CWE-862

Missing Authorization

ClassIncompleteLikelihood: High

Description

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

Hierarchy (View 1000)

Parents

CWE-285

Children

Related attack patterns (CAPEC)

CAPEC-665

CVEs mapped to this weakness (4,561)

page 203 of 229

CVE	Sev	Risk	CVSS	EPSS	Published	Description
CVE-2023-47820	Med	0.28	4.3	0.00	Dec 9, 2024	Missing Authorization vulnerability in CRUDLab WP Like Button allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Like Button: from n/a through 1.7.0.
CVE-2023-47793	Med	0.28	4.3	0.00	Dec 9, 2024	Missing Authorization vulnerability in Acme Themes Acme Fix Images acme-fix-images allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Acme Fix Images: from n/a through <= 1.0.0.
CVE-2023-47780	Med	0.28	4.3	0.00	Dec 9, 2024	Missing Authorization vulnerability in flowdee EasyAzon easyazon allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects EasyAzon: from n/a through <= 5.1.0.
CVE-2023-47776	Med	0.28	4.3	0.00	Dec 9, 2024	Missing Authorization vulnerability in miniOrange miniorange otp verification miniorange-otp-verification allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects miniorange otp verification: from n/a through <= 4.2.1.
CVE-2023-47763	Med	0.28	4.3	0.00	Dec 9, 2024	Missing Authorization vulnerability in Northern Beaches Websites WP Custom Admin Interface wp-custom-admin-interface allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Custom Admin Interface: from n/a through <= 7.31.
CVE-2023-47762	Med	0.28	4.3	0.00	Dec 9, 2024	Missing Authorization vulnerability in WPDeveloper BetterDocs betterdocs allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects BetterDocs: from n/a through <= 2.5.2.
CVE-2023-47761	Med	0.28	4.3	0.00	Dec 9, 2024	Missing Authorization vulnerability in WPDeveloper Simple 301 Redirects by BetterLinks simple-301-redirects allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simple 301 Redirects by BetterLinks: from n/a through <= 2.0.7.
CVE-2023-47760	Med	0.28	4.3	0.00	Dec 9, 2024	Missing Authorization vulnerability in WPDeveloper Essential Blocks for Gutenberg essential-blocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Essential Blocks for Gutenberg: from n/a through <= 4.2.0.
CVE-2023-47756	Med	0.28	4.3	0.00	Dec 9, 2024	Missing Authorization vulnerability in David Vongries Welcome Email Editor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Welcome Email Editor: from n/a through 5.0.6.
CVE-2023-32126	Med	0.28	4.3	0.00	Dec 9, 2024	Missing Authorization vulnerability in WPoperation SALERT allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SALERT: from n/a through 1.2.1.
CVE-2023-31073	Med	0.28	4.3	0.00	Dec 9, 2024	Missing Authorization vulnerability in Jose Vega Display custom fields in the frontend – Post and User Profile Fields allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Display custom fields in the frontend – Post and User Profile Fields: from n/a through 1.2.0.
CVE-2023-30783	Med	0.28	4.3	0.00	Dec 9, 2024	Missing Authorization vulnerability in YummyWP Smart WooCommerce Search allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Smart WooCommerce Search: from n/a through 2.5.0.
CVE-2023-30486	Med	0.28	4.3	0.04	Dec 9, 2024	Missing Authorization vulnerability in HashThemes Square allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Square: from n/a through 2.0.0.
CVE-2023-30476	Med	0.28	4.3	0.00	Dec 9, 2024	Missing Authorization vulnerability in Sparkle Themes Blogger Buzz allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Blogger Buzz: from n/a through 1.2.2.
CVE-2023-29431	Med	0.28	4.3	0.00	Dec 9, 2024	Missing Authorization vulnerability in OntheGoSystems qTranslate X Cleanup and WPML Import allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects qTranslate X Cleanup and WPML Import: from n/a through 3.0.1.
CVE-2023-29422	Med	0.28	4.3	0.00	Dec 9, 2024	Missing Authorization vulnerability in AlexaCRM Dynamics 365 Integration allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Dynamics 365 Integration: from n/a through 1.3.13.
CVE-2023-28532	Med	0.28	4.3	0.00	Dec 9, 2024	Missing Authorization vulnerability in wpdirectorykit.com Real Estate Directory allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Real Estate Directory: from n/a through 1.0.5.
CVE-2023-28416	Med	0.28	4.3	0.00	Dec 9, 2024	Missing Authorization vulnerability in Sparkle Themes Chankhe allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Chankhe: from n/a through 1.0.5.
CVE-2023-28165	Med	0.28	4.3	0.00	Dec 9, 2024	Missing Authorization vulnerability in Tech Banker Backup Bank: WordPress Backup Plugin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Backup Bank: WordPress Backup Plugin: from n/a through 4.0.28.
CVE-2023-27625	Med	0.28	4.3	0.00	Dec 9, 2024	Missing Authorization vulnerability in Paul Ryley Site Reviews allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Site Reviews: from n/a through 6.5.0.

