CWE-862
Missing Authorization
Description
The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-665
CVEs mapped to this weakness (5,392)
page 184 of 270| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-7078 | Med | 0.28 | 4.3 | 0.00 | Jul 6, 2025 | A vulnerability classified as problematic was found in 07FLYCMS, 07FLY-CMS and 07FlyCRM up to 1.3.9. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public… | ||
| CVE-2025-29007 | Med | 0.28 | 4.3 | 0.00 | Jul 4, 2025 | Missing Authorization vulnerability in LMSACE LMSACE Connect lmsace-connect allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LMSACE Connect: from n/a through <= 3.4. | ||
| CVE-2025-29001 | Med | 0.28 | 4.3 | 0.00 | Jul 4, 2025 | Missing Authorization vulnerability in ZoomIt WooCommerce Shop Page Builder allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WooCommerce Shop Page Builder: from n/a through 2.27.7. | ||
| CVE-2025-6865 | Med | 0.28 | 4.3 | 0.00 | Jun 29, 2025 | A vulnerability, which was classified as problematic, was found in DaiCuo up to 1.3.13. This affects an unknown part of the file /admin.php/addon/index. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been… | ||
| CVE-2025-6864 | Med | 0.28 | 4.3 | 0.00 | Jun 29, 2025 | A vulnerability, which was classified as problematic, has been found in SeaCMS up to 13.2. Affected by this issue is some unknown functionality of the file /admin_type.php. The manipulation leads to cross-site request forgery. The attack may be launched remotely. The exploit has… | ||
| CVE-2025-53323 | Med | 0.28 | 4.3 | 0.00 | Jun 27, 2025 | Missing Authorization vulnerability in danbriapps Pre-Publish Post Checklist pre-publish-post-checklist allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Pre-Publish Post Checklist: from n/a through <= 3.1. | ||
| CVE-2025-53293 | Med | 0.28 | 4.3 | 0.00 | Jun 27, 2025 | Missing Authorization vulnerability in Morten Dalgaard Johansen Dashboard Widget Sidebar dashboard-widget-sidebar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Dashboard Widget Sidebar: from n/a through <= 1.2.3. | ||
| CVE-2025-53288 | Med | 0.28 | 4.3 | 0.00 | Jun 27, 2025 | Missing Authorization vulnerability in Adrian Ladó PlatiOnline Payments plationline allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PlatiOnline Payments: from n/a through <= 7.0.0. | ||
| CVE-2025-53266 | Med | 0.28 | 4.3 | 0.00 | Jun 27, 2025 | Missing Authorization vulnerability in EdwardBock Cron Logger cron-logger allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Cron Logger: from n/a through <= 1.3.0. | ||
| CVE-2025-53200 | Med | 0.28 | 4.3 | 0.00 | Jun 27, 2025 | Missing Authorization vulnerability in QuantumCloud ChatBot chatbot allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ChatBot: from n/a through <= 6.7.3. | ||
| CVE-2025-6664 | Med | 0.28 | 4.3 | 0.00 | Jun 25, 2025 | A vulnerability, which was classified as problematic, was found in CodeAstro Patient Record Management System 1.0. Affected is an unknown function. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed… | ||
| CVE-2025-6478 | Med | 0.28 | 4.3 | 0.00 | Jun 22, 2025 | A vulnerability was found in CodeAstro Expense Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation leads to cross-site request forgery. The attack may be launched remotely. | ||
| CVE-2025-6476 | Med | 0.28 | 4.3 | 0.00 | Jun 22, 2025 | A vulnerability was found in SourceCodester Gym Management System 1.0. It has been classified as problematic. Affected is an unknown function. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to… | ||
| CVE-2025-49982 | Med | 0.28 | 4.3 | 0.00 | Jun 20, 2025 | Missing Authorization vulnerability in aguilatechnologies WP Customer Area customer-area allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Customer Area: from n/a through <= 8.3.4. | ||
| CVE-2025-49981 | Med | 0.28 | 4.3 | 0.00 | Jun 20, 2025 | Missing Authorization vulnerability in mahabub81 User Roles and Capabilities user-roles-and-capabilities allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects User Roles and Capabilities: from n/a through <= 1.2.6. | ||
| CVE-2025-49980 | Med | 0.28 | 4.3 | 0.00 | Jun 20, 2025 | Missing Authorization vulnerability in WP Event Manager WP User Profile Avatar wp-user-profile-avatar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP User Profile Avatar: from n/a through <= 1.0.6. | ||
| CVE-2025-49979 | Med | 0.28 | 4.3 | 0.00 | Jun 20, 2025 | Missing Authorization vulnerability in slui Media Hygiene media-hygiene allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Media Hygiene: from n/a through <= 4.0.1. | ||
| CVE-2025-49974 | Med | 0.28 | 4.3 | 0.00 | Jun 20, 2025 | Missing Authorization vulnerability in upstreamplugin UpStream: a Project Management Plugin for WordPress upstream allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects UpStream: a Project Management Plugin for WordPress: from n/a through <=… | ||
