CWE-862

Missing Authorization

ClassIncompleteLikelihood: High

Description

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

Hierarchy (View 1000)

Parents

CWE-285

Children

Related attack patterns (CAPEC)

CAPEC-665

CVEs mapped to this weakness (4,561)

page 199 of 229

CVE	Sev	Risk	CVSS	Published	Description
CVE-2024-56217	Med	0.28	4.3	Dec 31, 2024	Missing Authorization vulnerability in Shahjada Download Manager download-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Download Manager: from n/a through <= 3.3.03.
CVE-2024-56215	Med	0.28	4.3	Dec 31, 2024	Missing Authorization vulnerability in DBAR Productions Member Directory and Contact Form pta-member-directory allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Member Directory and Contact Form: from n/a through <= 1.7.0.
CVE-2024-12190	Med	0.28	4.3	Dec 25, 2024	The Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the bitform-form-entry-edit endpoint in all versions up to, and including, 2.17.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to view all form submissions from other users.
CVE-2024-12210	Med	0.28	4.3	Dec 24, 2024	The Print Invoice & Delivery Notes for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wcdn_remove_shoplogo' AJAX action in all versions up to, and including, 5.4.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to remove the shop's logo.
CVE-2024-56003	Med	0.28	4.3	Dec 16, 2024	Missing Authorization vulnerability in David Cramer Caldera SMTP Mailer caldera-smtp-mailer.This issue affects Caldera SMTP Mailer: from n/a through <= 1.0.1.
CVE-2024-56007	Med	0.28	4.3	Dec 16, 2024	Missing Authorization vulnerability in leader codes Leader leader allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Leader: from n/a through <= 2.6.1.
CVE-2024-55994	Med	0.28	4.3	Dec 16, 2024	Missing Authorization vulnerability in sohu 畅言评论系统 changyan allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects 畅言评论系统: from n/a through <= 2.0.5.
CVE-2024-54402	Med	0.28	4.3	Dec 16, 2024	Missing Authorization vulnerability in Mohamed Abd Elhalim Arabic Webfonts arabic-webfonts allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Arabic Webfonts: from n/a through <= 1.4.6.
CVE-2024-54384	Med	0.28	4.3	Dec 16, 2024	Missing Authorization vulnerability in Anh Tran Falcon – WordPress Optimizations & Tweaks falcon allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Falcon – WordPress Optimizations & Tweaks: from n/a through <= 2.8.3.
CVE-2024-54298	Med	0.28	4.3	Dec 13, 2024	Missing Authorization vulnerability in sminozzi Car Dealer cardealer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Car Dealer: from n/a through <= 4.46.
CVE-2024-54278	Med	0.28	4.3	Dec 13, 2024	Missing Authorization vulnerability in Plugin Devs News Ticker for Elementor news-ticker-for-elementor allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects News Ticker for Elementor: from n/a through <= 2.1.3.
CVE-2024-54267	Med	0.28	4.3	Dec 13, 2024	Missing Authorization vulnerability in CreativeMindsSolutions CM Answers cm-answers allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CM Answers: from n/a through <= 3.2.6.
CVE-2023-41951	Med	0.28	4.3	Dec 13, 2024	Missing Authorization vulnerability in rtCamp rtMedia for WordPress, BuddyPress and bbPress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects rtMedia for WordPress, BuddyPress and bbPress: from n/a through 4.6.14.
CVE-2023-41873	Med	0.28	4.3	Dec 13, 2024	Missing Authorization vulnerability in miniOrange SAML SP Single Sign On allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SAML SP Single Sign On: from n/a through 5.0.4.
CVE-2023-41870	Med	0.28	4.3	Dec 13, 2024	Missing Authorization vulnerability in Themeum WP Crowdfunding allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Crowdfunding: from n/a through 2.1.5.
CVE-2023-41869	Med	0.28	4.3	Dec 13, 2024	Missing Authorization vulnerability in Alex Volkov WP Accessibility Helper (WAH) allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Accessibility Helper (WAH): from n/a through 0.6.2.4.
CVE-2023-41866	Med	0.28	4.3	Dec 13, 2024	Missing Authorization vulnerability in Team Plugins360 Automatic YouTube Gallery allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Automatic YouTube Gallery: from n/a through 2.3.3.
CVE-2023-41865	Med	0.28	4.3	Dec 13, 2024	Missing Authorization vulnerability in bqworks Slider Pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Slider Pro: from n/a through 4.8.6.
CVE-2023-41802	Med	0.28	4.3	Dec 13, 2024	Missing Authorization vulnerability in Team Heateor Super Socializer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Super Socializer: from n/a through 7.13.54.
CVE-2023-41689	Med	0.28	4.3	Dec 13, 2024	Missing Authorization vulnerability in Koen Reus Post to Google My Business (Google Business Profile) allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Post to Google My Business (Google Business Profile): from n/a through 3.1.14.

