CWE-862
Missing Authorization
Description
The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-665
CVEs mapped to this weakness (5,392)
page 182 of 270| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-58193 | Med | 0.28 | 4.3 | 0.00 | Aug 27, 2025 | Missing Authorization vulnerability in Uncanny Owl Uncanny Automator uncanny-automator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Uncanny Automator: from n/a through <= 6.7.0.1. | ||
| CVE-2025-58192 | Med | 0.28 | 4.3 | 0.00 | Aug 27, 2025 | Missing Authorization vulnerability in Xylus Themes WP Bulk Delete wp-bulk-delete allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Bulk Delete: from n/a through <= 1.3.6. | ||
| CVE-2024-8860 | Med | 0.28 | 4.3 | 0.00 | Aug 26, 2025 | The Tourfic plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the tf_order_status_email_resend_function, tf_visitor_details_edit_function, tf_checkinout_details_edit_function, tf_order_status_edit_function,… | ||
| CVE-2025-7828 | Med | 0.28 | 4.3 | 0.00 | Aug 23, 2025 | The WP Filter & Combine RSS Feeds plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the post_listing_page() function in all versions up to, and including, 0.4. This makes it possible for authenticated attackers, with… | ||
| CVE-2025-7827 | Med | 0.28 | 4.3 | 0.00 | Aug 23, 2025 | The Ni WooCommerce Customer Product Report plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ni_woocpr_action() function in all versions up to, and including, 1.2.4. This makes it possible for authenticated… | ||
| CVE-2025-9331 | — | Med | 0.28 | 4.3 | 0.00 | Aug 22, 2025 | The Spacious theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'welcome_notice_import_handler' function in all versions up to, and including, 1.9.11. This makes it possible for authenticated attackers, with… | |
| CVE-2025-57894 | Med | 0.28 | 4.3 | 0.00 | Aug 22, 2025 | Missing Authorization vulnerability in ollybach WPPizza wppizza allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPPizza: from n/a through <= 3.19.8. | ||
| CVE-2025-57884 | Med | 0.28 | 4.3 | 0.00 | Aug 22, 2025 | Missing Authorization vulnerability in wpsoul Greenshift greenshift-animation-and-page-builder-blocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Greenshift: from n/a through <= 12.1.1. | ||
| CVE-2025-49396 | Med | 0.28 | 4.3 | 0.00 | Aug 20, 2025 | Missing Authorization vulnerability in themifyme Themify Builder themify-builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Themify Builder: from n/a through <= 7.6.7. | ||
| CVE-2025-9202 | Med | 0.28 | 4.3 | 0.00 | Aug 20, 2025 | The ColorMag theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the welcome_notice_import_handler() function in all versions up to, and including, 4.0.19. This makes it possible for authenticated attackers, with… | ||
| CVE-2025-8357 | Med | 0.28 | 4.3 | 0.00 | Aug 19, 2025 | The Media Library Assistant plugin for WordPress is vulnerable to arbitrary file deletion in the /wp-content/uploads directory due to insufficient file path validation and user capability checking in the _process_mla_download_file function in all versions up to, and including,… | ||
| CVE-2025-8992 | Med | 0.28 | 4.3 | 0.00 | Aug 15, 2025 | A vulnerability has been found in mtons mblog up to 3.5.0. Affected by this issue is some unknown functionality. The manipulation leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | ||
| CVE-2025-54712 | Med | 0.28 | 4.3 | 0.00 | Aug 14, 2025 | Missing Authorization vulnerability in hashthemes Easy Elementor Addons easy-elementor-addons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Elementor Addons: from n/a through <= 2.2.7. | ||
| CVE-2025-53343 | Med | 0.28 | 4.3 | 0.00 | Aug 14, 2025 | Missing Authorization vulnerability in GoodLayers Modernize modernize allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Modernize: from n/a through <= 3.4.0. | ||
| CVE-2025-53341 | Med | 0.28 | 4.3 | 0.00 | Aug 14, 2025 | Missing Authorization vulnerability in Themovation App, SaaS & Software Startup Tech Theme - Stratus stratusx allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects App, SaaS & Software Startup Tech Theme - Stratus: from n/a through <= 4.2.5. | ||
| CVE-2025-53221 | Med | 0.28 | 4.3 | 0.00 | Aug 14, 2025 | Missing Authorization vulnerability in codeablepress CodeablePress codeablepress-simple-frontend-profile-picture-upload allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CodeablePress: from n/a through <= 1.0.2. | ||
| CVE-2025-54705 | Med | 0.28 | 4.3 | 0.00 | Aug 14, 2025 | Missing Authorization vulnerability in magepeopleteam WpEvently mage-eventpress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WpEvently: from n/a through <= 4.4.6. | ||
| CVE-2025-49052 | Med | 0.28 | 4.3 | 0.00 | Aug 14, 2025 | Missing Authorization vulnerability in Dariolee Netease Music netease-music allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Netease Music: from n/a through <= 3.2.1. | ||
| CVE-2025-8482 | Med | 0.28 | 4.3 | 0.00 | Aug 12, 2025 | The Simple Local Avatars plugin for WordPress is vulnerable to unauthorized modification of data in version 2.8.4. This is due to a missing capability check on the migrate_from_wp_user_avatar() function. This makes it possible for authenticated attackers, with subscriber-level… | ||
| CVE-2025-8814 | Med | 0.28 | 4.3 | 0.00 | Aug 10, 2025 | A vulnerability was found in atjiu pybbs up to 6.0.0 and classified as problematic. This issue affects the function setCookie of the file src/main/java/co/yiiu/pybbs/util/CookieUtil.java. The manipulation leads to cross-site request forgery. The attack may be initiated remotely.… |
- risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in Uncanny Owl Uncanny Automator uncanny-automator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Uncanny Automator: from n/a through <= 6.7.0.1.
- risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in Xylus Themes WP Bulk Delete wp-bulk-delete allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Bulk Delete: from n/a through <= 1.3.6.
- risk 0.28cvss 4.3epss 0.00
The Tourfic plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the tf_order_status_email_resend_function, tf_visitor_details_edit_function, tf_checkinout_details_edit_function, tf_order_status_edit_function,…
- risk 0.28cvss 4.3epss 0.00
The WP Filter & Combine RSS Feeds plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the post_listing_page() function in all versions up to, and including, 0.4. This makes it possible for authenticated attackers, with…
- risk 0.28cvss 4.3epss 0.00
The Ni WooCommerce Customer Product Report plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ni_woocpr_action() function in all versions up to, and including, 1.2.4. This makes it possible for authenticated…
- risk 0.28cvss 4.3epss 0.00
The Spacious theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'welcome_notice_import_handler' function in all versions up to, and including, 1.9.11. This makes it possible for authenticated attackers, with…
- risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in ollybach WPPizza wppizza allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPPizza: from n/a through <= 3.19.8.
- risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in wpsoul Greenshift greenshift-animation-and-page-builder-blocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Greenshift: from n/a through <= 12.1.1.
- risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in themifyme Themify Builder themify-builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Themify Builder: from n/a through <= 7.6.7.
- risk 0.28cvss 4.3epss 0.00
The ColorMag theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the welcome_notice_import_handler() function in all versions up to, and including, 4.0.19. This makes it possible for authenticated attackers, with…
- risk 0.28cvss 4.3epss 0.00
The Media Library Assistant plugin for WordPress is vulnerable to arbitrary file deletion in the /wp-content/uploads directory due to insufficient file path validation and user capability checking in the _process_mla_download_file function in all versions up to, and including,…
- risk 0.28cvss 4.3epss 0.00
A vulnerability has been found in mtons mblog up to 3.5.0. Affected by this issue is some unknown functionality. The manipulation leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
- risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in hashthemes Easy Elementor Addons easy-elementor-addons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Elementor Addons: from n/a through <= 2.2.7.
- risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in GoodLayers Modernize modernize allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Modernize: from n/a through <= 3.4.0.
- risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in Themovation App, SaaS & Software Startup Tech Theme - Stratus stratusx allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects App, SaaS & Software Startup Tech Theme - Stratus: from n/a through <= 4.2.5.
- risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in codeablepress CodeablePress codeablepress-simple-frontend-profile-picture-upload allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CodeablePress: from n/a through <= 1.0.2.
- risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in magepeopleteam WpEvently mage-eventpress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WpEvently: from n/a through <= 4.4.6.
- risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in Dariolee Netease Music netease-music allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Netease Music: from n/a through <= 3.2.1.
- risk 0.28cvss 4.3epss 0.00
The Simple Local Avatars plugin for WordPress is vulnerable to unauthorized modification of data in version 2.8.4. This is due to a missing capability check on the migrate_from_wp_user_avatar() function. This makes it possible for authenticated attackers, with subscriber-level…
- risk 0.28cvss 4.3epss 0.00
A vulnerability was found in atjiu pybbs up to 6.0.0 and classified as problematic. This issue affects the function setCookie of the file src/main/java/co/yiiu/pybbs/util/CookieUtil.java. The manipulation leads to cross-site request forgery. The attack may be initiated remotely.…