CWE-862

Missing Authorization

ClassIncompleteLikelihood: High

Description

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

Hierarchy (View 1000)

Parents

CWE-285

Children

Related attack patterns (CAPEC)

CAPEC-665

CVEs mapped to this weakness (5,392)

page 181 of 270

CVE	Vendor / Product	Sev	Risk	CVSS	Published	Description
CVE-2025-9979	WordPress Maspik	Med	0.28	4.3	Sep 10, 2025	The Maspik plugin for WordPress is vulnerable to Missing Authorization in version 2.5.6 and prior. This is due to missing capability checks on the Maspik_spamlog_download_csv function. This makes it possible for authenticated attackers, with subscriber-level access and above, to…
CVE-2025-8778	Nitropack Nitropack	Med	0.28	4.3	Sep 10, 2025	The NitroPack plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the nitropack_set_compression_ajax() function in all versions up to, and including, 1.18.4. This makes it possible for authenticated attackers, with…
CVE-2025-59005	Frenify Categorify	Med	0.28	4.3	Sep 9, 2025	Missing Authorization vulnerability in frenify Categorify categorify allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Categorify: from n/a through <= 1.0.7.5.
CVE-2025-58976	WordPress Accessibility Checker	Med	0.28	4.3	Sep 9, 2025	Missing Authorization vulnerability in Equalize Digital Accessibility Checker by Equalize Digital accessibility-checker allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Accessibility Checker by Equalize Digital: from n/a through <=…
CVE-2025-39553	WordPress Church Admin	Med	0.28	4.3	Sep 9, 2025	Missing Authorization vulnerability in andy_moyle Church Admin church-admin.This issue affects Church Admin: from n/a through <= 5.0.9.
CVE-2025-9542	Automatorwp Automatorwp	Med	0.28	5.4	Sep 9, 2025	The AutomatorWP – Automator plugin for no-code automations, webhooks & custom integrations in WordPress plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on multiple plugin's functions in all versions up to,…
CVE-2025-58824	priyanshumittal Shk Corporate	Med	0.28	4.3	Sep 5, 2025	Missing Authorization vulnerability in priyanshumittal Shk Corporate shk-corporate allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Shk Corporate: from n/a through <= 2.4.1.1.
CVE-2025-58817	desertthemes SoftMe	Med	0.28	4.3	Sep 5, 2025	Missing Authorization vulnerability in desertthemes SoftMe softme allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SoftMe: from n/a through <= 1.1.27.
CVE-2025-58813	WordPress Consultstreet	Med	0.28	4.3	Sep 5, 2025	Missing Authorization vulnerability in themearile Consultstreet consultstreet allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Consultstreet: from n/a through <= 3.0.0.
CVE-2025-58795	WordPress Payoneer Checkout	Med	0.28	4.3	Sep 5, 2025	Missing Authorization vulnerability in Payoneer Checkout Payoneer Checkout payoneer-checkout allows Content Spoofing.This issue affects Payoneer Checkout: from n/a through <= 3.4.0.
CVE-2025-58783	WordPress Gutentor	Med	0.28	4.3	Sep 5, 2025	Missing Authorization vulnerability in gutentor Gutentor gutentor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Gutentor: from n/a through <= 3.5.5.
CVE-2025-58622	WordPress Mobile Contact Line	Med	0.28	4.3	Sep 3, 2025	Missing Authorization vulnerability in yydevelopment Mobile Contact Line mobile-contact-line allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Mobile Contact Line: from n/a through <= 2.4.0.
CVE-2025-58617	WordPress F4 Media Taxonomies	Med	0.28	4.3	Sep 3, 2025	Missing Authorization vulnerability in FAKTOR VIER F4 Media Taxonomies f4-media-taxonomies allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects F4 Media Taxonomies: from n/a through <= 1.1.4.
CVE-2025-58601	Radiustheme Classified Listing	Med	0.28	4.3	Sep 3, 2025	Missing Authorization vulnerability in RadiusTheme Classified Listing classified-listing allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Classified Listing: from n/a through <= 5.0.6.
CVE-2025-58599	WordPress Order Delivery Date For Woocommerce	Med	0.28	4.3	Sep 3, 2025	Missing Authorization vulnerability in tychesoftwares Order Delivery Date for WooCommerce order-delivery-date-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Order Delivery Date for WooCommerce: from n/a through <= 4.1.0.
CVE-2025-58594	Brizy Brizy	Med	0.28	4.3	Sep 3, 2025	Missing Authorization vulnerability in themefusecom Brizy brizy allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Brizy: from n/a through <= 2.7.12.
CVE-2025-3701	Miniorange Malware Scanner	Med	0.28	4.3	Sep 3, 2025	Missing Authorization vulnerability in Malcure Web Security Malcure Malware Scanner wp-malware-removal allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Malcure Malware Scanner: from n/a through <= 16.8.
CVE-2025-9747	Koillection Koillection	Med	0.28	4.3	Aug 31, 2025	A vulnerability has been found in Koillection up to 1.6.18. Affected is an unknown function of the file assets/controllers/csrf_protection_controller.js. Such manipulation leads to cross-site request forgery. The attack can be executed remotely. The exploit has been disclosed to…
CVE-2025-48350	Basar Ventures AutoWP	Med	0.28	4.3	Aug 28, 2025	Missing Authorization vulnerability in Basar Ventures AutoWP autowp-ai-content-writer-rewriter allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AutoWP: from n/a through <= 2.2.7.
CVE-2025-0951	—	Med	0.28	4.3	Aug 28, 2025	Multiple plugins and/or themes for WordPress by LiquidThemes are vulnerable to unauthorized access due to a missing capability check on the liquid_reset_wordpress_before AJAX in various versions. This makes it possible for authenticated attackers, with Subscriber-level access…

