CWE-862

Missing Authorization

ClassIncompleteLikelihood: High

Description

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

Hierarchy (View 1000)

Parents

CWE-285

Children

Related attack patterns (CAPEC)

CAPEC-665

CVEs mapped to this weakness (5,392)

page 190 of 270

CVE	Vendor / Product	Sev	Risk	CVSS	EPSS	Published	Description
CVE-2025-31830	Uriahs Victor Printus	Med	0.28	4.3	0.00	Apr 1, 2025	Missing Authorization vulnerability in Uriahs Victor Printus printus-cloud-printing-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Printus: from n/a through <= 1.2.6.
CVE-2025-31820	WordPress Automatic Featured Images From Videos	Med	0.28	4.3	0.01	Apr 1, 2025	Missing Authorization vulnerability in webdevstudios Automatic Featured Images from Videos automatic-featured-images-from-videos allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Automatic Featured Images from Videos: from n/a through <=…
CVE-2025-31799	WordPress Publitio	Med	0.28	4.3	0.00	Apr 1, 2025	Missing Authorization vulnerability in publitio Publitio publitio allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Publitio: from n/a through <= 2.1.8.
CVE-2025-31798	WordPress Publitio	Med	0.28	4.3	0.00	Apr 1, 2025	Missing Authorization vulnerability in publitio Publitio publitio allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Publitio: from n/a through <= 2.1.8.
CVE-2025-31787	WordPress Cue	Med	0.28	4.3	0.00	Apr 1, 2025	Missing Authorization vulnerability in AudioTheme Cue cue allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Cue: from n/a through <= 2.4.4.
CVE-2025-31781	Wpswings Woocommerce Ultimate Gift Card	Med	0.28	4.3	0.00	Apr 1, 2025	Missing Authorization vulnerability in ahmadshyk Gift Cards for WooCommerce woo-giftcards allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Gift Cards for WooCommerce: from n/a through <= 1.5.8.
CVE-2025-31755	WordPress Pcloud Backup	Med	0.28	4.3	0.00	Apr 1, 2025	Missing Authorization vulnerability in josselynj pCloud Backup pcloud-backup allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects pCloud Backup: from n/a through <= 1.0.1.
CVE-2025-31752	termel Bulk Fields Editor	Med	0.28	4.3	0.00	Apr 1, 2025	Missing Authorization vulnerability in termel Bulk Fields Editor bulk-user-editor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Bulk Fields Editor: from n/a through <= 1.8.0.
CVE-2025-31732	Gb Plugins Gb Gallery Slideshow	Med	0.28	4.3	0.00	Apr 1, 2025	Missing Authorization vulnerability in gb-plugins GB Gallery Slideshow gb-gallery-slideshow allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GB Gallery Slideshow: from n/a through <= 1.3.
CVE-2025-31408	WordPress Zoho Flow	Med	0.28	4.3	0.00	Apr 1, 2025	Missing Authorization vulnerability in Zoho Flow Zoho Flow zoho-flow allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Zoho Flow: from n/a through <= 2.13.3.
CVE-2025-30926	WordPress Addons For Elementor	Med	0.28	4.3	0.00	Apr 1, 2025	Missing Authorization vulnerability in KingAddons.com King Addons for Elementor king-addons.This issue affects King Addons for Elementor: from n/a through <= 24.12.58.
CVE-2025-3037	—	Med	0.28	4.3	0.00	Mar 31, 2025	A vulnerability has been found in yzk2356911358 StudentServlet-JSP cc0cdce25fbe43b6c58b60a77a2c85f52d2102f5/d4d7a0643f1dae908a4831206f2714b21820f991 and classified as problematic. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. The…
CVE-2025-31611	Shaharia Azam Auto Post After Image Upload	Med	0.28	4.3	0.00	Mar 31, 2025	Missing Authorization vulnerability in Shaharia Azam Auto Post After Image Upload auto-post-after-image-upload allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Auto Post After Image Upload: from n/a through <= 1.6.
CVE-2025-31609	Arni Cinco WPCargo Track & Trace	Med	0.28	4.3	0.00	Mar 31, 2025	Missing Authorization vulnerability in Arni Cinco WPCargo Track & Trace wpcargo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPCargo Track & Trace: from n/a through <= 8.0.2.
CVE-2025-31596	Chatwee Chat by Chatwee	Med	0.28	4.3	0.00	Mar 31, 2025	Missing Authorization vulnerability in Chatwee Chat by Chatwee chatwee allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Chat by Chatwee: from n/a through <= 2.1.3.
CVE-2025-31576	WordPress Postmarkapp Email Integrator	Med	0.28	4.3	0.00	Mar 31, 2025	Missing Authorization vulnerability in Gagan Deep Singh PostmarkApp Email Integrator postmarkapp-email-integrator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PostmarkApp Email Integrator: from n/a through <= 2.4.
CVE-2025-31546	WordPress Swiss Toolkit For Wp	Med	0.28	4.3	0.00	Mar 31, 2025	Missing Authorization vulnerability in WP Messiah Swiss Toolkit For WP swiss-toolkit-for-wp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Swiss Toolkit For WP: from n/a through <= 1.4.0.
CVE-2025-31544	WordPress Swiss Toolkit For Wp	Med	0.28	4.3	0.00	Mar 31, 2025	Missing Authorization vulnerability in WP Messiah Swiss Toolkit For WP swiss-toolkit-for-wp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Swiss Toolkit For WP: from n/a through <= 1.4.5.
CVE-2025-31540	WordPress Acme Divi Modules	Med	0.28	4.3	0.00	Mar 31, 2025	Missing Authorization vulnerability in acmemediakits ACME Divi Modules acme-divi-modules allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ACME Divi Modules: from n/a through <= 1.3.5.
CVE-2025-31530	Smackcoders Inc. Google SEO Pressor Snippet	Med	0.28	4.3	0.00	Mar 31, 2025	Missing Authorization vulnerability in Smackcoders Inc., Google SEO Pressor Snippet google-seo-author-snippets allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Google SEO Pressor Snippet: from n/a through <= 2.0.

