CWE-862

Missing Authorization

ClassIncompleteLikelihood: High

Description

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

Hierarchy (View 1000)

Parents

CWE-285

Children

Related attack patterns (CAPEC)

CAPEC-665

CVEs mapped to this weakness (5,392)

page 189 of 270

CVE	Vendor / Product	Sev	Risk	CVSS	Published	Description
CVE-2025-32235	Sonaar Mp3 Audio Player For Music\, Radio \& Podcast	Med	0.28	4.3	Apr 4, 2025	Missing Authorization vulnerability in sonaar MP3 Audio Player for Music, Radio & Podcast by Sonaar mp3-music-player-by-sonaar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MP3 Audio Player for Music, Radio & Podcast by Sonaar: from…
CVE-2025-32234	WordPress Admail	Med	0.28	4.3	Apr 4, 2025	Missing Authorization vulnerability in aleswebs AdMail – Multilingual Back in-Stock Notifier for WooCommerce admail allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AdMail – Multilingual Back in-Stock Notifier for WooCommerce: from…
CVE-2025-32233	WordPress Revive So	Med	0.28	4.3	Apr 4, 2025	Missing Authorization vulnerability in WP Chill Revive.so revive-so allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Revive.so: from n/a through <= 2.0.3.
CVE-2025-32232	Era404 Stafflist	Med	0.28	4.3	Apr 4, 2025	Missing Authorization vulnerability in ERA404 StaffList stafflist allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects StaffList: from n/a through <= 3.2.7.
CVE-2025-32231	WordPress Bookingor	Med	0.28	4.3	Apr 4, 2025	Missing Authorization vulnerability in Bookingor Bookingor bookingor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Bookingor: from n/a through <= 2.0.1.
CVE-2025-32229	WordPress Variable Inspector	Med	0.28	4.3	Apr 4, 2025	Missing Authorization vulnerability in Bowo Variable Inspector variable-inspector allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Variable Inspector: from n/a through <= 2.6.3.
CVE-2025-32226	WordPress Display Product Variations Dropdown On Shop Page	Med	0.28	4.3	Apr 4, 2025	Missing Authorization vulnerability in Anzar Ahmed Display product variations dropdown on shop page display-product-variations-dropdown-on-shop-page allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Display product variations dropdown on…
CVE-2025-32201	WordPress Xpro Theme Builder	Med	0.28	4.3	Apr 4, 2025	Missing Authorization vulnerability in Xpro Xpro Theme Builder xpro-theme-builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Xpro Theme Builder: from n/a through <= 1.2.8.4.
CVE-2025-31525	WordPress Mobile Bottom Menu For Wp	Med	0.28	4.3	Apr 1, 2025	Missing Authorization vulnerability in WP Messiah WP Mobile Bottom Menu mobile-bottom-menu-for-wp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Mobile Bottom Menu: from n/a through <= 1.4.0.
CVE-2025-31887	WordPress Mybookprogress	Med	0.28	4.3	Apr 1, 2025	Missing Authorization vulnerability in zookatron MyBookProgress by Stormhill Media mybookprogress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MyBookProgress by Stormhill Media: from n/a through <= 1.0.8.
CVE-2025-31886	Repuso Repuso	Med	0.28	4.3	Apr 1, 2025	Missing Authorization vulnerability in Repuso Social proof testimonials and reviews by Repuso social-testimonials-and-reviews-widget allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Social proof testimonials and reviews by Repuso: from…
CVE-2025-31882	Webinarpress Webinarpress	Med	0.28	4.3	Apr 1, 2025	Missing Authorization vulnerability in WPWebinarSystem WebinarPress wp-webinarsystem allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WebinarPress: from n/a through <= 1.33.28.
CVE-2025-31877	Magnigenie Restropress	Med	0.28	4.3	Apr 1, 2025	Missing Authorization vulnerability in Magnigenie RestroPress restropress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects RestroPress: from n/a through <= 3.2.8.
CVE-2025-31866	ShipDepot ShipDepot for WooCommerce	Med	0.28	4.3	Apr 1, 2025	Missing Authorization vulnerability in Ship Depot ShipDepot for WooCommerce ship-depot allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ShipDepot for WooCommerce: from n/a through <= 1.2.19.
CVE-2025-31865	WordPress Cartboss	Med	0.28	4.3	Apr 1, 2025	Missing Authorization vulnerability in CartBoss CartBoss cartboss allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CartBoss: from n/a through <= 4.1.2.
CVE-2025-31856	brainvireinfo Export All Post Meta	Med	0.28	4.3	Apr 1, 2025	Missing Authorization vulnerability in brainvireinfo Export All Post Meta export-all-post-meta allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Export All Post Meta: from n/a through <= 1.2.1.
CVE-2025-31854	Sharaz Shahid Simple Sticky Add To Cart For WooCommerce	Med	0.28	4.3	Apr 1, 2025	Missing Authorization vulnerability in Sharaz Shahid Simple Sticky Add To Cart For WooCommerce sticky-add-to-cart-woo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simple Sticky Add To Cart For WooCommerce: from n/a through <= 1.4.9.
CVE-2025-31846	WordPress Theatre	Med	0.28	4.3	Apr 1, 2025	Missing Authorization vulnerability in Jeroen Schmit Theater for WordPress theatre allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Theater for WordPress: from n/a through <= 0.18.7.
CVE-2025-31843	Wilson OpenAI Tools for WordPress & WooCommerce	Med	0.28	4.3	Apr 1, 2025	Missing Authorization vulnerability in Wilson OpenAI Tools for WordPress & WooCommerce openai-tools-for-wp-wc allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects OpenAI Tools for WordPress & WooCommerce: from n/a through <= 2.2.1.
CVE-2025-31831	WordPress Atomchat	Med	0.28	4.3	Apr 1, 2025	Missing Authorization vulnerability in Team AtomChat AtomChat atomchat allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AtomChat: from n/a through <= 1.1.7.

