CWE-862

Missing Authorization

ClassIncompleteLikelihood: High

Description

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

Hierarchy (View 1000)

Parents

CWE-285

Children

Related attack patterns (CAPEC)

CAPEC-665

CVEs mapped to this weakness (4,561)

page 198 of 229

CVE	Sev	Risk	CVSS	Published	Description
CVE-2023-47523	Med	0.28	4.3	Jan 2, 2025	Missing Authorization vulnerability in Ecreate Infotech Auto Tag Creator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Auto Tag Creator: from n/a through 1.0.2.
CVE-2023-46628	Med	0.28	4.3	Jan 2, 2025	Missing Authorization vulnerability in RedLettuce Plugins WP Word Count allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Word Count: from n/a through 3.2.4.
CVE-2023-46612	Med	0.28	4.3	Jan 2, 2025	Missing Authorization vulnerability in codedraft Mediabay mediabay-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Mediabay: from n/a through <= 1.6.
CVE-2023-46203	Med	0.28	4.3	Jan 2, 2025	Missing Authorization vulnerability in JustCoded / Alex Prokopenko Just Custom Fields allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Just Custom Fields: from n/a through 3.3.2.
CVE-2023-46196	Med	0.28	4.3	Jan 2, 2025	Missing Authorization vulnerability in Repuso Social proof testimonials and reviews by Repuso social-testimonials-and-reviews-widget allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Social proof testimonials and reviews by Repuso: from n/a through <= 4.97.
CVE-2023-46188	Med	0.28	4.3	Jan 2, 2025	Missing Authorization vulnerability in Jose Mortellaro Freesoul Deactivate Plugins – Plugin manager and cleanup allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Freesoul Deactivate Plugins – Plugin manager and cleanup: from n/a through 2.1.3.
CVE-2023-46080	Med	0.28	4.3	Jan 2, 2025	Missing Authorization vulnerability in Farhan Noor ApplyOnline – Application Form Builder and Manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ApplyOnline – Application Form Builder and Manager: from n/a through 2.5.3.
CVE-2023-45760	Med	0.28	4.3	Jan 2, 2025	Missing Authorization vulnerability in AdvancedCoding wpDiscuz wpdiscuz allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects wpDiscuz: from n/a through <= 7.6.3.
CVE-2023-45631	Med	0.28	4.3	Jan 2, 2025	Missing Authorization vulnerability in wpdevart Responsive Image Gallery, Gallery Album allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Responsive Image Gallery, Gallery Album: from n/a through 2.0.3.
CVE-2023-45271	Med	0.28	4.3	Jan 2, 2025	Missing Authorization vulnerability in WPXPO WowStore product-blocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WowStore: from n/a through <= 2.7.8.
CVE-2023-45110	Med	0.28	4.3	Jan 2, 2025	Missing Authorization vulnerability in boldthemes Bold Timeline Lite bold-timeline-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Bold Timeline Lite: from n/a through <= 1.1.9.
CVE-2023-45101	Med	0.28	4.3	Jan 2, 2025	Missing Authorization vulnerability in CusRev Customer Reviews for WooCommerce customer-reviews-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Customer Reviews for WooCommerce: from n/a through <= 5.36.0.
CVE-2023-45002	Med	0.28	4.3	Jan 2, 2025	Missing Authorization vulnerability in weDevs WP User Frontend allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP User Frontend: from n/a through 3.6.8.
CVE-2023-44988	Med	0.28	4.3	Jan 2, 2025	Missing Authorization vulnerability in Martin Gibson WP Custom Admin Interface allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Custom Admin Interface: from n/a through 7.32.
CVE-2024-51667	Med	0.28	4.3	Dec 31, 2024	Missing Authorization vulnerability in paytiumsupport Paytium paytium.This issue affects Paytium: from n/a through <= 4.4.10.
CVE-2024-49698	Med	0.28	4.3	Dec 31, 2024	Missing Authorization vulnerability in PriceListo Best Restaurant Menu by PriceListo best-restaurant-menu-by-pricelisto.This issue affects Best Restaurant Menu by PriceListo: from n/a through <= 1.4.2.
CVE-2024-49687	Med	0.28	4.3	Dec 31, 2024	Missing Authorization vulnerability in storeapps Smart Manager smart-manager-for-wp-e-commerce.This issue affects Smart Manager: from n/a through <= 8.45.0.
CVE-2023-50850	Med	0.28	4.3	Dec 31, 2024	Missing Authorization vulnerability in Woo WooCommerce Subscriptions allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WooCommerce Subscriptions: from n/a before 5.8.0.
CVE-2024-56227	Med	0.28	4.3	Dec 31, 2024	Missing Authorization vulnerability in WP Royal Royal Elementor Addons royal-elementor-addons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Royal Elementor Addons: from n/a through <= 1.7.1001.
CVE-2024-56219	Med	0.28	4.3	Dec 31, 2024	Missing Authorization vulnerability in Marketing Fire Widget Options widget-options allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Widget Options: from n/a through <= 4.0.6.1.

