CWE-862

Missing Authorization

ClassIncompleteLikelihood: High

Description

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

Hierarchy (View 1000)

Parents

CWE-285

Children

Related attack patterns (CAPEC)

CAPEC-665

CVEs mapped to this weakness (5,392)

page 188 of 270

CVE	Vendor / Product	Sev	Risk	CVSS	Published	Description
CVE-2025-39413	Wpgoplugins Simple Sitemap	Med	0.28	4.3	Apr 30, 2025	Missing Authorization vulnerability in David Gwyer Simple Sitemap – Create a Responsive HTML Sitemap simple-sitemap.This issue affects Simple Sitemap – Create a Responsive HTML Sitemap: from n/a through <= 3.6.0.
CVE-2025-3953	Wp Statistics Wp Statistics	Med	0.28	5.4	Apr 30, 2025	The WP Statistics – The Most Popular Privacy-Friendly Analytics Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'optionUpdater' function in all versions up to, and including, 14.13.3. This makes it…
CVE-2025-4095	Docker Desktop	Med	0.28	—	Apr 29, 2025	Registry Access Management (RAM) is a security feature allowing administrators to restrict access for their developers to only allowed registries. When a MacOS configuration profile is used to enforce organization sign-in, the RAM policies are not being applied, which would…
CVE-2025-3997	dazhouda lecms	Med	0.28	4.3	Apr 28, 2025	A vulnerability classified as problematic has been found in dazhouda lecms 3.0.3. This affects an unknown part of the file /index.php?my-profile-ajax-1 of the component Personal Information Page. The manipulation leads to cross-site request forgery. It is possible to initiate…
CVE-2025-46519	WordPress Media Library Downloader	Med	0.28	4.3	Apr 24, 2025	Missing Authorization vulnerability in M.Code Media Library Downloader media-library-downloader allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Media Library Downloader: from n/a through <= 1.3.1.
CVE-2025-46470	Peter Raschendorfer Smart Hashtags [#hashtagger]	Med	0.28	4.3	Apr 24, 2025	Missing Authorization vulnerability in Peter Raschendorfer Smart Hashtags [#hashtagger] hashtagger allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Smart Hashtags [#hashtagger]: from n/a through <= 7.2.3.
CVE-2025-39385	Vowelweb Sirat	Med	0.28	4.3	Apr 24, 2025	Missing Authorization vulnerability in vowelweb Sirat sirat allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sirat: from n/a through <= 1.5.1.
CVE-2025-46232	Alttext Alt Text AI	Med	0.28	4.3	Apr 22, 2025	Missing Authorization vulnerability in alttextai Download Alt Text AI alttext-ai allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Download Alt Text AI: from n/a through <= 1.9.93.
CVE-2025-39602	Wcproducttable Woocommerce Product Table Lite	Med	0.28	4.3	Apr 16, 2025	Missing Authorization vulnerability in WC Product Table WooCommerce Product Table Lite wc-product-table-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WooCommerce Product Table Lite: from n/a through <= 3.9.5.
CVE-2025-39571	Wpxpo Wowstore	Med	0.28	4.3	Apr 16, 2025	Missing Authorization vulnerability in WPXPO WowStore product-blocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WowStore: from n/a through <= 4.2.4.
CVE-2025-26955	Vowelweb Industrial Lite	Med	0.28	4.3	Apr 15, 2025	Missing Authorization vulnerability in vowelweb Industrial Lite industrial-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Industrial Lite: from n/a through <= 1.0.8.
CVE-2025-32236	WordPress Vagonic Sortable	Med	0.28	4.3	Apr 10, 2025	Missing Authorization vulnerability in Vagonic Woocommerce Products Reorder Drag Drop Multiple Sort – Sortable, Rearrange Products Vagonic vagonic-sortable.This issue affects Woocommerce Products Reorder Drag Drop Multiple Sort – Sortable, Rearrange Products Vagonic: from…
CVE-2025-26901	Brizy Brizy	Med	0.28	4.3	Apr 9, 2025	Missing Authorization vulnerability in Brizy Brizy Pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Brizy Pro: from n/a through 2.6.1.
CVE-2025-31004	WordPress Rich Table Of Content	Med	0.28	4.3	Apr 9, 2025	Missing Authorization vulnerability in Croover.inc Rich Table of Contents rich-table-of-content allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Rich Table of Contents: from n/a through <= 1.4.0.
CVE-2025-32279	Shahjada Live Forms	Med	0.28	4.3	Apr 8, 2025	Missing Authorization vulnerability in Shahjada Live Forms liveforms.This issue affects Live Forms: from n/a through <= 4.8.5.
CVE-2025-27437	SAP Sap Web Application Server	Med	0.28	4.3	Apr 8, 2025	A Missing Authorization Check vulnerability exists in the Virus Scanner Interface of SAP NetWeaver Application Server ABAP. Because of this, an attacker authenticated as a non-administrative user can initiate a transaction, allowing them to access but not modify non-sensitive…
CVE-2025-1233	Lafka Lafka Plugin	Med	0.28	4.3	Apr 5, 2025	The Lafka Plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the 'lafka_options_upload' AJAX function in all versions up to, and including, 7.1.0. This makes it possible for authenticated attackers, with subscriber-level access and…
CVE-2025-32277	Ateeq Rafeeq RepairBuddy	Med	0.28	4.3	Apr 4, 2025	Missing Authorization vulnerability in Ateeq Rafeeq RepairBuddy computer-repair-shop allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects RepairBuddy: from n/a through <= 3.8213.
CVE-2025-32239	Getsocial Social Share Buttons \& Analytics	Med	0.28	4.3	Apr 4, 2025	Missing Authorization vulnerability in Joao Romao Social Share Buttons & Analytics Plugin – GetSocial.io wp-share-buttons-analytics-by-getsocial allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Social Share Buttons & Analytics Plugin…
CVE-2025-32237	Stellarwp Masterstudy Lms	Med	0.28	4.3	Apr 4, 2025	Missing Authorization vulnerability in Stylemix MasterStudy LMS masterstudy-lms-learning-management-system allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MasterStudy LMS: from n/a through <= 3.5.28.

