CWE-862

Missing Authorization

ClassIncompleteLikelihood: High

Description

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

Hierarchy (View 1000)

Parents

CWE-285

Children

Related attack patterns (CAPEC)

CAPEC-665

CVEs mapped to this weakness (5,392)

page 192 of 270

CVE	Vendor / Product	Sev	Risk	CVSS	Published	Description
CVE-2025-30543	swayam.tejwani Menu Duplicator	Med	0.28	4.3	Mar 24, 2025	Missing Authorization vulnerability in swayam.tejwani Menu Duplicator copy-menu allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Menu Duplicator: from n/a through <= 1.0.
CVE-2025-2420	Morning Pro Morning	Med	0.28	4.3	Mar 17, 2025	A vulnerability classified as problematic was found in 猫宁i Morning up to bc782730c74ff080494f145cc363a0b4f43f7d3e. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The…
CVE-2025-1668	WordPress Wpschoolpress	Med	0.28	4.3	Mar 15, 2025	The School Management System – WPSchoolPress plugin for WordPress is vulnerable to arbitrary user deletion due to a missing capability check on the wpsp_DeleteUser() function in all versions up to, and including, 2.2.16. This makes it possible for authenticated attackers, with…
CVE-2025-1528	WordPress Search Filter Pro	Med	0.28	4.3	Mar 14, 2025	The Search & Filter Pro plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'get_meta_values' function in all versions up to, and including, 2.5.19. This makes it possible for authenticated attackers, with Subscriber-level…
CVE-2025-28938	Bjoern WP Performance Pack	Med	0.28	4.3	Mar 11, 2025	Missing Authorization vulnerability in Bjoern WP Performance Pack wp-performance-pack allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Performance Pack: from n/a through <= 2.5.3.
CVE-2025-26656	SAP Manage Purchasing Info Records	Med	0.28	4.3	Mar 11, 2025	OData Service in Manage Purchasing Info Records does not perform necessary authorization checks for an authenticated user, allowing an attacker to escalate privileges. This has low impact on integrity of the application.
CVE-2025-23188	SAP FS-RBD	Med	0.28	4.3	Mar 11, 2025	An authenticated user with low privileges can exploit a missing authorization check in an IBS module of FS-RBD, allowing unauthorized access to perform actions beyond their intended permissions. This causes a low impact on integrity with no impact on confidentiality and…
CVE-2025-1504	Post Lockdown Post Lockdown	Med	0.28	4.3	Mar 8, 2025	The Post Lockdown plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 4.0.2 via the 'pl_autocomplete' AJAX action due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers,…
CVE-2025-1666	WordPress Cookiebot	Med	0.28	4.3	Mar 6, 2025	The Cookie banner plugin for WordPress – Cookiebot CMP by Usercentrics plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the send_uninstall_survey() function in all versions up to, and including, 4.4.1. This makes it…
CVE-2024-13811	WordPress Lafka	Med	0.28	4.3	Mar 5, 2025	The Lafka - Multi Store Burger - Pizza & Food Delivery WooCommerce Theme theme for WordPress is vulnerable to unauthorized access due to a missing capability check on the 'lafka_import_lafka' AJAX actions in all versions up to, and including, 4.5.7. This makes it possible for…
CVE-2024-13810	WordPress Zass	Med	0.28	4.3	Mar 5, 2025	The Zass - WooCommerce Theme for Handmade Artists and Artisans theme for WordPress is vulnerable to unauthorized access due to a missing capability check on the 'zass_import_zass' AJAX actions in all versions up to, and including, 3.9.9.10. This makes it possible for…
CVE-2024-13747	WooMail WooMail	Med	0.28	4.3	Mar 5, 2025	The WooMail - WooCommerce Email Customizer plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'template_delete_saved' function in all versions up to, and including, 3.0.34. This makes it possible for authenticated attackers,…
CVE-2025-1091	—	Med	0.28	4.3	Feb 26, 2025	A Broken Authorization schema exists where any authenticated user could download IOA script and configuration files if the URL is known.
CVE-2025-26983	Wpzoom Recipe Card Blocks for Gutenberg & Elementor	Med	0.28	4.3	Feb 25, 2025	Missing Authorization vulnerability in WPZOOM Recipe Card Blocks for Gutenberg & Elementor recipe-card-blocks-by-wpzoom allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Recipe Card Blocks for Gutenberg & Elementor: from n/a through <=…
CVE-2025-26948	WordPress Pie Register Premium	Med	0.28	4.3	Feb 25, 2025	Missing Authorization vulnerability in NotFound Pie Register Premium. This issue affects Pie Register Premium: from n/a through 3.8.3.2.
CVE-2025-26928	Xfinitysoft Order Limit for WooCommerce	Med	0.28	4.3	Feb 25, 2025	Missing Authorization vulnerability in Xfinitysoft Order Limit for WooCommerce wc-order-limit-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Order Limit for WooCommerce: from n/a through <= 3.0.2.
CVE-2025-26871	Wpdeveloper Essential Blocks	Med	0.28	4.3	Feb 25, 2025	Missing Authorization vulnerability in WPDeveloper Essential Blocks for Gutenberg essential-blocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Essential Blocks for Gutenberg: from n/a through <= 4.8.3.
CVE-2025-26773	Adnan wp-analytify	Med	0.28	4.3	Feb 17, 2025	Missing Authorization vulnerability in Adnan Analytify wp-analytify allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Analytify: from n/a through <= 5.5.0.
CVE-2025-1358	Pixsoft Vivaz	Med	0.28	4.3	Feb 16, 2025	A vulnerability classified as problematic was found in Pix Software Vivaz 6.0.10. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.…
CVE-2025-23190	—	Med	0.28	4.3	Feb 11, 2025	Due to missing authorization check, an authenticated attacker could call a remote-enabled function module which allows them to access data that they would otherwise not have access to. The attacker cannot modify data or impact the availability of the system.

