CWE-862

Missing Authorization

ClassIncompleteLikelihood: High

Description

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

Hierarchy (View 1000)

Parents

CWE-285

Children

Related attack patterns (CAPEC)

CAPEC-665

CVEs mapped to this weakness (4,561)

page 200 of 229

CVE	Sev	Risk	CVSS	EPSS	Published	Description
CVE-2023-41132	Med	0.28	4.3	0.00	Dec 13, 2024	Missing Authorization vulnerability in ShapedPlugin LLC Category Slider for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Category Slider for WooCommerce: from n/a through 1.4.15.
CVE-2023-40670	Med	0.28	4.3	0.00	Dec 13, 2024	Missing Authorization vulnerability in ReviewX Team ReviewX allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ReviewX: from n/a through 1.6.17.
CVE-2023-40334	Med	0.28	4.3	0.00	Dec 13, 2024	Missing Authorization vulnerability in RealMag777 HUSKY woocommerce-products-filter allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects HUSKY: from n/a through <= 1.3.4.2.
CVE-2023-40331	Med	0.28	4.3	0.00	Dec 13, 2024	Missing Authorization vulnerability in bqworks Accordion Slider allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Accordion Slider: from n/a through 1.9.6.
CVE-2023-40213	Med	0.28	4.3	0.00	Dec 13, 2024	Missing Authorization vulnerability in Mateusz Czardybon Justified Gallery allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Justified Gallery: from n/a through 1.7.3.
CVE-2023-40203	Med	0.28	4.3	0.00	Dec 13, 2024	Missing Authorization vulnerability in MailMunch MailChimp Forms by MailMunch allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MailChimp Forms by MailMunch: from n/a through 3.1.4.
CVE-2023-40001	Med	0.28	4.3	0.00	Dec 13, 2024	Missing Authorization vulnerability in SolidWP iThemes Sync allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects iThemes Sync: from n/a through 2.1.13.
CVE-2023-39995	Med	0.28	4.3	0.00	Dec 13, 2024	Missing Authorization vulnerability in WP OnlineSupport, Essential Plugin Portfolio and Projects allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Portfolio and Projects: from n/a through 1.3.7.
CVE-2023-38514	Med	0.28	4.3	0.00	Dec 13, 2024	Missing Authorization vulnerability in social share pro Social Share Icons & Social Share Buttons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Social Share Icons & Social Share Buttons: from n/a through 3.5.7.
CVE-2023-38477	Med	0.28	4.3	0.00	Dec 13, 2024	Missing Authorization vulnerability in Stanislav Kuznetsov QR code MeCard/vCard generator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects QR code MeCard/vCard generator: from n/a through 1.6.0.
CVE-2023-38475	Med	0.28	4.3	0.00	Dec 13, 2024	Missing Authorization vulnerability in RedNao Donations Made Easy – Smart Donations allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Donations Made Easy – Smart Donations: from n/a through 4.0.12.
CVE-2023-37984	Med	0.28	4.3	0.00	Dec 13, 2024	Missing Authorization vulnerability in ExpressTech Quiz And Survey Master allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Quiz And Survey Master: from n/a through 8.1.10.
CVE-2023-36531	Med	0.28	4.3	0.05	Dec 13, 2024	Missing Authorization vulnerability in LiquidPoll LiquidPoll – Advanced Polls for Creators and Brands allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LiquidPoll – Advanced Polls for Creators and Brands: from n/a through 3.3.68.
CVE-2023-36518	Med	0.28	4.3	0.00	Dec 13, 2024	Missing Authorization vulnerability in Hugh Lashbrooke Post Hit Counter allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Post Hit Counter: from n/a through 1.3.2.
CVE-2023-35052	Med	0.28	4.3	0.00	Dec 13, 2024	Missing Authorization vulnerability in wpWax - WP Business Directory Plugin and Classified Listings Directory Directorist allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Directorist: from n/a through 7.5.4.
CVE-2023-34387	Med	0.28	4.3	0.00	Dec 13, 2024	Missing Authorization vulnerability in Constant Contact Constant Contact Forms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Constant Contact Forms: from n/a through 2.0.3.
CVE-2023-34009	Med	0.28	4.3	0.00	Dec 13, 2024	Missing Authorization vulnerability in Inisev Social Media & Share Icons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Social Media & Share Icons: from n/a through 2.8.1.
CVE-2023-33998	Med	0.28	4.3	0.00	Dec 13, 2024	Missing Authorization vulnerability in cybernetikz Easy Social Icons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Social Icons: from n/a through 3.2.5.
CVE-2023-33995	Med	0.28	4.3	0.00	Dec 13, 2024	Missing Authorization vulnerability in Photo Gallery Team Photo Gallery by 10Web allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Photo Gallery by 10Web: from n/a through 1.8.15.
CVE-2023-33928	Med	0.28	4.3	0.00	Dec 13, 2024	Missing Authorization vulnerability in WebToffee WordPress Backup & Migration allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WordPress Backup & Migration: from n/a through 1.4.0.