CVE-2024-56217MedDec 31, 2024
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in Shahjada Download Manager download-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Download Manager: from n/a through <= 3.3.03.
CVE-2024-56215MedDec 31, 2024
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in DBAR Productions Member Directory and Contact Form pta-member-directory allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Member Directory and Contact Form: from n/a through <= 1.7.0.
CVE-2024-12190MedDec 25, 2024
risk 0.28cvss 4.3epss 0.00
The Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the bitform-form-entry-edit endpoint in all versions up to, and including, 2.17.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to view all form submissions from other users.
CVE-2024-12210MedDec 24, 2024
risk 0.28cvss 4.3epss 0.00
The Print Invoice & Delivery Notes for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wcdn_remove_shoplogo' AJAX action in all versions up to, and including, 5.4.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to remove the shop's logo.
CVE-2024-56003MedDec 16, 2024
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in David Cramer Caldera SMTP Mailer caldera-smtp-mailer.This issue affects Caldera SMTP Mailer: from n/a through <= 1.0.1.
CVE-2024-56007MedDec 16, 2024
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in leader codes Leader leader allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Leader: from n/a through <= 2.6.1.
CVE-2024-55994MedDec 16, 2024
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in sohu 畅言评论系统 changyan allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects 畅言评论系统: from n/a through <= 2.0.5.
CVE-2024-54402MedDec 16, 2024
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in Mohamed Abd Elhalim Arabic Webfonts arabic-webfonts allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Arabic Webfonts: from n/a through <= 1.4.6.
CVE-2024-54384MedDec 16, 2024
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in Anh Tran Falcon – WordPress Optimizations & Tweaks falcon allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Falcon – WordPress Optimizations & Tweaks: from n/a through <= 2.8.3.
CVE-2024-54298MedDec 13, 2024
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in sminozzi Car Dealer cardealer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Car Dealer: from n/a through <= 4.46.
CVE-2024-54278MedDec 13, 2024
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in Plugin Devs News Ticker for Elementor news-ticker-for-elementor allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects News Ticker for Elementor: from n/a through <= 2.1.3.
CVE-2024-54267MedDec 13, 2024
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in CreativeMindsSolutions CM Answers cm-answers allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CM Answers: from n/a through <= 3.2.6.
CVE-2023-41951MedDec 13, 2024
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in rtCamp rtMedia for WordPress, BuddyPress and bbPress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects rtMedia for WordPress, BuddyPress and bbPress: from n/a through 4.6.14.
CVE-2023-41873MedDec 13, 2024
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in miniOrange SAML SP Single Sign On allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SAML SP Single Sign On: from n/a through 5.0.4.
CVE-2023-41870MedDec 13, 2024
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in Themeum WP Crowdfunding allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Crowdfunding: from n/a through 2.1.5.
CVE-2023-41869MedDec 13, 2024
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in Alex Volkov WP Accessibility Helper (WAH) allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Accessibility Helper (WAH): from n/a through 0.6.2.4.
CVE-2023-41866MedDec 13, 2024
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in Team Plugins360 Automatic YouTube Gallery allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Automatic YouTube Gallery: from n/a through 2.3.3.
CVE-2023-41865MedDec 13, 2024
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in bqworks Slider Pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Slider Pro: from n/a through 4.8.6.
CVE-2023-41802MedDec 13, 2024
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in Team Heateor Super Socializer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Super Socializer: from n/a through 7.13.54.
CVE-2023-41689MedDec 13, 2024
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in Koen Reus Post to Google My Business (Google Business Profile) allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Post to Google My Business (Google Business Profile): from n/a through 3.1.14.