CVE-2023-47820MedDec 9, 2024
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in CRUDLab WP Like Button allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Like Button: from n/a through 1.7.0.
CVE-2023-47793MedDec 9, 2024
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in Acme Themes Acme Fix Images acme-fix-images allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Acme Fix Images: from n/a through <= 1.0.0.
CVE-2023-47780MedDec 9, 2024
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in flowdee EasyAzon easyazon allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects EasyAzon: from n/a through <= 5.1.0.
CVE-2023-47776MedDec 9, 2024
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in miniOrange miniorange otp verification miniorange-otp-verification allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects miniorange otp verification: from n/a through <= 4.2.1.
CVE-2023-47763MedDec 9, 2024
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in Northern Beaches Websites WP Custom Admin Interface wp-custom-admin-interface allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Custom Admin Interface: from n/a through <= 7.31.
CVE-2023-47762MedDec 9, 2024
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in WPDeveloper BetterDocs betterdocs allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects BetterDocs: from n/a through <= 2.5.2.
CVE-2023-47761MedDec 9, 2024
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in WPDeveloper Simple 301 Redirects by BetterLinks simple-301-redirects allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simple 301 Redirects by BetterLinks: from n/a through <= 2.0.7.
CVE-2023-47760MedDec 9, 2024
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in WPDeveloper Essential Blocks for Gutenberg essential-blocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Essential Blocks for Gutenberg: from n/a through <= 4.2.0.
CVE-2023-47756MedDec 9, 2024
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in David Vongries Welcome Email Editor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Welcome Email Editor: from n/a through 5.0.6.
CVE-2023-32126MedDec 9, 2024
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in WPoperation SALERT allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SALERT: from n/a through 1.2.1.
CVE-2023-31073MedDec 9, 2024
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in Jose Vega Display custom fields in the frontend – Post and User Profile Fields allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Display custom fields in the frontend – Post and User Profile Fields: from n/a through 1.2.0.
CVE-2023-30783MedDec 9, 2024
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in YummyWP Smart WooCommerce Search allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Smart WooCommerce Search: from n/a through 2.5.0.
CVE-2023-30486MedDec 9, 2024
risk 0.28cvss 4.3epss 0.04
Missing Authorization vulnerability in HashThemes Square allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Square: from n/a through 2.0.0.
CVE-2023-30476MedDec 9, 2024
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in Sparkle Themes Blogger Buzz allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Blogger Buzz: from n/a through 1.2.2.
CVE-2023-29431MedDec 9, 2024
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in OntheGoSystems qTranslate X Cleanup and WPML Import allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects qTranslate X Cleanup and WPML Import: from n/a through 3.0.1.
CVE-2023-29422MedDec 9, 2024
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in AlexaCRM Dynamics 365 Integration allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Dynamics 365 Integration: from n/a through 1.3.13.
CVE-2023-28532MedDec 9, 2024
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in wpdirectorykit.com Real Estate Directory allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Real Estate Directory: from n/a through 1.0.5.
CVE-2023-28416MedDec 9, 2024
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in Sparkle Themes Chankhe allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Chankhe: from n/a through 1.0.5.
CVE-2023-28165MedDec 9, 2024
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in Tech Banker Backup Bank: WordPress Backup Plugin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Backup Bank: WordPress Backup Plugin: from n/a through 4.0.28.
CVE-2023-27625MedDec 9, 2024
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in Paul Ryley Site Reviews allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Site Reviews: from n/a through 6.5.0.