CWE-862

Missing Authorization

ClassIncompleteLikelihood: High

Description

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

Hierarchy (View 1000)

Parents

CWE-285

Children

Related attack patterns (CAPEC)

CAPEC-665

CVEs mapped to this weakness (4,561)

page 202 of 229

CVE	Sev	Risk	CVSS	Published	Description
CVE-2024-53816	Med	0.28	4.3	Dec 9, 2024	Missing Authorization vulnerability in Themeum Tutor LMS Elementor Addons tutor-lms-elementor-addons.This issue affects Tutor LMS Elementor Addons: from n/a through <= 2.1.5.
CVE-2024-53785	Med	0.28	4.3	Dec 9, 2024	Missing Authorization vulnerability in Alexander Volkov Chatter.This issue affects Chatter: from n/a through 1.0.1.
CVE-2023-50877	Med	0.28	4.3	Dec 9, 2024	Missing Authorization vulnerability in woobewoo Product Filter by WBW allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Product Filter by WBW: from n/a through 2.5.0.
CVE-2023-50876	Med	0.28	4.3	Dec 9, 2024	Missing Authorization vulnerability in Molongui Molongui allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Molongui: from n/a through 4.7.3.
CVE-2023-49861	Med	0.28	4.3	Dec 9, 2024	Missing Authorization vulnerability in socialmediafeather Social Media Feather social-media-feather allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Social Media Feather: from n/a through <= 2.1.3.
CVE-2023-49859	Med	0.28	4.3	Dec 9, 2024	Missing Authorization vulnerability in Marcus (aka @msykes) Login With Ajax login-with-ajax allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Login With Ajax: from n/a through <= 4.1.
CVE-2023-49858	Med	0.28	4.3	Dec 9, 2024	Missing Authorization vulnerability in Austin Custom Login custom-login allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Custom Login: from n/a through <= 4.1.0.
CVE-2023-49849	Med	0.28	4.3	Dec 9, 2024	Missing Authorization vulnerability in vaakash Shortcoder shortcoder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Shortcoder: from n/a through <= 6.3.
CVE-2023-49835	Med	0.28	4.3	Dec 9, 2024	Missing Authorization vulnerability in Metaphor Creations Post Duplicator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Post Duplicator: from n/a through 2.31.
CVE-2023-49758	Med	0.28	4.3	Dec 9, 2024	Missing Authorization vulnerability in Roland Murg WP Booking System wp-booking-system allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Booking System: from n/a through <= 2.0.19.2.
CVE-2023-49754	Med	0.28	4.3	Dec 9, 2024	Missing Authorization vulnerability in Yogesh Pawar Bulk Edit Post Titles bulk-edit-post-titles allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Bulk Edit Post Titles: from n/a through <= 5.0.0.
CVE-2023-49196	Med	0.28	4.3	Dec 9, 2024	Missing Authorization vulnerability in Pagelayer Team PageLayer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PageLayer: from n/a through 1.7.7.
CVE-2023-49156	Med	0.28	4.3	Dec 9, 2024	Missing Authorization vulnerability in GoDaddy GoDaddy Email Marketing godaddy-email-marketing-sign-up-forms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GoDaddy Email Marketing: from n/a through <= 1.4.3.
CVE-2023-48740	Med	0.28	4.3	Dec 9, 2024	Missing Authorization vulnerability in Sajid Javed Easy Social Feed easy-facebook-likebox allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Social Feed: from n/a through <= 6.5.1.
CVE-2023-48332	Med	0.28	4.3	Dec 9, 2024	Missing Authorization vulnerability in Varun Sharma Mail Bank - #1 Mail SMTP Plugin for WordPress wp-mail-bank allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Mail Bank - #1 Mail SMTP Plugin for WordPress: from n/a through <= 4.0.14.
CVE-2023-48277	Med	0.28	4.3	Dec 9, 2024	Missing Authorization vulnerability in SuperPWA Super Progressive Web Apps super-progressive-web-apps allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Super Progressive Web Apps: from n/a through <= 2.2.21.
CVE-2023-47871	Med	0.28	4.3	Dec 9, 2024	Missing Authorization vulnerability in IT Path Solutions Contact Form to Any API allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Contact Form to Any API: from n/a through 1.1.6.
CVE-2023-47849	Med	0.28	4.3	Dec 9, 2024	Missing Authorization vulnerability in Blossom Themes BlossomThemes Email Newsletter blossomthemes-email-newsletter allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects BlossomThemes Email Newsletter: from n/a through <= 2.2.4.
CVE-2023-47841	Med	0.28	4.3	Dec 9, 2024	Missing Authorization vulnerability in Analytify Analytify allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Analytify: from n/a through 5.1.1.
CVE-2023-47838	Med	0.28	4.3	Dec 9, 2024	Missing Authorization vulnerability in Jules Colle Conditional Fields for Contact Form 7 cf7-conditional-fields allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Conditional Fields for Contact Form 7: from n/a through <= 2.4.1.

