CWE-862

Missing Authorization

ClassIncompleteLikelihood: High

Description

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

Hierarchy (View 1000)

Parents

CWE-285

Children

Related attack patterns (CAPEC)

CAPEC-665

CVEs mapped to this weakness (5,335)

page 195 of 267

CVE	Vendor / Product	Sev	Risk	CVSS	Published	Description
CVE-2023-45002	WordPress Wp User Frontend	Med	0.28	4.3	Jan 2, 2025	Missing Authorization vulnerability in weDevs WP User Frontend allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP User Frontend: from n/a through 3.6.8.
CVE-2023-44988	WordPress Wp Custom Admin Interface	Med	0.28	4.3	Jan 2, 2025	Missing Authorization vulnerability in Martin Gibson WP Custom Admin Interface allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Custom Admin Interface: from n/a through 7.32.
CVE-2024-51667	Paytiumsupport Paytium	Med	0.28	4.3	Dec 31, 2024	Missing Authorization vulnerability in paytiumsupport Paytium paytium.This issue affects Paytium: from n/a through <= 4.4.10.
CVE-2024-49698	Pricelisto Best Restaurant Menu	Med	0.28	4.3	Dec 31, 2024	Missing Authorization vulnerability in PriceListo Best Restaurant Menu by PriceListo best-restaurant-menu-by-pricelisto.This issue affects Best Restaurant Menu by PriceListo: from n/a through <= 1.4.2.
CVE-2024-49687	Storeapps Smart Manager	Med	0.28	4.3	Dec 31, 2024	Missing Authorization vulnerability in storeapps Smart Manager smart-manager-for-wp-e-commerce.This issue affects Smart Manager: from n/a through <= 8.45.0.
CVE-2023-50850	Automattic Woocommerce Subscriptions	Med	0.28	4.3	Dec 31, 2024	Missing Authorization vulnerability in Woo WooCommerce Subscriptions allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WooCommerce Subscriptions: from n/a before 5.8.0.
CVE-2024-56227	Royal Elementor Addons Royal Elementor Addons	Med	0.28	4.3	Dec 31, 2024	Missing Authorization vulnerability in WP Royal Royal Elementor Addons royal-elementor-addons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Royal Elementor Addons: from n/a through <= 1.7.1001.
CVE-2024-56219	WordPress Widget Options	Med	0.28	4.3	Dec 31, 2024	Missing Authorization vulnerability in Marketing Fire Widget Options widget-options allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Widget Options: from n/a through <= 4.0.6.1.
CVE-2024-56217	Shahjada Download Manager	Med	0.28	4.3	Dec 31, 2024	Missing Authorization vulnerability in Shahjada Download Manager download-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Download Manager: from n/a through <= 3.3.03.
CVE-2024-56215	Dbarproductions Member Directory and Contact Form	Med	0.28	4.3	Dec 31, 2024	Missing Authorization vulnerability in DBAR Productions Member Directory and Contact Form pta-member-directory allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Member Directory and Contact Form: from n/a through <= 1.7.0.
CVE-2024-12210	WordPress Woocommerce Delivery Notes	Med	0.28	4.3	Dec 24, 2024	The Print Invoice & Delivery Notes for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wcdn_remove_shoplogo' AJAX action in all versions up to, and including, 5.4.0. This makes it possible for…
CVE-2024-56003	WordPress Caldera SMTP Mailer	Med	0.28	4.3	Dec 16, 2024	Missing Authorization vulnerability in David Cramer Caldera SMTP Mailer caldera-smtp-mailer.This issue affects Caldera SMTP Mailer: from n/a through <= 1.0.1.
CVE-2024-56007	WordPress Leader	Med	0.28	4.3	Dec 16, 2024	Missing Authorization vulnerability in leader codes Leader leader allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Leader: from n/a through <= 2.6.1.
CVE-2024-55994	WordPress Changyan	Med	0.28	4.3	Dec 16, 2024	Missing Authorization vulnerability in sohu 畅言评论系统 changyan allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects 畅言评论系统: from n/a through <= 2.0.5.
CVE-2024-54402	WordPress Arabic Webfonts	Med	0.28	4.3	Dec 16, 2024	Missing Authorization vulnerability in Mohamed Abd Elhalim Arabic Webfonts arabic-webfonts allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Arabic Webfonts: from n/a through <= 1.4.6.
CVE-2024-54384	Anh Tran Falcon – WordPress Optimizations & Tweaks	Med	0.28	4.3	Dec 16, 2024	Missing Authorization vulnerability in Anh Tran Falcon – WordPress Optimizations & Tweaks falcon allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Falcon – WordPress Optimizations & Tweaks: from n/a through <= 2.8.3.
CVE-2024-54298	ThemeMakers Car Dealer	Med	0.28	4.3	Dec 13, 2024	Missing Authorization vulnerability in sminozzi Car Dealer cardealer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Car Dealer: from n/a through <= 4.46.
CVE-2024-54278	WordPress News Ticker For Elementor	Med	0.28	4.3	Dec 13, 2024	Missing Authorization vulnerability in Plugin Devs News Ticker for Elementor news-ticker-for-elementor allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects News Ticker for Elementor: from n/a through <= 2.1.3.
CVE-2024-54267	Cminds Cm Answers	Med	0.28	4.3	Dec 13, 2024	Missing Authorization vulnerability in CreativeMindsSolutions CM Answers cm-answers allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CM Answers: from n/a through <= 3.2.6.
CVE-2023-41951	rtCamp rtMedia for WordPress, BuddyPress and bbPress	Med	0.28	4.3	Dec 13, 2024	Missing Authorization vulnerability in rtCamp rtMedia for WordPress, BuddyPress and bbPress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects rtMedia for WordPress, BuddyPress and bbPress: from n/a through 4.6.14.

