CWE-862

Missing Authorization

ClassIncompleteLikelihood: High

Description

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

Hierarchy (View 1000)

Parents

CWE-285

Children

Related attack patterns (CAPEC)

CAPEC-665

CVEs mapped to this weakness (5,392)

page 185 of 270

CVE	Vendor / Product	Sev	Risk	CVSS	Published	Description
CVE-2025-49970	sparklewpthemes Hello FSE	Med	0.28	4.3	Jun 20, 2025	Missing Authorization vulnerability in sparklewpthemes Hello FSE Blog hello-fse-blog allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Hello FSE Blog: from n/a through <= 1.0.6.
CVE-2025-49969	Zara 4 Zara 4 Image Compression	Med	0.28	4.3	Jun 20, 2025	Missing Authorization vulnerability in Zara 4 Zara 4 Image Compression zara-4 allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Zara 4 Image Compression: from n/a through <= 1.2.17.2.
CVE-2025-6341	Campcodes School Fees Payment Management System	Med	0.28	4.3	Jun 20, 2025	A vulnerability classified as problematic was found in code-projects School Fees Payment System 1.0. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public…
CVE-2025-6284	Phpgurukul Car Rental Portal	Med	0.28	4.3	Jun 19, 2025	A vulnerability was found in PHPGurukul Car Rental Portal 3.0. It has been declared as problematic. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public…
CVE-2025-23999	Macromedia Breeze	Med	0.28	4.3	Jun 18, 2025	Missing Authorization vulnerability in Cloudways Breeze breeze allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Breeze: from n/a through <= 2.2.13.
CVE-2025-49880	WordPress Cubewp Forms	Med	0.28	4.3	Jun 17, 2025	Missing Authorization vulnerability in Imran Tauqeer CubeWP Forms cubewp-forms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CubeWP Forms: from n/a through <= 1.1.5.
CVE-2025-49874	WordPress Arconix Faq	Med	0.28	4.3	Jun 17, 2025	Missing Authorization vulnerability in tychesoftwares Arconix FAQ arconix-faq allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Arconix FAQ: from n/a through <= 1.9.6.
CVE-2025-49857	WordPress Mycred	Med	0.28	4.3	Jun 17, 2025	Missing Authorization vulnerability in Saad Iqbal myCred mycred allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects myCred: from n/a through <= 2.9.4.2.
CVE-2025-6106	Wukongopensource Wukongcrm	Med	0.28	4.3	Jun 16, 2025	A vulnerability was found in WuKongOpenSource WukongCRM 9.0 and classified as problematic. This issue affects some unknown processing of the file AdminRoleController.java. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The exploit has…
CVE-2025-6105	Jflyfox Jfinal CMS	Med	0.28	4.3	Jun 16, 2025	A vulnerability has been found in jflyfox jfinal_cms 5.0.1 and classified as problematic. This vulnerability affects unknown code of the file HOME.java. The manipulation of the argument Logout leads to cross-site request forgery. The attack can be initiated remotely. The exploit…
CVE-2025-42991	SAP S/4HANA (Bank Account Application)	Med	0.28	4.3	Jun 10, 2025	SAP S/4HANA (Bank Account Application) does not perform necessary authorization checks. This allows an authenticated 'approver' user to delete attachment from bank account application of other user, leading to a low impact on integrity, with no impact on the confidentiality of…
CVE-2025-42987	SAP Manage Processing Rules (For Bank Statement)	Med	0.28	4.3	Jun 10, 2025	SAP Manage Processing Rules (For Bank Statement) allows an attacker with basic privileges to edit shared rules of any user by tampering the request parameter. Due to missing authorization check, the attacker can edit rules that should be restricted, compromising the integrity of…
CVE-2025-5900	Tenda AC9	Med	0.28	4.3	Jun 9, 2025	A vulnerability, which was classified as problematic, was found in Tenda AC9 15.03.02.13. This affects an unknown part. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be…
CVE-2025-5888	Jsnjfz Webstack Guns	Med	0.28	4.3	Jun 9, 2025	A vulnerability was found in jsnjfz WebStack-Guns 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to…
CVE-2025-5885	Konicaminolta Bizhub	Med	0.28	4.3	Jun 9, 2025	A vulnerability has been found in Konica Minolta bizhub up to 20250202 and classified as problematic. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public…
CVE-2025-5766	Code Projects Laundry System	Med	0.28	4.3	Jun 6, 2025	A vulnerability was found in code-projects Laundry System 1.0. It has been declared as problematic. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public…
CVE-2025-49293	WordPress Crawlomatic Multipage Scraper Post Generator	Med	0.28	4.3	Jun 6, 2025	Missing Authorization vulnerability in CodeRevolution Crawlomatic Multisite Scraper Post Generator crawlomatic-multipage-scraper-post-generator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Crawlomatic Multisite Scraper Post…
CVE-2025-49287	WordPress Webtoffee Product Feed	Med	0.28	4.3	Jun 6, 2025	Missing Authorization vulnerability in WebToffee Product Feed for WooCommerce webtoffee-product-feed allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Product Feed for WooCommerce: from n/a through <= 2.2.8.
CVE-2025-49272	WordPress Trinity Audio	Med	0.28	4.3	Jun 6, 2025	Missing Authorization vulnerability in sergiotrinity Trinity Audio trinity-audio allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Trinity Audio: from n/a through <= 5.20.0.
CVE-2025-49248	cmoreira Team Showcase	Med	0.28	4.3	Jun 6, 2025	Missing Authorization vulnerability in cmoreira Team Showcase team-showcase-cm allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Team Showcase: from n/a through < 25.05.13.