CVE-2025-30543MedMar 24, 2025
swayam.tejwani
Menu Duplicator
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in swayam.tejwani Menu Duplicator copy-menu allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Menu Duplicator: from n/a through <= 1.0.
CVE-2025-2420MedMar 17, 2025
Morning Pro
Morning
risk 0.28cvss 4.3epss 0.00
A vulnerability classified as problematic was found in 猫宁i Morning up to bc782730c74ff080494f145cc363a0b4f43f7d3e. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The…
CVE-2025-1668MedMar 15, 2025
WordPress
Wpschoolpress
risk 0.28cvss 4.3epss 0.00
The School Management System – WPSchoolPress plugin for WordPress is vulnerable to arbitrary user deletion due to a missing capability check on the wpsp_DeleteUser() function in all versions up to, and including, 2.2.16. This makes it possible for authenticated attackers, with…
CVE-2025-1528MedMar 14, 2025
WordPress
Search Filter Pro
risk 0.28cvss 4.3epss 0.00
The Search & Filter Pro plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'get_meta_values' function in all versions up to, and including, 2.5.19. This makes it possible for authenticated attackers, with Subscriber-level…
CVE-2025-28938MedMar 11, 2025
Bjoern
WP Performance Pack
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in Bjoern WP Performance Pack wp-performance-pack allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Performance Pack: from n/a through <= 2.5.3.
CVE-2025-26656MedMar 11, 2025
SAP
Manage Purchasing Info Records
risk 0.28cvss 4.3epss 0.00
OData Service in Manage Purchasing Info Records does not perform necessary authorization checks for an authenticated user, allowing an attacker to escalate privileges. This has low impact on integrity of the application.
CVE-2025-23188MedMar 11, 2025
SAP
FS-RBD
risk 0.28cvss 4.3epss 0.00
An authenticated user with low privileges can exploit a missing authorization check in an IBS module of FS-RBD, allowing unauthorized access to perform actions beyond their intended permissions. This causes a low impact on integrity with no impact on confidentiality and…
CVE-2025-1504MedMar 8, 2025
Post Lockdown
Post Lockdown
risk 0.28cvss 4.3epss 0.00
The Post Lockdown plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 4.0.2 via the 'pl_autocomplete' AJAX action due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers,…
CVE-2025-1666MedMar 6, 2025
WordPress
Cookiebot
risk 0.28cvss 4.3epss 0.00
The Cookie banner plugin for WordPress – Cookiebot CMP by Usercentrics plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the send_uninstall_survey() function in all versions up to, and including, 4.4.1. This makes it…
CVE-2024-13811MedMar 5, 2025
WordPress
Lafka
risk 0.28cvss 4.3epss 0.00
The Lafka - Multi Store Burger - Pizza & Food Delivery WooCommerce Theme theme for WordPress is vulnerable to unauthorized access due to a missing capability check on the 'lafka_import_lafka' AJAX actions in all versions up to, and including, 4.5.7. This makes it possible for…
CVE-2024-13810MedMar 5, 2025
WordPress
Zass
risk 0.28cvss 4.3epss 0.00
The Zass - WooCommerce Theme for Handmade Artists and Artisans theme for WordPress is vulnerable to unauthorized access due to a missing capability check on the 'zass_import_zass' AJAX actions in all versions up to, and including, 3.9.9.10. This makes it possible for…
CVE-2024-13747MedMar 5, 2025
WooMail
WooMail
risk 0.28cvss 4.3epss 0.00
The WooMail - WooCommerce Email Customizer plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'template_delete_saved' function in all versions up to, and including, 3.0.34. This makes it possible for authenticated attackers,…
CVE-2025-1091MedFeb 26, 2025
risk 0.28cvss 4.3epss 0.00
A Broken Authorization schema exists where any authenticated user could download IOA script and configuration files if the URL is known.
CVE-2025-26983MedFeb 25, 2025
Wpzoom
Recipe Card Blocks for Gutenberg & Elementor
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in WPZOOM Recipe Card Blocks for Gutenberg & Elementor recipe-card-blocks-by-wpzoom allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Recipe Card Blocks for Gutenberg & Elementor: from n/a through <=…
CVE-2025-26948MedFeb 25, 2025
WordPress
Pie Register Premium
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in NotFound Pie Register Premium. This issue affects Pie Register Premium: from n/a through 3.8.3.2.
CVE-2025-26928MedFeb 25, 2025
Xfinitysoft
Order Limit for WooCommerce
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in Xfinitysoft Order Limit for WooCommerce wc-order-limit-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Order Limit for WooCommerce: from n/a through <= 3.0.2.
CVE-2025-26871MedFeb 25, 2025
Wpdeveloper
Essential Blocks
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in WPDeveloper Essential Blocks for Gutenberg essential-blocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Essential Blocks for Gutenberg: from n/a through <= 4.8.3.
CVE-2025-26773MedFeb 17, 2025
Adnan
wp-analytify
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in Adnan Analytify wp-analytify allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Analytify: from n/a through <= 5.5.0.
CVE-2025-1358MedFeb 16, 2025
Pixsoft
Vivaz
risk 0.28cvss 4.3epss 0.00
A vulnerability classified as problematic was found in Pix Software Vivaz 6.0.10. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.…
CVE-2025-23190MedFeb 11, 2025
risk 0.28cvss 4.3epss 0.00
Due to missing authorization check, an authenticated attacker could call a remote-enabled function module which allows them to access data that they would otherwise not have access to. The attacker cannot modify data or impact the availability of the system.