| CVE-2025-49973 | Med | 0.28 | 4.3 | 0.00 | Jun 20, 2025 | Missing Authorization vulnerability in GrandPlugins Image Sizes Controller, Create Custom Image Sizes, Disable Image Sizes image-sizes-controller allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Image Sizes Controller, Create Custom… | ||
| CVE-2025-49971 | Med | 0.28 | 4.3 | 0.00 | Jun 20, 2025 | Missing Authorization vulnerability in aThemeArt Translations eDS Responsive Menu eds-responsive-menu allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects eDS Responsive Menu: from n/a through <= 1.2. |
- risk 0.28cvss 4.3epss 0.00
A vulnerability classified as problematic was found in 07FLYCMS, 07FLY-CMS and 07FlyCRM up to 1.3.9. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public…
- risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in LMSACE LMSACE Connect lmsace-connect allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LMSACE Connect: from n/a through <= 3.4.
- risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in ZoomIt WooCommerce Shop Page Builder allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WooCommerce Shop Page Builder: from n/a through 2.27.7.
- risk 0.28cvss 4.3epss 0.00
A vulnerability, which was classified as problematic, was found in DaiCuo up to 1.3.13. This affects an unknown part of the file /admin.php/addon/index. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been…
- risk 0.28cvss 4.3epss 0.00
A vulnerability, which was classified as problematic, has been found in SeaCMS up to 13.2. Affected by this issue is some unknown functionality of the file /admin_type.php. The manipulation leads to cross-site request forgery. The attack may be launched remotely. The exploit has…
- risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in danbriapps Pre-Publish Post Checklist pre-publish-post-checklist allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Pre-Publish Post Checklist: from n/a through <= 3.1.
- risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in Morten Dalgaard Johansen Dashboard Widget Sidebar dashboard-widget-sidebar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Dashboard Widget Sidebar: from n/a through <= 1.2.3.
- risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in Adrian Ladó PlatiOnline Payments plationline allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PlatiOnline Payments: from n/a through <= 7.0.0.
- risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in EdwardBock Cron Logger cron-logger allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Cron Logger: from n/a through <= 1.3.0.
- risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in QuantumCloud ChatBot chatbot allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ChatBot: from n/a through <= 6.7.3.
- risk 0.28cvss 4.3epss 0.00
A vulnerability, which was classified as problematic, was found in CodeAstro Patient Record Management System 1.0. Affected is an unknown function. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed…
- risk 0.28cvss 4.3epss 0.00
A vulnerability was found in CodeAstro Expense Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation leads to cross-site request forgery. The attack may be launched remotely.
- risk 0.28cvss 4.3epss 0.00
A vulnerability was found in SourceCodester Gym Management System 1.0. It has been classified as problematic. Affected is an unknown function. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to…
- risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in aguilatechnologies WP Customer Area customer-area allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Customer Area: from n/a through <= 8.3.4.
- risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in mahabub81 User Roles and Capabilities user-roles-and-capabilities allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects User Roles and Capabilities: from n/a through <= 1.2.6.
- risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in WP Event Manager WP User Profile Avatar wp-user-profile-avatar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP User Profile Avatar: from n/a through <= 1.0.6.
- risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in slui Media Hygiene media-hygiene allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Media Hygiene: from n/a through <= 4.0.1.
- risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in upstreamplugin UpStream: a Project Management Plugin for WordPress upstream allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects UpStream: a Project Management Plugin for WordPress: from n/a through <=…
- risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in GrandPlugins Image Sizes Controller, Create Custom Image Sizes, Disable Image Sizes image-sizes-controller allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Image Sizes Controller, Create Custom…
- risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in aThemeArt Translations eDS Responsive Menu eds-responsive-menu allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects eDS Responsive Menu: from n/a through <= 1.2.