CWE-862
Missing Authorization
ClassIncompleteLikelihood: High
Description
The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-665
CVEs mapped to this weakness (4,561)
page 215 of 229| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-32681 | Med | 0.28 | 4.3 | 0.00 | Apr 22, 2024 | Missing Authorization vulnerability in BdThemes Prime Slider – Addons For Elementor.This issue affects Prime Slider – Addons For Elementor: from n/a through 3.13.2. | |
| CVE-2024-32689 | Med | 0.28 | 4.3 | 0.00 | Apr 18, 2024 | Missing Authorization vulnerability in GenialSouls WP Social Comments.This issue affects WP Social Comments: from n/a through 1.7.3. | |
| CVE-2024-32525 | Med | 0.28 | 4.3 | 0.00 | Apr 17, 2024 | Missing Authorization vulnerability in Theme My Login.This issue affects Theme My Login: from n/a through 7.1.6. | |
| CVE-2024-32524 | Med | 0.28 | 4.3 | 0.00 | Apr 17, 2024 | Missing Authorization vulnerability in Nuggethon Custom Order Statuses for WooCommerce.This issue affects Custom Order Statuses for WooCommerce: from n/a through 1.5.2. | |
| CVE-2024-32522 | Med | 0.28 | 4.3 | 0.00 | Apr 17, 2024 | Missing Authorization vulnerability in Jaed Mosharraf & Pluginbazar Team Open Close WooCommerce Store.This issue affects Open Close WooCommerce Store: from n/a through 4.9.1. | |
| CVE-2024-32520 | Med | 0.28 | 4.3 | 0.00 | Apr 17, 2024 | Missing Authorization vulnerability in WPClever WPC Grouped Product for WooCommerce.This issue affects WPC Grouped Product for WooCommerce: from n/a through 4.4.2. | |
| CVE-2024-32519 | Med | 0.28 | 4.3 | 0.00 | Apr 17, 2024 | Missing Authorization vulnerability in GutenGeek GG Woo Feed for WooCommerce.This issue affects GG Woo Feed for WooCommerce: from n/a through 1.2.6. | |
| CVE-2024-32517 | Med | 0.28 | 4.3 | 0.00 | Apr 17, 2024 | Missing Authorization vulnerability in WooCommerce & WordPress Tutorials Custom Thank You Page Customize For WooCommerce by Binary Carpenter.This issue affects Custom Thank You Page Customize For WooCommerce by Binary Carpenter: from n/a through 1.4.12. | |
| CVE-2024-32516 | Med | 0.28 | 4.3 | 0.00 | Apr 17, 2024 | Missing Authorization vulnerability in Palscode Multi Currency For WooCommerce.This issue affects Multi Currency For WooCommerce: from n/a through 1.5.5. | |
| CVE-2024-32455 | Med | 0.28 | 4.3 | 0.00 | Apr 16, 2024 | Missing Authorization vulnerability in Very Good Plugins Fatal Error Notify.This issue affects Fatal Error Notify: from n/a through 1.5.2. | |
| CVE-2024-3869 | Med | 0.28 | 4.3 | 0.00 | Apr 16, 2024 | The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'woocommerce_json_search_coupons' function . This makes it possible for attackers with subscriber level access to view coupon codes. | |
| CVE-2024-3243 | Med | 0.28 | 4.3 | 0.00 | Apr 16, 2024 | The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to unauthorized email sending due to a missing capability check on the send_test_email() function in all versions up to, and including, 5.46.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to send arbitrary test emails. | |
| CVE-2024-31421 | Med | 0.28 | 4.3 | 0.00 | Apr 15, 2024 | Missing Authorization vulnerability in supsystic Popup by Supsystic popup-by-supsystic.This issue affects Popup by Supsystic: from n/a through <= 1.10.27. | |
| CVE-2024-3662 | Med | 0.28 | 4.3 | 0.00 | Apr 13, 2024 | The WPZOOM Social Feed Widget & Block plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the wpzoom_instagram_clear_data() function in all versions up to, and including, 2.1.13. This makes it possible for authenticated attackers, with subscriber-level access and above, to delete all Instagram images installed on the site. | |
| CVE-2023-51499 | Med | 0.28 | 4.3 | 0.00 | Apr 12, 2024 | Missing Authorization vulnerability in WooCommerce WooCommerce Shipping Per Product.This issue affects WooCommerce Shipping Per Product: from n/a through 2.5.4. | |
| CVE-2024-25935 | Med | 0.28 | 4.3 | 0.00 | Apr 11, 2024 | Missing Authorization vulnerability in Metagauss RegistrationMagic.This issue affects RegistrationMagic: from n/a through 5.2.5.9. | |
| CVE-2024-25908 | Med | 0.28 | 4.3 | 0.00 | Apr 11, 2024 | Missing Authorization vulnerability in JoomUnited WP Media folder.This issue affects WP Media folder: from n/a through 5.7.2. | |
| CVE-2024-24883 | Med | 0.28 | 4.3 | 0.00 | Apr 11, 2024 | Missing Authorization vulnerability in BdThemes Prime Slider – Addons For Elementor.This issue affects Prime Slider – Addons For Elementor: from n/a through 3.11.10. | |
| CVE-2022-47604 | Med | 0.28 | 4.3 | 0.00 | Apr 11, 2024 | Missing Authorization vulnerability in junkcoder, ristoniinemets AJAX Thumbnail Rebuild.This issue affects AJAX Thumbnail Rebuild: from n/a through 1.13. | |
| CVE-2024-2543 | Med | 0.28 | 4.3 | 0.00 | Apr 9, 2024 | The Permalink Manager Lite plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'get_uri_editor' function in all versions up to, and including, 2.4.3.1. This makes it possible for unauthenticated attackers to view the permalinks of all posts. |