CWE-862

Missing Authorization

ClassIncompleteLikelihood: High

Description

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

Hierarchy (View 1000)

Parents

CWE-285

Children

Related attack patterns (CAPEC)

CAPEC-665

CVEs mapped to this weakness (5,490)

page 237 of 275

CVE	Vendor / Product	Sev	Risk	CVSS	EPSS	Published	Description
CVE-2025-12175	WordPress The Events Calendar	Med	0.21	4.3	0.00	Oct 31, 2025	The The Events Calendar plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the 'tec_qr_code_modal' AJAX endpoint in all versions up to, and including, 6.15.9. This makes it possible for authenticated attackers, with Subscriber-level…
CVE-2025-11975	WordPress Fusewp	Med	0.21	4.3	0.00	Oct 31, 2025	The FuseWP – WordPress User Sync to Email List & Marketing Automation (Mailchimp, Constant Contact, ActiveCampaign etc.) plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save_changes() function in all versions up…
CVE-2025-10303	WordPress Library Management System	Med	0.21	4.3	0.00	Oct 15, 2025	The Library Management System plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the owt7_library_management_ajax_handler() function in all versions up to, and including, 3.1. This makes it possible for authenticated…
CVE-2025-58258	WordPress Lazy Blocks	Med	0.21	4.3	0.00	Sep 22, 2025	Missing Authorization vulnerability in nK Lazy Blocks lazy-blocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Lazy Blocks: from n/a through <= 4.1.0.
CVE-2025-58016	WordPress Cf7 Submissions	Med	0.21	4.3	0.00	Sep 22, 2025	Missing Authorization vulnerability in Codexpert, Inc CF7 Submissions cf7-submissions allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CF7 Submissions: from n/a through <= 0.26.
CVE-2025-10489	SureForms SureForms	Med	0.21	4.3	0.00	Sep 20, 2025	The SureForms – Drag and Drop Contact Form Builder – Multi-step Forms, Conversational Forms and more plugin for WordPress is vulnerable to unauthorized creation of forms due to a missing capability check on the register_post_types() function in all versions up to, and…
CVE-2025-8446	WordPress Blaze Demo Importer	Med	0.21	4.3	0.00	Sep 16, 2025	The Blaze Demo Importer plugin for WordPress is vulnerable to unauthorized limited plugin install due to a missing capability check on the 'blaze_demo_importer_install_plugin' function in all versions up to, and including, 1.0.12. This makes it possible for authenticated…
CVE-2025-9219	WordPress Post SMTP	Med	0.21	4.3	0.00	Sep 3, 2025	The Post SMTP – WP SMTP Plugin with Email Logs and Mobile App for Failure Notifications – Gmail SMTP, Office 365, Brevo, Mailgun, Amazon SES and more plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the…
CVE-2025-55716	Veronalabs Wp Statistics	Med	0.21	4.3	0.00	Aug 14, 2025	Missing Authorization vulnerability in VeronaLabs WP Statistics wp-statistics allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Statistics: from n/a through <= 14.15.
