CWE-862

Missing Authorization

ClassIncompleteLikelihood: High

Description

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

Hierarchy (View 1000)

Parents

CWE-285

Children

Related attack patterns (CAPEC)

CAPEC-665

CVEs mapped to this weakness (5,392)

page 187 of 270

CVE	Vendor / Product	Sev	Risk	CVSS	Published	Description
CVE-2025-48262	WordPress URL Rewrite Analyzer	Med	0.28	4.3	May 19, 2025	Missing Authorization vulnerability in M.Code Url Rewrite Analyzer url-rewrite-analyzer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Url Rewrite Analyzer: from n/a through <= 1.3.3.
CVE-2025-48260	WordPress Ninja Gdpr Compliance	Med	0.28	4.3	May 19, 2025	Missing Authorization vulnerability in Ninja Team GDPR CCPA Compliance Support ninja-gdpr-compliance allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GDPR CCPA Compliance Support: from n/a through <= 2.7.3.
CVE-2025-48247	Blairwilliams Shortlinks by Pretty Links	Med	0.28	4.3	May 19, 2025	Missing Authorization vulnerability in Blair Williams Shortlinks by Pretty Links pretty-link allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Shortlinks by Pretty Links: from n/a through <= 3.6.15.
CVE-2025-48138	Bertha Bertha AI	Med	0.28	4.3	May 16, 2025	Missing Authorization vulnerability in Bertha AI – Andrew Palmer BERTHA AI bertha-ai-free allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects BERTHA AI: from n/a through <= 1.13.
CVE-2025-48128	WordPress Sharespine Woocommerce Connector	Med	0.28	4.3	May 16, 2025	Missing Authorization vulnerability in Sharespine Sharespine Woocommerce Connector sharespine-woocommerce-connector allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sharespine Woocommerce Connector: from n/a through <= 4.7.55.
CVE-2025-48079	Metagauss Profilegrid	Med	0.28	4.3	May 16, 2025	Missing Authorization vulnerability in Metagauss ProfileGrid profilegrid-user-profiles-groups-and-communities allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ProfileGrid : from n/a through <= 5.9.5.1.
CVE-2025-47534	Valvepress Wordpress Auto Spinner	Med	0.28	4.3	May 16, 2025	Missing Authorization vulnerability in ValvePress Wordpress Auto Spinner wp-auto-spinner allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Wordpress Auto Spinner: from n/a through <= 3.25.0.
CVE-2025-39511	Valvepress Pinterest Automatic Pin	Med	0.28	4.3	May 16, 2025	Missing Authorization vulnerability in ValvePress Pinterest Automatic Pin wp-pinterest-automatic allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Pinterest Automatic Pin: from n/a through <= 4.19.0.
CVE-2025-39493	Valvepress Rankie	Med	0.28	4.3	May 16, 2025	Missing Authorization vulnerability in ValvePress Rankie valvepress-rankie allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Rankie: from n/a through < 1.8.2.
CVE-2025-39482	Imithemes Eventer	Med	0.28	4.3	May 16, 2025	Missing Authorization vulnerability in imithemes Eventer eventer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Eventer: from n/a through < 3.11.4.
CVE-2025-32295	WordPress Salon Booking Plugin Pro Cc	Med	0.28	4.3	May 16, 2025	Missing Authorization vulnerability in wordpresschef Salon Booking Pro salon-booking-plugin-pro-cc allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Salon Booking Pro: from n/a through <= 10.10.2.
CVE-2025-31063	WordPress Wishlist	Med	0.28	4.3	May 16, 2025	Missing Authorization vulnerability in redqteam Wishlist wishlist allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Wishlist: from n/a through <= 2.1.0.
CVE-2025-3624	Hitachi Ops Center Analyzer	Med	0.28	4.3	May 16, 2025	Missing Authorization vulnerability in Hitachi Ops Center Analyzer (Hitachi Ops Center Analyzer detail view component).This issue affects Hitachi Ops Center Analyzer: from 10.0.0-00 before 11.0.4-00.
CVE-2024-51666	Tosin Oguntuyi Tours	Med	0.28	4.3	May 15, 2025	Missing Authorization vulnerability in Tosin Oguntuyi Tours tours.This issue affects Tours: from n/a through <= 1.0.0.
CVE-2025-4339	WordPress Thegem	Med	0.28	4.3	May 13, 2025	The TheGem theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajaxApi() function in all versions up to, and including, 5.10.3. This makes it possible for authenticated attackers, with Subscriber-level access and above,…
CVE-2025-47692	Contentstudio Contentstudio	Med	0.28	4.3	May 7, 2025	Missing Authorization vulnerability in contentstudio Contentstudio contentstudio allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Contentstudio: from n/a through <= 1.3.5.
CVE-2025-47591	CreedAlly Bulk Featured Image	Med	0.28	4.3	May 7, 2025	Missing Authorization vulnerability in CreedAlly Bulk Featured Image bulk-featured-image allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Bulk Featured Image: from n/a through <= 1.2.4.
CVE-2025-47471	Envothemes Envo Extra	Med	0.28	4.3	May 7, 2025	Missing Authorization vulnerability in EnvoThemes Envo Extra envo-extra allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Envo Extra: from n/a through <= 1.9.9.
CVE-2025-47467	WordPress Testimonial Slider	Med	0.28	4.3	May 7, 2025	Missing Authorization vulnerability in GS Plugins GS Testimonial Slider gs-testimonial allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GS Testimonial Slider: from n/a through <= 3.3.0.
CVE-2025-3766	WordPress Login Lockdown	Med	0.28	5.4	May 7, 2025	The Login Lockdown & Protection plugin for WordPress is vulnerable to unauthorized nonce access due to a missing capability check on the ajax_run_tool function in all versions up to, and including, 2.11. This makes it possible for authenticated attackers, with Subscriber-level…