CVE-2025-31830MedApr 1, 2025
Uriahs Victor
Printus
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in Uriahs Victor Printus printus-cloud-printing-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Printus: from n/a through <= 1.2.6.
CVE-2025-31820MedApr 1, 2025
WordPress
Automatic Featured Images From Videos
risk 0.28cvss 4.3epss 0.01
Missing Authorization vulnerability in webdevstudios Automatic Featured Images from Videos automatic-featured-images-from-videos allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Automatic Featured Images from Videos: from n/a through <=…
CVE-2025-31799MedApr 1, 2025
WordPress
Publitio
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in publitio Publitio publitio allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Publitio: from n/a through <= 2.1.8.
CVE-2025-31798MedApr 1, 2025
WordPress
Publitio
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in publitio Publitio publitio allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Publitio: from n/a through <= 2.1.8.
CVE-2025-31787MedApr 1, 2025
WordPress
Cue
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in AudioTheme Cue cue allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Cue: from n/a through <= 2.4.4.
CVE-2025-31781MedApr 1, 2025
Wpswings
Woocommerce Ultimate Gift Card
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in ahmadshyk Gift Cards for WooCommerce woo-giftcards allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Gift Cards for WooCommerce: from n/a through <= 1.5.8.
CVE-2025-31755MedApr 1, 2025
WordPress
Pcloud Backup
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in josselynj pCloud Backup pcloud-backup allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects pCloud Backup: from n/a through <= 1.0.1.
CVE-2025-31752MedApr 1, 2025
termel
Bulk Fields Editor
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in termel Bulk Fields Editor bulk-user-editor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Bulk Fields Editor: from n/a through <= 1.8.0.
CVE-2025-31732MedApr 1, 2025
Gb Plugins
Gb Gallery Slideshow
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in gb-plugins GB Gallery Slideshow gb-gallery-slideshow allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GB Gallery Slideshow: from n/a through <= 1.3.
CVE-2025-31408MedApr 1, 2025
WordPress
Zoho Flow
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in Zoho Flow Zoho Flow zoho-flow allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Zoho Flow: from n/a through <= 2.13.3.
CVE-2025-30926MedApr 1, 2025
WordPress
Addons For Elementor
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in KingAddons.com King Addons for Elementor king-addons.This issue affects King Addons for Elementor: from n/a through <= 24.12.58.
CVE-2025-3037MedMar 31, 2025
risk 0.28cvss 4.3epss 0.00
A vulnerability has been found in yzk2356911358 StudentServlet-JSP cc0cdce25fbe43b6c58b60a77a2c85f52d2102f5/d4d7a0643f1dae908a4831206f2714b21820f991 and classified as problematic. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. The…
CVE-2025-31611MedMar 31, 2025
Shaharia Azam
Auto Post After Image Upload
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in Shaharia Azam Auto Post After Image Upload auto-post-after-image-upload allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Auto Post After Image Upload: from n/a through <= 1.6.
CVE-2025-31609MedMar 31, 2025
Arni Cinco
WPCargo Track & Trace
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in Arni Cinco WPCargo Track & Trace wpcargo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPCargo Track & Trace: from n/a through <= 8.0.2.
CVE-2025-31596MedMar 31, 2025
Chatwee
Chat by Chatwee
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in Chatwee Chat by Chatwee chatwee allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Chat by Chatwee: from n/a through <= 2.1.3.
CVE-2025-31576MedMar 31, 2025
WordPress
Postmarkapp Email Integrator
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in Gagan Deep Singh PostmarkApp Email Integrator postmarkapp-email-integrator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PostmarkApp Email Integrator: from n/a through <= 2.4.
CVE-2025-31546MedMar 31, 2025
WordPress
Swiss Toolkit For Wp
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in WP Messiah Swiss Toolkit For WP swiss-toolkit-for-wp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Swiss Toolkit For WP: from n/a through <= 1.4.0.
CVE-2025-31544MedMar 31, 2025
WordPress
Swiss Toolkit For Wp
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in WP Messiah Swiss Toolkit For WP swiss-toolkit-for-wp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Swiss Toolkit For WP: from n/a through <= 1.4.5.
CVE-2025-31540MedMar 31, 2025
WordPress
Acme Divi Modules
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in acmemediakits ACME Divi Modules acme-divi-modules allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ACME Divi Modules: from n/a through <= 1.3.5.
CVE-2025-31530MedMar 31, 2025
Smackcoders Inc.
Google SEO Pressor Snippet
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in Smackcoders Inc., Google SEO Pressor Snippet google-seo-author-snippets allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Google SEO Pressor Snippet: from n/a through <= 2.0.