible for authenticated attackers, with…

CVE-2025-59551MedSep 22, 2025
WordPress
Revive So
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in WP Chill Revive.so revive-so allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Revive.so: from n/a through <= 2.0.6.
CVE-2025-58957MedSep 22, 2025
Vikas Ratudi
VPSUForm
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in Vikas Ratudi VPSUForm v-form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects VPSUForm: from n/a through <= 3.2.20.
CVE-2025-58668MedSep 22, 2025
Vibethemes
WPLMS
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in VibeThemes WPLMS wplms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPLMS : from n/a through <= 4.970.
CVE-2025-58666MedSep 22, 2025
WordPress
Website Chat Button Kommo Integration
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in Kommo Website Chat Button: Kommo integration website-chat-button-kommo-integration allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Website Chat Button: Kommo integration: from n/a through <= 1.3.1.
CVE-2025-58664MedSep 22, 2025
Azizul Hasan
Text To Speech TTS Accessibility
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in Azizul Hasan Text To Speech TTS Accessibility text-to-audio allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Text To Speech TTS Accessibility: from n/a through <= 1.9.30.
CVE-2025-58663MedSep 22, 2025
Themeum
Qubely
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in Themeum Qubely qubely allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Qubely: from n/a through <= 1.8.14.
CVE-2025-58251MedSep 22, 2025
Posimyth
Sticky Header Effects for Elementor
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in POSIMYTH Sticky Header Effects for Elementor sticky-header-effects-for-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sticky Header Effects for Elementor: from n/a through <= 2.1.2.
CVE-2025-58221MedSep 22, 2025
WordPress
Pilotpress
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in ONTRAPORT PilotPress pilotpress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PilotPress: from n/a through <= 2.0.36.
CVE-2025-57997MedSep 22, 2025
Trustpilot
Trustpilot Reviews
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in Trustpilot Trustpilot Reviews trustpilot-reviews allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Trustpilot Reviews: from n/a through <= 2.5.925.
CVE-2025-57995MedSep 22, 2025
Detheme
Dethemekit For Elementor
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in Detheme DethemeKit For Elementor dethemekit-for-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects DethemeKit For Elementor: from n/a through <= 2.1.10.
CVE-2025-57985MedSep 22, 2025
Mantrabrain
Ultimate Watermark
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in MantraBrain Ultimate Watermark ultimate-watermark allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ultimate Watermark: from n/a through <= 1.1.
CVE-2025-57975MedSep 22, 2025
Radiustheme
tlp-team
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in RadiusTheme Team tlp-team allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Team: from n/a through <= 5.0.6.
CVE-2025-57972MedSep 22, 2025
WordPress
Support Ticket System For Woocommerce
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in WPFactory Helpdesk Support Ticket System for WooCommerce support-ticket-system-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Helpdesk Support Ticket System for WooCommerce: from…
CVE-2025-57969MedSep 22, 2025
Jeremy Saxey
Hide WP Toolbar
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in Jeremy Saxey Hide WP Toolbar hide-wp-toolbar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Hide WP Toolbar: from n/a through <= 2.7.
CVE-2025-57961MedSep 22, 2025
Codexpert
Codesigner
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in Codexpert, Inc CoDesigner woolementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CoDesigner: from n/a through <= 4.29.
CVE-2025-57936MedSep 22, 2025
Meitar
Subresource Integrity (SRI) Manager
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in Meitar Subresource Integrity (SRI) Manager wp-sri allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Subresource Integrity (SRI) Manager: from n/a through <= 0.4.0.
CVE-2025-57917MedSep 22, 2025
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in printcart Printcart Web to Print Product Designer for WooCommerce printcart-integration allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Printcart Web to Print Product Designer for WooCommerce: from…
CVE-2025-53452MedSep 22, 2025
WordPress
Event Rocket
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in Barry Event Rocket allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Event Rocket: from n/a through 3.3.
CVE-2025-8487MedSep 19, 2025
WordPress
Kubio
risk 0.28cvss 5.4epss 0.00
The Kubio AI Page Builder plugin for WordPress is vulnerable to unauthorized plugin installation due to a missing capability check on the kubio-image-hub-install-plugin AJAX action in all versions up to, and including, 2.6.3. This makes it possible for authenticated attackers,…
CVE-2025-0763MedSep 11, 2025
risk 0.28cvss 4.3epss 0.00
The Ultimate Classified Listings plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save_custom_fields function in all versions up to, and including, 1.7. This makes it possible for authenticated attackers, with…