CVE-2025-5812	vgwort VG WORT METIS	Med	0.21	4.3	0.00	Jun 26, 2025	The VG WORT METIS plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the gutenberg_save_post() function in all versions up to, and including, 2.0.0. This makes it possible for authenticated attackers, with…
CVE-2025-49976	WANotifier Notifier	Med	0.21	4.3	0.00	Jun 20, 2025	Missing Authorization vulnerability in WANotifier Notifier notifier allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Notifier: from n/a through <= 2.7.12.
CVE-2025-4047	WordPress Broken Link Checker	Med	0.21	4.3	0.00	Jun 3, 2025	The Broken Link Checker plugin for WordPress is vulnerable to unauthorized data access due to a missing capability check on the ajax_full_status and ajax_dashboard_status functions in all versions up to, and including, 2.4.4. This makes it possible for authenticated attackers,…
CVE-2025-4431	WordPress Featured Image Plus	Med	0.21	4.3	0.00	May 30, 2025	The Featured Image Plus – Quick & Bulk Edit with Unsplash plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the fip_save_attach_featured function in all versions up to, and including, 1.6.4. This makes it possible for…
CVE-2025-48268	WordPress Bot For Telegram On Woocommerce	Med	0.21	4.3	0.00	May 19, 2025	Missing Authorization vulnerability in Guru Team Bot for Telegram on WooCommerce bot-for-telegram-on-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Bot for Telegram on WooCommerce: from n/a through <= 1.2.6.
CVE-2025-3949	Seedprod Website Builder By Seedprod	Med	0.21	4.3	0.01	May 9, 2025	The Website Builder by SeedProd — Theme Builder, Landing Page Builder, Coming Soon Page, Maintenance Mode plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'seedprod_lite_get_revisisons' function in all versions up to,…
CVE-2025-47528	WordPress Ovation Elements	Med	0.21	4.3	0.00	May 7, 2025	Missing Authorization vulnerability in pewilliams Ovation Elements ovation-elements allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ovation Elements: from n/a through <= 1.1.2.
CVE-2025-30851	Tickera Tickera	Med	0.21	4.3	0.00	Mar 27, 2025	Missing Authorization vulnerability in Tickera Tickera tickera-event-ticketing-system allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tickera: from n/a through <= 3.5.5.2.
CVE-2024-13703	Vcita CRM And Lead Management By Vcita	Med	0.21	4.3	0.00	Mar 13, 2025	The CRM and Lead Management by vcita plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the vcita_ajax_toggle_ae() function in all versions up to, and including, 2.7.5. This makes it possible for authenticated attackers,…
CVE-2024-13716	WordPress Forex Calculators	Med	0.21	4.3	0.00	Feb 28, 2025	The Forex Calculators plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_settings_callback() function in all versions up to, and including, 1.3.7. This makes it possible for authenticated attackers, with…
CVE-2024-13449	WordPress Boom Fest	Med	0.21	4.3	0.00	Jan 25, 2025	The Boom Fest plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'bf_admin_action' function in all versions up to, and including, 2.2.1. This makes it possible for authenticated attackers, with Subscriber-level access…