CVE-2024-53816MedDec 9, 2024
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in Themeum Tutor LMS Elementor Addons tutor-lms-elementor-addons.This issue affects Tutor LMS Elementor Addons: from n/a through <= 2.1.5.
CVE-2024-53785MedDec 9, 2024
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in Alexander Volkov Chatter.This issue affects Chatter: from n/a through 1.0.1.
CVE-2023-50877MedDec 9, 2024
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in woobewoo Product Filter by WBW allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Product Filter by WBW: from n/a through 2.5.0.
CVE-2023-50876MedDec 9, 2024
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in Molongui Molongui allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Molongui: from n/a through 4.7.3.
CVE-2023-49861MedDec 9, 2024
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in socialmediafeather Social Media Feather social-media-feather allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Social Media Feather: from n/a through <= 2.1.3.
CVE-2023-49859MedDec 9, 2024
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in Marcus (aka @msykes) Login With Ajax login-with-ajax allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Login With Ajax: from n/a through <= 4.1.
CVE-2023-49858MedDec 9, 2024
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in Austin Custom Login custom-login allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Custom Login: from n/a through <= 4.1.0.
CVE-2023-49849MedDec 9, 2024
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in vaakash Shortcoder shortcoder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Shortcoder: from n/a through <= 6.3.
CVE-2023-49835MedDec 9, 2024
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in Metaphor Creations Post Duplicator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Post Duplicator: from n/a through 2.31.
CVE-2023-49758MedDec 9, 2024
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in Roland Murg WP Booking System wp-booking-system allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Booking System: from n/a through <= 2.0.19.2.
CVE-2023-49754MedDec 9, 2024
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in Yogesh Pawar Bulk Edit Post Titles bulk-edit-post-titles allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Bulk Edit Post Titles: from n/a through <= 5.0.0.
CVE-2023-49196MedDec 9, 2024
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in Pagelayer Team PageLayer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PageLayer: from n/a through 1.7.7.
CVE-2023-49156MedDec 9, 2024
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in GoDaddy GoDaddy Email Marketing godaddy-email-marketing-sign-up-forms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GoDaddy Email Marketing: from n/a through <= 1.4.3.
CVE-2023-48740MedDec 9, 2024
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in Sajid Javed Easy Social Feed easy-facebook-likebox allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Social Feed: from n/a through <= 6.5.1.
CVE-2023-48332MedDec 9, 2024
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in Varun Sharma Mail Bank - #1 Mail SMTP Plugin for WordPress wp-mail-bank allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Mail Bank - #1 Mail SMTP Plugin for WordPress: from n/a through <= 4.0.14.
CVE-2023-48277MedDec 9, 2024
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in SuperPWA Super Progressive Web Apps super-progressive-web-apps allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Super Progressive Web Apps: from n/a through <= 2.2.21.
CVE-2023-47871MedDec 9, 2024
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in IT Path Solutions Contact Form to Any API allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Contact Form to Any API: from n/a through 1.1.6.
CVE-2023-47849MedDec 9, 2024
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in Blossom Themes BlossomThemes Email Newsletter blossomthemes-email-newsletter allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects BlossomThemes Email Newsletter: from n/a through <= 2.2.4.
CVE-2023-47841MedDec 9, 2024
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in Analytify Analytify allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Analytify: from n/a through 5.1.1.
CVE-2023-47838MedDec 9, 2024
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in Jules Colle Conditional Fields for Contact Form 7 cf7-conditional-fields allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Conditional Fields for Contact Form 7: from n/a through <= 2.4.1.