CWE-862
Missing Authorization
Description
The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-665
CVEs mapped to this weakness (5,549)
page 19 of 278| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-7665 | Hig | 0.53 | 8.1 | 0.00 | Sep 19, 2025 | The Miniorange OTP Verification with Firebase plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the 'handle_mofirebase_form_options' function in versions 3.1.0 to 3.6.2. This makes it possible for unauthenticated attackers to update… | ||
| CVE-2025-8565 | Hig | 0.53 | 8.1 | 0.00 | Sep 18, 2025 | The Privacy Policy Generator, Terms & Conditions Generator WordPress Plugin : WP Legal Pages plugin for WordPress is vulnerable to unauthorized access of functionality due to a missing capability check on the wplp_gdpr_install_plugin_ajax_handler() function in all versions up… | ||
| CVE-2025-7040 | Hig | 0.53 | 8.2 | 0.00 | Sep 6, 2025 | The Cloud SAML SSO plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'set_organization_settings' action of the csso_handle_actions() function in all versions up to, and including, 1.0.19. The handler reads… | ||
| CVE-2025-8342 | Hig | 0.53 | 8.1 | 0.01 | Aug 15, 2025 | The WooCommerce OTP Login With Phone Number, OTP Verification plugin for WordPress is vulnerable to authentication bypass due to insufficient empty value checking in the lwp_ajax_register function in all versions up to, and including, 1.8.47. This makes it possible for… | ||
| CVE-2025-6043 | Hig | 0.53 | 8.1 | 0.01 | Jul 16, 2025 | The Malcure Malware Scanner — #1 Toolset for WordPress Malware Removal plugin for WordPress is vulnerable to Arbitrary File Deletion due to a missing capability check on the wpmr_delete_file() function in all versions up to, and including, 17.0. This makes it possible for… | ||
| CVE-2025-42953 | Hig | 0.53 | 8.1 | 0.00 | Jul 8, 2025 | SAP Netweaver System Configuration does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. This could completely compromise the integrity and availability with no impact on confidentiality of the system. | ||
| CVE-2025-52813 | Hig | 0.53 | 8.1 | 0.00 | Jul 4, 2025 | Missing Authorization vulnerability in pietro MobiLoud allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects MobiLoud: from n/a through 4.6.5. | ||
| CVE-2025-52818 | Hig | 0.53 | 8.2 | 0.00 | Jun 27, 2025 | Missing Authorization vulnerability in Dejan Jasnic Trusty Whistleblowing trusty-whistleblowing-solution allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Trusty Whistleblowing: from n/a through <= 2.0.1. | ||
| CVE-2025-52817 | Hig | 0.53 | 8.2 | 0.00 | Jun 27, 2025 | Missing Authorization vulnerability in ZealousWeb Abandoned Contact Form 7 abandoned-contact-form-7 allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Abandoned Contact Form 7: from n/a through <= 2.2. | ||
| CVE-2025-39536 | Hig | 0.53 | 8.2 | 0.00 | May 23, 2025 | Missing Authorization vulnerability in Chimpstudio JobHunt Job Alerts allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects JobHunt Job Alerts: from n/a through 3.6. | ||
| CVE-2025-39352 | Hig | 0.53 | 8.2 | 0.00 | May 19, 2025 | Missing Authorization vulnerability in ThemeGoods Grand Restaurant grandrestaurant allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Grand Restaurant: from n/a through <= 7.0. | ||
| CVE-2025-39350 | Hig | 0.53 | 8.2 | 0.00 | May 19, 2025 | Missing Authorization vulnerability in Rocket Apps wProject.This issue affects wProject: from n/a before 5.8.0. | ||
| CVE-2024-58101 | Hig | 0.53 | 8.1 | 0.00 | May 14, 2025 | Samsung Galaxy Buds and Galaxy Buds 2 audio devices are Bluetooth pairable by default without user input nor a way to stop this mode. As a consequence, audio playback takeover or even microphone recording without user consent or notification is achieved. Note: This is considered… | ||
| CVE-2025-32593 | Hig | 0.53 | 8.2 | 0.00 | Apr 17, 2025 | Missing Authorization vulnerability in Bytes Technolab Add Product Frontend for WooCommerce add-product-frontend-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Add Product Frontend for WooCommerce: from n/a through <=… | ||
| CVE-2025-26733 | Hig | 0.53 | 8.2 | 0.00 | Mar 27, 2025 | Missing Authorization vulnerability in shinetheme Traveler traveler.This issue affects Traveler: from n/a through < 3.2.1. | ||
| CVE-2024-13801 | Hig | 0.53 | 8.1 | 0.00 | Mar 26, 2025 | The BWL Advanced FAQ Manager plugin for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to a missing capability check on the 'baf_set_notice_status' AJAX action in all versions up to, and including, 2.1.4. This makes it… | ||
| CVE-2025-0952 | Hig | 0.53 | 8.1 | 0.00 | Mar 14, 2025 | The Eco Nature - Environment & Ecology WordPress Theme theme for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to a missing capability check on the 'cmsmasters_hide_admin_notice' AJAX action in all versions up to, and… | ||
| CVE-2024-13655 | Hig | 0.53 | 8.1 | 0.00 | Mar 7, 2025 | The Flex Mag - Responsive WordPress News Theme theme for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to a missing capability check on the propanel_of_ajax_callback() function in all versions up to, and including, 3.5.2.… | ||