CVE-2023-41132MedDec 13, 2024
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in ShapedPlugin LLC Category Slider for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Category Slider for WooCommerce: from n/a through 1.4.15.
CVE-2023-40670MedDec 13, 2024
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in ReviewX Team ReviewX allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ReviewX: from n/a through 1.6.17.
CVE-2023-40334MedDec 13, 2024
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in RealMag777 HUSKY woocommerce-products-filter allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects HUSKY: from n/a through <= 1.3.4.2.
CVE-2023-40331MedDec 13, 2024
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in bqworks Accordion Slider allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Accordion Slider: from n/a through 1.9.6.
CVE-2023-40213MedDec 13, 2024
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in Mateusz Czardybon Justified Gallery allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Justified Gallery: from n/a through 1.7.3.
CVE-2023-40203MedDec 13, 2024
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in MailMunch MailChimp Forms by MailMunch allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MailChimp Forms by MailMunch: from n/a through 3.1.4.
CVE-2023-40001MedDec 13, 2024
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in SolidWP iThemes Sync allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects iThemes Sync: from n/a through 2.1.13.
CVE-2023-39995MedDec 13, 2024
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in WP OnlineSupport, Essential Plugin Portfolio and Projects allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Portfolio and Projects: from n/a through 1.3.7.
CVE-2023-38514MedDec 13, 2024
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in social share pro Social Share Icons & Social Share Buttons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Social Share Icons & Social Share Buttons: from n/a through 3.5.7.
CVE-2023-38477MedDec 13, 2024
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in Stanislav Kuznetsov QR code MeCard/vCard generator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects QR code MeCard/vCard generator: from n/a through 1.6.0.
CVE-2023-38475MedDec 13, 2024
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in RedNao Donations Made Easy – Smart Donations allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Donations Made Easy – Smart Donations: from n/a through 4.0.12.
CVE-2023-37984MedDec 13, 2024
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in ExpressTech Quiz And Survey Master allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Quiz And Survey Master: from n/a through 8.1.10.
CVE-2023-36531MedDec 13, 2024
risk 0.28cvss 4.3epss 0.05
Missing Authorization vulnerability in LiquidPoll LiquidPoll – Advanced Polls for Creators and Brands allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LiquidPoll – Advanced Polls for Creators and Brands: from n/a through 3.3.68.
CVE-2023-36518MedDec 13, 2024
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in Hugh Lashbrooke Post Hit Counter allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Post Hit Counter: from n/a through 1.3.2.
CVE-2023-35052MedDec 13, 2024
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in wpWax - WP Business Directory Plugin and Classified Listings Directory Directorist allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Directorist: from n/a through 7.5.4.
CVE-2023-34387MedDec 13, 2024
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in Constant Contact Constant Contact Forms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Constant Contact Forms: from n/a through 2.0.3.
CVE-2023-34009MedDec 13, 2024
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in Inisev Social Media & Share Icons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Social Media & Share Icons: from n/a through 2.8.1.
CVE-2023-33998MedDec 13, 2024
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in cybernetikz Easy Social Icons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Social Icons: from n/a through 3.2.5.
CVE-2023-33995MedDec 13, 2024
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in Photo Gallery Team Photo Gallery by 10Web allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Photo Gallery by 10Web: from n/a through 1.8.15.
CVE-2023-33928MedDec 13, 2024
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in WebToffee WordPress Backup & Migration allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WordPress Backup & Migration: from n/a through 1.4.0.