CVE-2025-39413MedApr 30, 2025
Wpgoplugins
Simple Sitemap
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in David Gwyer Simple Sitemap – Create a Responsive HTML Sitemap simple-sitemap.This issue affects Simple Sitemap – Create a Responsive HTML Sitemap: from n/a through <= 3.6.0.
CVE-2025-3953MedApr 30, 2025
Wp Statistics
Wp Statistics
risk 0.28cvss 5.4epss 0.00
The WP Statistics – The Most Popular Privacy-Friendly Analytics Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'optionUpdater' function in all versions up to, and including, 14.13.3. This makes it…
CVE-2025-4095MedApr 29, 2025
Docker
Desktop
risk 0.28cvss —epss 0.00
Registry Access Management (RAM) is a security feature allowing administrators to restrict access for their developers to only allowed registries. When a MacOS configuration profile is used to enforce organization sign-in, the RAM policies are not being applied, which would…
CVE-2025-3997MedApr 28, 2025
dazhouda
lecms
risk 0.28cvss 4.3epss 0.00
A vulnerability classified as problematic has been found in dazhouda lecms 3.0.3. This affects an unknown part of the file /index.php?my-profile-ajax-1 of the component Personal Information Page. The manipulation leads to cross-site request forgery. It is possible to initiate…
CVE-2025-46519MedApr 24, 2025
WordPress
Media Library Downloader
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in M.Code Media Library Downloader media-library-downloader allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Media Library Downloader: from n/a through <= 1.3.1.
CVE-2025-46470MedApr 24, 2025
Peter Raschendorfer
Smart Hashtags [#hashtagger]
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in Peter Raschendorfer Smart Hashtags [#hashtagger] hashtagger allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Smart Hashtags [#hashtagger]: from n/a through <= 7.2.3.
CVE-2025-39385MedApr 24, 2025
Vowelweb
Sirat
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in vowelweb Sirat sirat allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sirat: from n/a through <= 1.5.1.
CVE-2025-46232MedApr 22, 2025
Alttext
Alt Text AI
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in alttextai Download Alt Text AI alttext-ai allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Download Alt Text AI: from n/a through <= 1.9.93.
CVE-2025-39602MedApr 16, 2025
Wcproducttable
Woocommerce Product Table Lite
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in WC Product Table WooCommerce Product Table Lite wc-product-table-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WooCommerce Product Table Lite: from n/a through <= 3.9.5.
CVE-2025-39571MedApr 16, 2025
Wpxpo
Wowstore
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in WPXPO WowStore product-blocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WowStore: from n/a through <= 4.2.4.
CVE-2025-26955MedApr 15, 2025
Vowelweb
Industrial Lite
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in vowelweb Industrial Lite industrial-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Industrial Lite: from n/a through <= 1.0.8.
CVE-2025-32236MedApr 10, 2025
WordPress
Vagonic Sortable
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in Vagonic Woocommerce Products Reorder Drag Drop Multiple Sort – Sortable, Rearrange Products Vagonic vagonic-sortable.This issue affects Woocommerce Products Reorder Drag Drop Multiple Sort – Sortable, Rearrange Products Vagonic: from…
CVE-2025-26901MedApr 9, 2025
Brizy
Brizy
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in Brizy Brizy Pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Brizy Pro: from n/a through 2.6.1.
CVE-2025-31004MedApr 9, 2025
WordPress
Rich Table Of Content
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in Croover.inc Rich Table of Contents rich-table-of-content allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Rich Table of Contents: from n/a through <= 1.4.0.
CVE-2025-32279MedApr 8, 2025
Shahjada
Live Forms
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in Shahjada Live Forms liveforms.This issue affects Live Forms: from n/a through <= 4.8.5.
CVE-2025-27437MedApr 8, 2025
SAP
Sap Web Application Server
risk 0.28cvss 4.3epss 0.00
A Missing Authorization Check vulnerability exists in the Virus Scanner Interface of SAP NetWeaver Application Server ABAP. Because of this, an attacker authenticated as a non-administrative user can initiate a transaction, allowing them to access but not modify non-sensitive…
CVE-2025-1233MedApr 5, 2025
Lafka
Lafka Plugin
risk 0.28cvss 4.3epss 0.00
The Lafka Plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the 'lafka_options_upload' AJAX function in all versions up to, and including, 7.1.0. This makes it possible for authenticated attackers, with subscriber-level access and…
CVE-2025-32277MedApr 4, 2025
Ateeq Rafeeq
RepairBuddy
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in Ateeq Rafeeq RepairBuddy computer-repair-shop allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects RepairBuddy: from n/a through <= 3.8213.
CVE-2025-32239MedApr 4, 2025
Getsocial
Social Share Buttons \& Analytics
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in Joao Romao Social Share Buttons & Analytics Plugin – GetSocial.io wp-share-buttons-analytics-by-getsocial allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Social Share Buttons & Analytics Plugin…
CVE-2025-32237MedApr 4, 2025
Stellarwp
Masterstudy Lms
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in Stylemix MasterStudy LMS masterstudy-lms-learning-management-system allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MasterStudy LMS: from n/a through <= 3.5.28.