CVE-2023-47523MedJan 2, 2025
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in Ecreate Infotech Auto Tag Creator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Auto Tag Creator: from n/a through 1.0.2.
CVE-2023-46628MedJan 2, 2025
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in RedLettuce Plugins WP Word Count allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Word Count: from n/a through 3.2.4.
CVE-2023-46612MedJan 2, 2025
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in codedraft Mediabay mediabay-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Mediabay: from n/a through <= 1.6.
CVE-2023-46203MedJan 2, 2025
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in JustCoded / Alex Prokopenko Just Custom Fields allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Just Custom Fields: from n/a through 3.3.2.
CVE-2023-46196MedJan 2, 2025
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in Repuso Social proof testimonials and reviews by Repuso social-testimonials-and-reviews-widget allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Social proof testimonials and reviews by Repuso: from n/a through <= 4.97.
CVE-2023-46188MedJan 2, 2025
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in Jose Mortellaro Freesoul Deactivate Plugins – Plugin manager and cleanup allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Freesoul Deactivate Plugins – Plugin manager and cleanup: from n/a through 2.1.3.
CVE-2023-46080MedJan 2, 2025
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in Farhan Noor ApplyOnline – Application Form Builder and Manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ApplyOnline – Application Form Builder and Manager: from n/a through 2.5.3.
CVE-2023-45760MedJan 2, 2025
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in AdvancedCoding wpDiscuz wpdiscuz allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects wpDiscuz: from n/a through <= 7.6.3.
CVE-2023-45631MedJan 2, 2025
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in wpdevart Responsive Image Gallery, Gallery Album allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Responsive Image Gallery, Gallery Album: from n/a through 2.0.3.
CVE-2023-45271MedJan 2, 2025
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in WPXPO WowStore product-blocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WowStore: from n/a through <= 2.7.8.
CVE-2023-45110MedJan 2, 2025
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in boldthemes Bold Timeline Lite bold-timeline-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Bold Timeline Lite: from n/a through <= 1.1.9.
CVE-2023-45101MedJan 2, 2025
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in CusRev Customer Reviews for WooCommerce customer-reviews-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Customer Reviews for WooCommerce: from n/a through <= 5.36.0.
CVE-2023-45002MedJan 2, 2025
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in weDevs WP User Frontend allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP User Frontend: from n/a through 3.6.8.
CVE-2023-44988MedJan 2, 2025
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in Martin Gibson WP Custom Admin Interface allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Custom Admin Interface: from n/a through 7.32.
CVE-2024-51667MedDec 31, 2024
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in paytiumsupport Paytium paytium.This issue affects Paytium: from n/a through <= 4.4.10.
CVE-2024-49698MedDec 31, 2024
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in PriceListo Best Restaurant Menu by PriceListo best-restaurant-menu-by-pricelisto.This issue affects Best Restaurant Menu by PriceListo: from n/a through <= 1.4.2.
CVE-2024-49687MedDec 31, 2024
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in storeapps Smart Manager smart-manager-for-wp-e-commerce.This issue affects Smart Manager: from n/a through <= 8.45.0.
CVE-2023-50850MedDec 31, 2024
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in Woo WooCommerce Subscriptions allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WooCommerce Subscriptions: from n/a before 5.8.0.
CVE-2024-56227MedDec 31, 2024
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in WP Royal Royal Elementor Addons royal-elementor-addons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Royal Elementor Addons: from n/a through <= 1.7.1001.
CVE-2024-56219MedDec 31, 2024
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in Marketing Fire Widget Options widget-options allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Widget Options: from n/a through <= 4.0.6.1.