CVE-2025-48262MedMay 19, 2025
WordPress
URL Rewrite Analyzer
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in M.Code Url Rewrite Analyzer url-rewrite-analyzer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Url Rewrite Analyzer: from n/a through <= 1.3.3.
CVE-2025-48260MedMay 19, 2025
WordPress
Ninja Gdpr Compliance
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in Ninja Team GDPR CCPA Compliance Support ninja-gdpr-compliance allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GDPR CCPA Compliance Support: from n/a through <= 2.7.3.
CVE-2025-48247MedMay 19, 2025
Blairwilliams
Shortlinks by Pretty Links
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in Blair Williams Shortlinks by Pretty Links pretty-link allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Shortlinks by Pretty Links: from n/a through <= 3.6.15.
CVE-2025-48138MedMay 16, 2025
Bertha
Bertha AI
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in Bertha AI – Andrew Palmer BERTHA AI bertha-ai-free allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects BERTHA AI: from n/a through <= 1.13.
CVE-2025-48128MedMay 16, 2025
WordPress
Sharespine Woocommerce Connector
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in Sharespine Sharespine Woocommerce Connector sharespine-woocommerce-connector allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sharespine Woocommerce Connector: from n/a through <= 4.7.55.
CVE-2025-48079MedMay 16, 2025
Metagauss
Profilegrid
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in Metagauss ProfileGrid profilegrid-user-profiles-groups-and-communities allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ProfileGrid : from n/a through <= 5.9.5.1.
CVE-2025-47534MedMay 16, 2025
Valvepress
Wordpress Auto Spinner
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in ValvePress Wordpress Auto Spinner wp-auto-spinner allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Wordpress Auto Spinner: from n/a through <= 3.25.0.
CVE-2025-39511MedMay 16, 2025
Valvepress
Pinterest Automatic Pin
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in ValvePress Pinterest Automatic Pin wp-pinterest-automatic allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Pinterest Automatic Pin: from n/a through <= 4.19.0.
CVE-2025-39493MedMay 16, 2025
Valvepress
Rankie
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in ValvePress Rankie valvepress-rankie allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Rankie: from n/a through < 1.8.2.
CVE-2025-39482MedMay 16, 2025
Imithemes
Eventer
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in imithemes Eventer eventer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Eventer: from n/a through < 3.11.4.
CVE-2025-32295MedMay 16, 2025
WordPress
Salon Booking Plugin Pro Cc
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in wordpresschef Salon Booking Pro salon-booking-plugin-pro-cc allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Salon Booking Pro: from n/a through <= 10.10.2.
CVE-2025-31063MedMay 16, 2025
WordPress
Wishlist
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in redqteam Wishlist wishlist allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Wishlist: from n/a through <= 2.1.0.
CVE-2025-3624MedMay 16, 2025
Hitachi
Ops Center Analyzer
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in Hitachi Ops Center Analyzer (Hitachi Ops Center Analyzer detail view component).This issue affects Hitachi Ops Center Analyzer: from 10.0.0-00 before 11.0.4-00.
CVE-2024-51666MedMay 15, 2025
Tosin Oguntuyi
Tours
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in Tosin Oguntuyi Tours tours.This issue affects Tours: from n/a through <= 1.0.0.
CVE-2025-4339MedMay 13, 2025
WordPress
Thegem
risk 0.28cvss 4.3epss 0.00
The TheGem theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajaxApi() function in all versions up to, and including, 5.10.3. This makes it possible for authenticated attackers, with Subscriber-level access and above,…
CVE-2025-47692MedMay 7, 2025
Contentstudio
Contentstudio
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in contentstudio Contentstudio contentstudio allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Contentstudio: from n/a through <= 1.3.5.
CVE-2025-47591MedMay 7, 2025
CreedAlly
Bulk Featured Image
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in CreedAlly Bulk Featured Image bulk-featured-image allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Bulk Featured Image: from n/a through <= 1.2.4.
CVE-2025-47471MedMay 7, 2025
Envothemes
Envo Extra
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in EnvoThemes Envo Extra envo-extra allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Envo Extra: from n/a through <= 1.9.9.
CVE-2025-47467MedMay 7, 2025
WordPress
Testimonial Slider
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in GS Plugins GS Testimonial Slider gs-testimonial allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GS Testimonial Slider: from n/a through <= 3.3.0.
CVE-2025-3766MedMay 7, 2025
WordPress
Login Lockdown
risk 0.28cvss 5.4epss 0.00
The Login Lockdown & Protection plugin for WordPress is vulnerable to unauthorized nonce access due to a missing capability check on the ajax_run_tool function in all versions up to, and including, 2.11. This makes it possible for authenticated attackers, with Subscriber-level…