CWE-862
Missing Authorization
Description
The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-665
CVEs mapped to this weakness (5,392)
page 194 of 270| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-12113 | Med | 0.28 | 4.3 | 0.00 | Jan 25, 2025 | The Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the delete_user_review() and delete_review() functions in all versions up to,… | ||
| CVE-2025-24753 | Med | 0.28 | 4.3 | 0.00 | Jan 24, 2025 | Missing Authorization vulnerability in StellarWP Gutenberg Blocks by Kadence Blocks kadence-blocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Gutenberg Blocks by Kadence Blocks: from n/a through <= 3.3.1. | ||
| CVE-2025-24751 | Med | 0.28 | 4.3 | 0.00 | Jan 24, 2025 | Missing Authorization vulnerability in GoDaddy CoBlocks coblocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CoBlocks: from n/a through <= 3.1.13. | ||
| CVE-2025-24736 | Med | 0.28 | 4.3 | 0.00 | Jan 24, 2025 | Missing Authorization vulnerability in metaphorcreations Post Duplicator post-duplicator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Post Duplicator: from n/a through <= 2.35. | ||
| CVE-2025-24725 | Med | 0.28 | 4.3 | 0.00 | Jan 24, 2025 | Missing Authorization vulnerability in ThimPress Thim Elementor Kit thim-elementor-kit allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Thim Elementor Kit: from n/a through <= 1.2.8. | ||
| CVE-2025-24693 | Med | 0.28 | 4.3 | 0.00 | Jan 24, 2025 | Missing Authorization vulnerability in Yehi Advanced Notifications advanced-notifications allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Advanced Notifications: from n/a through <= 1.2.7. | ||
| CVE-2025-24691 | Med | 0.28 | 4.3 | 0.00 | Jan 24, 2025 | Missing Authorization vulnerability in ctltwp People Lists people-lists allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects People Lists: from n/a through <= 1.3.10. | ||
| CVE-2025-24682 | Med | 0.28 | 4.3 | 0.00 | Jan 24, 2025 | Missing Authorization vulnerability in Michael Super Block Slider super-block-slider allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Super Block Slider: from n/a through <= 2.7.9. | ||
| CVE-2025-24679 | Med | 0.28 | 4.3 | 0.00 | Jan 24, 2025 | Missing Authorization vulnerability in webraketen Internal Links Manager seo-automated-link-building allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Internal Links Manager: from n/a through <= 2.5.2. | ||
| CVE-2025-24649 | Med | 0.28 | 4.3 | 0.00 | Jan 24, 2025 | Missing Authorization vulnerability in Bowo Admin and Site Enhancements (ASE) admin-site-enhancements allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Admin and Site Enhancements (ASE): from n/a through <= 7.6.2. | ||
| CVE-2025-24625 | Med | 0.28 | 4.3 | 0.00 | Jan 24, 2025 | Missing Authorization vulnerability in Marco Almeida | Webdados Taxonomy/Term and Role based Discounts for WooCommerce taxonomy-discounts-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Taxonomy/Term and Role based Discounts… | ||
| CVE-2025-24618 | Med | 0.28 | 4.3 | 0.00 | Jan 24, 2025 | Missing Authorization vulnerability in Element Invader ElementInvader Addons for Elementor elementinvader-addons-for-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ElementInvader Addons for Elementor: from n/a through <=… | ||
| CVE-2025-24613 | Med | 0.28 | 4.3 | 0.00 | Jan 24, 2025 | Missing Authorization vulnerability in FolioVision FV Thoughtful Comments thoughtful-comments allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects FV Thoughtful Comments: from n/a through <= 0.3.5. | ||
| CVE-2025-24591 | Med | 0.28 | 4.3 | 0.00 | Jan 24, 2025 | Missing Authorization vulnerability in Ninja Team GDPR CCPA Compliance Support ninja-gdpr-compliance allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GDPR CCPA Compliance Support: from n/a through <= 2.7.1. | ||
| CVE-2025-24589 | Med | 0.28 | 4.3 | 0.00 | Jan 24, 2025 | Missing Authorization vulnerability in JS Morisset JSM Show Post Metadata jsm-show-post-meta allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JSM Show Post Metadata: from n/a through <= 4.6.0. | ||
| CVE-2025-23991 | Med | 0.28 | 4.3 | 0.00 | Jan 24, 2025 | Missing Authorization vulnerability in Dotstore Product Size Charts Plugin for WooCommerce woo-advanced-product-size-chart.This issue affects Product Size Charts Plugin for WooCommerce: from n/a through <= 2.4.5. | ||
| CVE-2025-23684 | Med | 0.28 | 4.3 | 0.00 | Jan 22, 2025 | Missing Authorization vulnerability in Eugen Bobrowski Debug Tool debug-tool allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Debug Tool: from n/a through <= 2.2. | ||
| CVE-2025-22722 | Med | 0.28 | 4.3 | 0.00 | Jan 21, 2025 | Missing Authorization vulnerability in Marketing Fire Widget Options widget-options allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Widget Options: from n/a through <= 4.0.8. | ||