CVE-2025-12175MedOct 31, 2025
WordPress
The Events Calendar
risk 0.21cvss 4.3epss 0.00
The The Events Calendar plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the 'tec_qr_code_modal' AJAX endpoint in all versions up to, and including, 6.15.9. This makes it possible for authenticated attackers, with Subscriber-level…
CVE-2025-11975MedOct 31, 2025
WordPress
Fusewp
risk 0.21cvss 4.3epss 0.00
The FuseWP – WordPress User Sync to Email List & Marketing Automation (Mailchimp, Constant Contact, ActiveCampaign etc.) plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save_changes() function in all versions up…
CVE-2025-10303MedOct 15, 2025
WordPress
Library Management System
risk 0.21cvss 4.3epss 0.00
The Library Management System plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the owt7_library_management_ajax_handler() function in all versions up to, and including, 3.1. This makes it possible for authenticated…
CVE-2025-58258MedSep 22, 2025
WordPress
Lazy Blocks
risk 0.21cvss 4.3epss 0.00
Missing Authorization vulnerability in nK Lazy Blocks lazy-blocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Lazy Blocks: from n/a through <= 4.1.0.
CVE-2025-58016MedSep 22, 2025
WordPress
Cf7 Submissions
risk 0.21cvss 4.3epss 0.00
Missing Authorization vulnerability in Codexpert, Inc CF7 Submissions cf7-submissions allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CF7 Submissions: from n/a through <= 0.26.
CVE-2025-10489MedSep 20, 2025
SureForms
SureForms
risk 0.21cvss 4.3epss 0.00
The SureForms – Drag and Drop Contact Form Builder – Multi-step Forms, Conversational Forms and more plugin for WordPress is vulnerable to unauthorized creation of forms due to a missing capability check on the register_post_types() function in all versions up to, and…
CVE-2025-8446MedSep 16, 2025
WordPress
Blaze Demo Importer
risk 0.21cvss 4.3epss 0.00
The Blaze Demo Importer plugin for WordPress is vulnerable to unauthorized limited plugin install due to a missing capability check on the 'blaze_demo_importer_install_plugin' function in all versions up to, and including, 1.0.12. This makes it possible for authenticated…
CVE-2025-9219MedSep 3, 2025
WordPress
Post SMTP
risk 0.21cvss 4.3epss 0.00
The Post SMTP – WP SMTP Plugin with Email Logs and Mobile App for Failure Notifications – Gmail SMTP, Office 365, Brevo, Mailgun, Amazon SES and more plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the…
CVE-2025-55716MedAug 14, 2025
Veronalabs
Wp Statistics
risk 0.21cvss 4.3epss 0.00
Missing Authorization vulnerability in VeronaLabs WP Statistics wp-statistics allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Statistics: from n/a through <= 14.15.
CVE-2025-5812MedJun 26, 2025
vgwort
VG WORT METIS
risk 0.21cvss 4.3epss 0.00
The VG WORT METIS plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the gutenberg_save_post() function in all versions up to, and including, 2.0.0. This makes it possible for authenticated attackers, with…
CVE-2025-49976MedJun 20, 2025
WANotifier
Notifier
risk 0.21cvss 4.3epss 0.00
Missing Authorization vulnerability in WANotifier Notifier notifier allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Notifier: from n/a through <= 2.7.12.
CVE-2025-4047MedJun 3, 2025
WordPress
Broken Link Checker
risk 0.21cvss 4.3epss 0.00
The Broken Link Checker plugin for WordPress is vulnerable to unauthorized data access due to a missing capability check on the ajax_full_status and ajax_dashboard_status functions in all versions up to, and including, 2.4.4. This makes it possible for authenticated attackers,…
CVE-2025-4431MedMay 30, 2025
WordPress
Featured Image Plus
risk 0.21cvss 4.3epss 0.00
The Featured Image Plus – Quick & Bulk Edit with Unsplash plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the fip_save_attach_featured function in all versions up to, and including, 1.6.4. This makes it possible for…
CVE-2025-48268MedMay 19, 2025
WordPress
Bot For Telegram On Woocommerce
risk 0.21cvss 4.3epss 0.00
Missing Authorization vulnerability in Guru Team Bot for Telegram on WooCommerce bot-for-telegram-on-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Bot for Telegram on WooCommerce: from n/a through <= 1.2.6.
CVE-2025-3949MedMay 9, 2025
Seedprod
Website Builder By Seedprod
risk 0.21cvss 4.3epss 0.01
The Website Builder by SeedProd — Theme Builder, Landing Page Builder, Coming Soon Page, Maintenance Mode plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'seedprod_lite_get_revisisons' function in all versions up to,…
CVE-2025-47528MedMay 7, 2025
WordPress
Ovation Elements
risk 0.21cvss 4.3epss 0.00
Missing Authorization vulnerability in pewilliams Ovation Elements ovation-elements allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ovation Elements: from n/a through <= 1.1.2.
CVE-2025-30851MedMar 27, 2025
Tickera
Tickera
risk 0.21cvss 4.3epss 0.00
Missing Authorization vulnerability in Tickera Tickera tickera-event-ticketing-system allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tickera: from n/a through <= 3.5.5.2.
CVE-2024-13703MedMar 13, 2025
Vcita
CRM And Lead Management By Vcita
risk 0.21cvss 4.3epss 0.00
The CRM and Lead Management by vcita plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the vcita_ajax_toggle_ae() function in all versions up to, and including, 2.7.5. This makes it possible for authenticated attackers,…
CVE-2024-13716MedFeb 28, 2025
WordPress
Forex Calculators
risk 0.21cvss 4.3epss 0.00
The Forex Calculators plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_settings_callback() function in all versions up to, and including, 1.3.7. This makes it possible for authenticated attackers, with…
CVE-2024-13449MedJan 25, 2025
WordPress
Boom Fest
risk 0.21cvss 4.3epss 0.00
The Boom Fest plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'bf_admin_action' function in all versions up to, and including, 2.2.1. This makes it possible for authenticated attackers, with Subscriber-level access…