CVE-2023-45002MedJan 2, 2025
WordPress
Wp User Frontend
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in weDevs WP User Frontend allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP User Frontend: from n/a through 3.6.8.
CVE-2023-44988MedJan 2, 2025
WordPress
Wp Custom Admin Interface
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in Martin Gibson WP Custom Admin Interface allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Custom Admin Interface: from n/a through 7.32.
CVE-2024-51667MedDec 31, 2024
Paytiumsupport
Paytium
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in paytiumsupport Paytium paytium.This issue affects Paytium: from n/a through <= 4.4.10.
CVE-2024-49698MedDec 31, 2024
Pricelisto
Best Restaurant Menu
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in PriceListo Best Restaurant Menu by PriceListo best-restaurant-menu-by-pricelisto.This issue affects Best Restaurant Menu by PriceListo: from n/a through <= 1.4.2.
CVE-2024-49687MedDec 31, 2024
Storeapps
Smart Manager
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in storeapps Smart Manager smart-manager-for-wp-e-commerce.This issue affects Smart Manager: from n/a through <= 8.45.0.
CVE-2023-50850MedDec 31, 2024
Automattic
Woocommerce Subscriptions
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in Woo WooCommerce Subscriptions allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WooCommerce Subscriptions: from n/a before 5.8.0.
CVE-2024-56227MedDec 31, 2024
Royal Elementor Addons
Royal Elementor Addons
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in WP Royal Royal Elementor Addons royal-elementor-addons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Royal Elementor Addons: from n/a through <= 1.7.1001.
CVE-2024-56219MedDec 31, 2024
WordPress
Widget Options
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in Marketing Fire Widget Options widget-options allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Widget Options: from n/a through <= 4.0.6.1.
CVE-2024-56217MedDec 31, 2024
Shahjada
Download Manager
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in Shahjada Download Manager download-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Download Manager: from n/a through <= 3.3.03.
CVE-2024-56215MedDec 31, 2024
Dbarproductions
Member Directory and Contact Form
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in DBAR Productions Member Directory and Contact Form pta-member-directory allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Member Directory and Contact Form: from n/a through <= 1.7.0.
CVE-2024-12210MedDec 24, 2024
WordPress
Woocommerce Delivery Notes
risk 0.28cvss 4.3epss 0.00
The Print Invoice & Delivery Notes for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wcdn_remove_shoplogo' AJAX action in all versions up to, and including, 5.4.0. This makes it possible for…
CVE-2024-56003MedDec 16, 2024
WordPress
Caldera SMTP Mailer
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in David Cramer Caldera SMTP Mailer caldera-smtp-mailer.This issue affects Caldera SMTP Mailer: from n/a through <= 1.0.1.
CVE-2024-56007MedDec 16, 2024
WordPress
Leader
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in leader codes Leader leader allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Leader: from n/a through <= 2.6.1.
CVE-2024-55994MedDec 16, 2024
WordPress
Changyan
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in sohu 畅言评论系统 changyan allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects 畅言评论系统: from n/a through <= 2.0.5.
CVE-2024-54402MedDec 16, 2024
WordPress
Arabic Webfonts
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in Mohamed Abd Elhalim Arabic Webfonts arabic-webfonts allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Arabic Webfonts: from n/a through <= 1.4.6.
CVE-2024-54384MedDec 16, 2024
Anh Tran
Falcon – WordPress Optimizations & Tweaks
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in Anh Tran Falcon – WordPress Optimizations & Tweaks falcon allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Falcon – WordPress Optimizations & Tweaks: from n/a through <= 2.8.3.
CVE-2024-54298MedDec 13, 2024
ThemeMakers
Car Dealer
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in sminozzi Car Dealer cardealer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Car Dealer: from n/a through <= 4.46.
CVE-2024-54278MedDec 13, 2024
WordPress
News Ticker For Elementor
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in Plugin Devs News Ticker for Elementor news-ticker-for-elementor allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects News Ticker for Elementor: from n/a through <= 2.1.3.
CVE-2024-54267MedDec 13, 2024
Cminds
Cm Answers
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in CreativeMindsSolutions CM Answers cm-answers allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CM Answers: from n/a through <= 3.2.6.
CVE-2023-41951MedDec 13, 2024
rtCamp
rtMedia for WordPress, BuddyPress and bbPress
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in rtCamp rtMedia for WordPress, BuddyPress and bbPress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects rtMedia for WordPress, BuddyPress and bbPress: from n/a through 4.6.14.