CVE-2025-9979MedSep 10, 2025
WordPress
Maspik
risk 0.28cvss 4.3epss 0.00
The Maspik plugin for WordPress is vulnerable to Missing Authorization in version 2.5.6 and prior. This is due to missing capability checks on the Maspik_spamlog_download_csv function. This makes it possible for authenticated attackers, with subscriber-level access and above, to…
CVE-2025-8778MedSep 10, 2025
Nitropack
Nitropack
risk 0.28cvss 4.3epss 0.00
The NitroPack plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the nitropack_set_compression_ajax() function in all versions up to, and including, 1.18.4. This makes it possible for authenticated attackers, with…
CVE-2025-59005MedSep 9, 2025
Frenify
Categorify
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in frenify Categorify categorify allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Categorify: from n/a through <= 1.0.7.5.
CVE-2025-58976MedSep 9, 2025
WordPress
Accessibility Checker
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in Equalize Digital Accessibility Checker by Equalize Digital accessibility-checker allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Accessibility Checker by Equalize Digital: from n/a through <=…
CVE-2025-39553MedSep 9, 2025
WordPress
Church Admin
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in andy_moyle Church Admin church-admin.This issue affects Church Admin: from n/a through <= 5.0.9.
CVE-2025-9542MedSep 9, 2025
Automatorwp
Automatorwp
risk 0.28cvss 5.4epss 0.00
The AutomatorWP – Automator plugin for no-code automations, webhooks & custom integrations in WordPress plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on multiple plugin's functions in all versions up to,…
CVE-2025-58824MedSep 5, 2025
priyanshumittal
Shk Corporate
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in priyanshumittal Shk Corporate shk-corporate allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Shk Corporate: from n/a through <= 2.4.1.1.
CVE-2025-58817MedSep 5, 2025
desertthemes
SoftMe
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in desertthemes SoftMe softme allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SoftMe: from n/a through <= 1.1.27.
CVE-2025-58813MedSep 5, 2025
WordPress
Consultstreet
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in themearile Consultstreet consultstreet allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Consultstreet: from n/a through <= 3.0.0.
CVE-2025-58795MedSep 5, 2025
WordPress
Payoneer Checkout
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in Payoneer Checkout Payoneer Checkout payoneer-checkout allows Content Spoofing.This issue affects Payoneer Checkout: from n/a through <= 3.4.0.
CVE-2025-58783MedSep 5, 2025
WordPress
Gutentor
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in gutentor Gutentor gutentor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Gutentor: from n/a through <= 3.5.5.
CVE-2025-58622MedSep 3, 2025
WordPress
Mobile Contact Line
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in yydevelopment Mobile Contact Line mobile-contact-line allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Mobile Contact Line: from n/a through <= 2.4.0.
CVE-2025-58617MedSep 3, 2025
WordPress
F4 Media Taxonomies
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in FAKTOR VIER F4 Media Taxonomies f4-media-taxonomies allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects F4 Media Taxonomies: from n/a through <= 1.1.4.
CVE-2025-58601MedSep 3, 2025
Radiustheme
Classified Listing
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in RadiusTheme Classified Listing classified-listing allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Classified Listing: from n/a through <= 5.0.6.
CVE-2025-58599MedSep 3, 2025
WordPress
Order Delivery Date For Woocommerce
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in tychesoftwares Order Delivery Date for WooCommerce order-delivery-date-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Order Delivery Date for WooCommerce: from n/a through <= 4.1.0.
CVE-2025-58594MedSep 3, 2025
Brizy
Brizy
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in themefusecom Brizy brizy allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Brizy: from n/a through <= 2.7.12.
CVE-2025-3701MedSep 3, 2025
Miniorange
Malware Scanner
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in Malcure Web Security Malcure Malware Scanner wp-malware-removal allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Malcure Malware Scanner: from n/a through <= 16.8.
CVE-2025-9747MedAug 31, 2025
Koillection
Koillection
risk 0.28cvss 4.3epss 0.00
A vulnerability has been found in Koillection up to 1.6.18. Affected is an unknown function of the file assets/controllers/csrf_protection_controller.js. Such manipulation leads to cross-site request forgery. The attack can be executed remotely. The exploit has been disclosed to…
CVE-2025-48350MedAug 28, 2025
Basar Ventures
AutoWP
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in Basar Ventures AutoWP autowp-ai-content-writer-rewriter allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AutoWP: from n/a through <= 2.2.7.
CVE-2025-0951MedAug 28, 2025
risk 0.28cvss 4.3epss 0.00
Multiple plugins and/or themes for WordPress by LiquidThemes are vulnerable to unauthorized access due to a missing capability check on the liquid_reset_wordpress_before AJAX in various versions. This makes it possible for authenticated attackers, with Subscriber-level access…