| CVE-2025-22721 | Med | 0.28 | 4.3 | 0.00 | Jan 21, 2025 | Missing Authorization vulnerability in Farhan Noor ApplyOnline apply-online allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ApplyOnline: from n/a through <= 2.6.7.1. | ||
| CVE-2025-0515 | Med | 0.28 | 4.3 | 0.00 | Jan 18, 2025 | The Buzz Club – Night Club, DJ and Music Festival Event WordPress Theme theme for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to a missing capability check on the 'cmsmasters_hide_admin_notice' function in all versions… |
- risk 0.28cvss 4.3epss 0.00
The Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the delete_user_review() and delete_review() functions in all versions up to,…
- risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in StellarWP Gutenberg Blocks by Kadence Blocks kadence-blocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Gutenberg Blocks by Kadence Blocks: from n/a through <= 3.3.1.
- risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in GoDaddy CoBlocks coblocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CoBlocks: from n/a through <= 3.1.13.
- risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in metaphorcreations Post Duplicator post-duplicator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Post Duplicator: from n/a through <= 2.35.
- risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in ThimPress Thim Elementor Kit thim-elementor-kit allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Thim Elementor Kit: from n/a through <= 1.2.8.
- risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in Yehi Advanced Notifications advanced-notifications allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Advanced Notifications: from n/a through <= 1.2.7.
- risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in ctltwp People Lists people-lists allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects People Lists: from n/a through <= 1.3.10.
- risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in Michael Super Block Slider super-block-slider allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Super Block Slider: from n/a through <= 2.7.9.
- risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in webraketen Internal Links Manager seo-automated-link-building allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Internal Links Manager: from n/a through <= 2.5.2.
- risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in Bowo Admin and Site Enhancements (ASE) admin-site-enhancements allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Admin and Site Enhancements (ASE): from n/a through <= 7.6.2.
- risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in Marco Almeida | Webdados Taxonomy/Term and Role based Discounts for WooCommerce taxonomy-discounts-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Taxonomy/Term and Role based Discounts…
- risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in Element Invader ElementInvader Addons for Elementor elementinvader-addons-for-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ElementInvader Addons for Elementor: from n/a through <=…
- risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in FolioVision FV Thoughtful Comments thoughtful-comments allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects FV Thoughtful Comments: from n/a through <= 0.3.5.
- risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in Ninja Team GDPR CCPA Compliance Support ninja-gdpr-compliance allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GDPR CCPA Compliance Support: from n/a through <= 2.7.1.
- risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in JS Morisset JSM Show Post Metadata jsm-show-post-meta allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JSM Show Post Metadata: from n/a through <= 4.6.0.
- risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in Dotstore Product Size Charts Plugin for WooCommerce woo-advanced-product-size-chart.This issue affects Product Size Charts Plugin for WooCommerce: from n/a through <= 2.4.5.
- risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in Eugen Bobrowski Debug Tool debug-tool allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Debug Tool: from n/a through <= 2.2.
- risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in Marketing Fire Widget Options widget-options allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Widget Options: from n/a through <= 4.0.8.
- risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in Farhan Noor ApplyOnline apply-online allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ApplyOnline: from n/a through <= 2.6.7.1.
- risk 0.28cvss 4.3epss 0.00
The Buzz Club – Night Club, DJ and Music Festival Event WordPress Theme theme for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to a missing capability check on the 'cmsmasters_hide_admin_notice' function in all versions…