CVE-2025-49970MedJun 20, 2025
sparklewpthemes
Hello FSE
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in sparklewpthemes Hello FSE Blog hello-fse-blog allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Hello FSE Blog: from n/a through <= 1.0.6.
CVE-2025-49969MedJun 20, 2025
Zara 4
Zara 4 Image Compression
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in Zara 4 Zara 4 Image Compression zara-4 allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Zara 4 Image Compression: from n/a through <= 1.2.17.2.
CVE-2025-6341MedJun 20, 2025
Campcodes
School Fees Payment Management System
risk 0.28cvss 4.3epss 0.00
A vulnerability classified as problematic was found in code-projects School Fees Payment System 1.0. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public…
CVE-2025-6284MedJun 19, 2025
Phpgurukul
Car Rental Portal
risk 0.28cvss 4.3epss 0.00
A vulnerability was found in PHPGurukul Car Rental Portal 3.0. It has been declared as problematic. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public…
CVE-2025-23999MedJun 18, 2025
Macromedia
Breeze
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in Cloudways Breeze breeze allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Breeze: from n/a through <= 2.2.13.
CVE-2025-49880MedJun 17, 2025
WordPress
Cubewp Forms
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in Imran Tauqeer CubeWP Forms cubewp-forms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CubeWP Forms: from n/a through <= 1.1.5.
CVE-2025-49874MedJun 17, 2025
WordPress
Arconix Faq
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in tychesoftwares Arconix FAQ arconix-faq allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Arconix FAQ: from n/a through <= 1.9.6.
CVE-2025-49857MedJun 17, 2025
WordPress
Mycred
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in Saad Iqbal myCred mycred allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects myCred: from n/a through <= 2.9.4.2.
CVE-2025-6106MedJun 16, 2025
Wukongopensource
Wukongcrm
risk 0.28cvss 4.3epss 0.00
A vulnerability was found in WuKongOpenSource WukongCRM 9.0 and classified as problematic. This issue affects some unknown processing of the file AdminRoleController.java. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The exploit has…
CVE-2025-6105MedJun 16, 2025
Jflyfox
Jfinal CMS
risk 0.28cvss 4.3epss 0.00
A vulnerability has been found in jflyfox jfinal_cms 5.0.1 and classified as problematic. This vulnerability affects unknown code of the file HOME.java. The manipulation of the argument Logout leads to cross-site request forgery. The attack can be initiated remotely. The exploit…
CVE-2025-42991MedJun 10, 2025
SAP
S/4HANA (Bank Account Application)
risk 0.28cvss 4.3epss 0.00
SAP S/4HANA (Bank Account Application) does not perform necessary authorization checks. This allows an authenticated 'approver' user to delete attachment from bank account application of other user, leading to a low impact on integrity, with no impact on the confidentiality of…
CVE-2025-42987MedJun 10, 2025
SAP
Manage Processing Rules (For Bank Statement)
risk 0.28cvss 4.3epss 0.00
SAP Manage Processing Rules (For Bank Statement) allows an attacker with basic privileges to edit shared rules of any user by tampering the request parameter. Due to missing authorization check, the attacker can edit rules that should be restricted, compromising the integrity of…
CVE-2025-5900MedJun 9, 2025
Tenda
AC9
risk 0.28cvss 4.3epss 0.00
A vulnerability, which was classified as problematic, was found in Tenda AC9 15.03.02.13. This affects an unknown part. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be…
CVE-2025-5888MedJun 9, 2025
Jsnjfz
Webstack Guns
risk 0.28cvss 4.3epss 0.00
A vulnerability was found in jsnjfz WebStack-Guns 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to…
CVE-2025-5885MedJun 9, 2025
Konicaminolta
Bizhub
risk 0.28cvss 4.3epss 0.00
A vulnerability has been found in Konica Minolta bizhub up to 20250202 and classified as problematic. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public…
CVE-2025-5766MedJun 6, 2025
Code Projects
Laundry System
risk 0.28cvss 4.3epss 0.00
A vulnerability was found in code-projects Laundry System 1.0. It has been declared as problematic. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public…
CVE-2025-49293MedJun 6, 2025
WordPress
Crawlomatic Multipage Scraper Post Generator
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in CodeRevolution Crawlomatic Multisite Scraper Post Generator crawlomatic-multipage-scraper-post-generator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Crawlomatic Multisite Scraper Post…
CVE-2025-49287MedJun 6, 2025
WordPress
Webtoffee Product Feed
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in WebToffee Product Feed for WooCommerce webtoffee-product-feed allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Product Feed for WooCommerce: from n/a through <= 2.2.8.
CVE-2025-49272MedJun 6, 2025
WordPress
Trinity Audio
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in sergiotrinity Trinity Audio trinity-audio allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Trinity Audio: from n/a through <= 5.20.0.
CVE-2025-49248MedJun 6, 2025
cmoreira
Team Showcase
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in cmoreira Team Showcase team-showcase-cm allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Team Showcase: from n/a through < 25.05.13.