| CVE-2025-25167 | Hig | 0.53 | 8.2 | 0.00 | Feb 7, 2025 | Missing Authorization vulnerability in Black and White BookPress – For Book Authors book-press allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects BookPress – For Book Authors: from n/a through <= 1.2.7. | ||
| CVE-2024-13767 | Hig | 0.53 | 8.1 | 0.01 | Jan 31, 2025 | The Live2DWebCanvas plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the ClearFiles() function in all versions up to, and including, 1.9.11. This makes it possible for authenticated attackers, with Subscriber-level access… |
- risk 0.53cvss 8.1epss 0.00
The Miniorange OTP Verification with Firebase plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the 'handle_mofirebase_form_options' function in versions 3.1.0 to 3.6.2. This makes it possible for unauthenticated attackers to update…
- risk 0.53cvss 8.1epss 0.00
The Privacy Policy Generator, Terms & Conditions Generator WordPress Plugin : WP Legal Pages plugin for WordPress is vulnerable to unauthorized access of functionality due to a missing capability check on the wplp_gdpr_install_plugin_ajax_handler() function in all versions up…
- risk 0.53cvss 8.2epss 0.00
The Cloud SAML SSO plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'set_organization_settings' action of the csso_handle_actions() function in all versions up to, and including, 1.0.19. The handler reads…
- risk 0.53cvss 8.1epss 0.01
The WooCommerce OTP Login With Phone Number, OTP Verification plugin for WordPress is vulnerable to authentication bypass due to insufficient empty value checking in the lwp_ajax_register function in all versions up to, and including, 1.8.47. This makes it possible for…
- risk 0.53cvss 8.1epss 0.01
The Malcure Malware Scanner — #1 Toolset for WordPress Malware Removal plugin for WordPress is vulnerable to Arbitrary File Deletion due to a missing capability check on the wpmr_delete_file() function in all versions up to, and including, 17.0. This makes it possible for…
- risk 0.53cvss 8.1epss 0.00
SAP Netweaver System Configuration does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. This could completely compromise the integrity and availability with no impact on confidentiality of the system.
- risk 0.53cvss 8.1epss 0.00
Missing Authorization vulnerability in pietro MobiLoud allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects MobiLoud: from n/a through 4.6.5.
- risk 0.53cvss 8.2epss 0.00
Missing Authorization vulnerability in Dejan Jasnic Trusty Whistleblowing trusty-whistleblowing-solution allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Trusty Whistleblowing: from n/a through <= 2.0.1.
- risk 0.53cvss 8.2epss 0.00
Missing Authorization vulnerability in ZealousWeb Abandoned Contact Form 7 abandoned-contact-form-7 allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Abandoned Contact Form 7: from n/a through <= 2.2.
- risk 0.53cvss 8.2epss 0.00
Missing Authorization vulnerability in Chimpstudio JobHunt Job Alerts allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects JobHunt Job Alerts: from n/a through 3.6.
- risk 0.53cvss 8.2epss 0.00
Missing Authorization vulnerability in ThemeGoods Grand Restaurant grandrestaurant allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Grand Restaurant: from n/a through <= 7.0.
- risk 0.53cvss 8.2epss 0.00
Missing Authorization vulnerability in Rocket Apps wProject.This issue affects wProject: from n/a before 5.8.0.
- risk 0.53cvss 8.1epss 0.00
Samsung Galaxy Buds and Galaxy Buds 2 audio devices are Bluetooth pairable by default without user input nor a way to stop this mode. As a consequence, audio playback takeover or even microphone recording without user consent or notification is achieved. Note: This is considered…
- risk 0.53cvss 8.2epss 0.00
Missing Authorization vulnerability in Bytes Technolab Add Product Frontend for WooCommerce add-product-frontend-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Add Product Frontend for WooCommerce: from n/a through <=…
- risk 0.53cvss 8.2epss 0.00
Missing Authorization vulnerability in shinetheme Traveler traveler.This issue affects Traveler: from n/a through < 3.2.1.
- risk 0.53cvss 8.1epss 0.00
The BWL Advanced FAQ Manager plugin for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to a missing capability check on the 'baf_set_notice_status' AJAX action in all versions up to, and including, 2.1.4. This makes it…
- risk 0.53cvss 8.1epss 0.00
The Eco Nature - Environment & Ecology WordPress Theme theme for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to a missing capability check on the 'cmsmasters_hide_admin_notice' AJAX action in all versions up to, and…
- risk 0.53cvss 8.1epss 0.00
The Flex Mag - Responsive WordPress News Theme theme for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to a missing capability check on the propanel_of_ajax_callback() function in all versions up to, and including, 3.5.2.…
- risk 0.53cvss 8.2epss 0.00
Missing Authorization vulnerability in Black and White BookPress – For Book Authors book-press allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects BookPress – For Book Authors: from n/a through <= 1.2.7.
- risk 0.53cvss 8.1epss 0.01
The Live2DWebCanvas plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the ClearFiles() function in all versions up to, and including, 1.9.11. This makes it possible for authenticated attackers, with Subscriber-level access…