CVE-2025-32235MedApr 4, 2025
Sonaar
Mp3 Audio Player For Music\, Radio \& Podcast
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in sonaar MP3 Audio Player for Music, Radio & Podcast by Sonaar mp3-music-player-by-sonaar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MP3 Audio Player for Music, Radio & Podcast by Sonaar: from…
CVE-2025-32234MedApr 4, 2025
WordPress
Admail
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in aleswebs AdMail – Multilingual Back in-Stock Notifier for WooCommerce admail allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AdMail – Multilingual Back in-Stock Notifier for WooCommerce: from…
CVE-2025-32233MedApr 4, 2025
WordPress
Revive So
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in WP Chill Revive.so revive-so allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Revive.so: from n/a through <= 2.0.3.
CVE-2025-32232MedApr 4, 2025
Era404
Stafflist
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in ERA404 StaffList stafflist allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects StaffList: from n/a through <= 3.2.7.
CVE-2025-32231MedApr 4, 2025
WordPress
Bookingor
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in Bookingor Bookingor bookingor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Bookingor: from n/a through <= 2.0.1.
CVE-2025-32229MedApr 4, 2025
WordPress
Variable Inspector
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in Bowo Variable Inspector variable-inspector allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Variable Inspector: from n/a through <= 2.6.3.
CVE-2025-32226MedApr 4, 2025
WordPress
Display Product Variations Dropdown On Shop Page
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in Anzar Ahmed Display product variations dropdown on shop page display-product-variations-dropdown-on-shop-page allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Display product variations dropdown on…
CVE-2025-32201MedApr 4, 2025
WordPress
Xpro Theme Builder
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in Xpro Xpro Theme Builder xpro-theme-builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Xpro Theme Builder: from n/a through <= 1.2.8.4.
CVE-2025-31525MedApr 1, 2025
WordPress
Mobile Bottom Menu For Wp
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in WP Messiah WP Mobile Bottom Menu mobile-bottom-menu-for-wp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Mobile Bottom Menu: from n/a through <= 1.4.0.
CVE-2025-31887MedApr 1, 2025
WordPress
Mybookprogress
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in zookatron MyBookProgress by Stormhill Media mybookprogress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MyBookProgress by Stormhill Media: from n/a through <= 1.0.8.
CVE-2025-31886MedApr 1, 2025
Repuso
Repuso
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in Repuso Social proof testimonials and reviews by Repuso social-testimonials-and-reviews-widget allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Social proof testimonials and reviews by Repuso: from…
CVE-2025-31882MedApr 1, 2025
Webinarpress
Webinarpress
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in WPWebinarSystem WebinarPress wp-webinarsystem allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WebinarPress: from n/a through <= 1.33.28.
CVE-2025-31877MedApr 1, 2025
Magnigenie
Restropress
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in Magnigenie RestroPress restropress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects RestroPress: from n/a through <= 3.2.8.
CVE-2025-31866MedApr 1, 2025
ShipDepot
ShipDepot for WooCommerce
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in Ship Depot ShipDepot for WooCommerce ship-depot allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ShipDepot for WooCommerce: from n/a through <= 1.2.19.
CVE-2025-31865MedApr 1, 2025
WordPress
Cartboss
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in CartBoss CartBoss cartboss allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CartBoss: from n/a through <= 4.1.2.
CVE-2025-31856MedApr 1, 2025
brainvireinfo
Export All Post Meta
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in brainvireinfo Export All Post Meta export-all-post-meta allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Export All Post Meta: from n/a through <= 1.2.1.
CVE-2025-31854MedApr 1, 2025
Sharaz Shahid
Simple Sticky Add To Cart For WooCommerce
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in Sharaz Shahid Simple Sticky Add To Cart For WooCommerce sticky-add-to-cart-woo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simple Sticky Add To Cart For WooCommerce: from n/a through <= 1.4.9.
CVE-2025-31846MedApr 1, 2025
WordPress
Theatre
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in Jeroen Schmit Theater for WordPress theatre allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Theater for WordPress: from n/a through <= 0.18.7.
CVE-2025-31843MedApr 1, 2025
Wilson
OpenAI Tools for WordPress & WooCommerce
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in Wilson OpenAI Tools for WordPress & WooCommerce openai-tools-for-wp-wc allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects OpenAI Tools for WordPress & WooCommerce: from n/a through <= 2.2.1.
CVE-2025-31831MedApr 1, 2025
WordPress
Atomchat
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in Team AtomChat AtomChat atomchat allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AtomChat: from n/a through <= 1.1.7.