CWE-862

Missing Authorization

ClassIncompleteLikelihood: High

Description

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

Hierarchy (View 1000)

Parents

CWE-285

Children

Related attack patterns (CAPEC)

CAPEC-665

CVEs mapped to this weakness (5,490)

page 238 of 275

CVE	Vendor / Product	Sev	Risk	CVSS	EPSS	Published	Description
CVE-2024-13368	Youzify Youzify	Med	0.21	4.3	0.00	Jan 25, 2025	The Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the youzify_offer_banner() function in all versions up to, and including, 1.3.4.…
CVE-2024-11851	Nitropack Nitropack	Med	0.21	4.3	0.00	Jan 15, 2025	The NitroPack plugin for WordPress is vulnerable to unauthorized arbitrary transient update due to a missing capability check on the nitropack_rml_notification function in all versions up to, and including, 1.17.0. This makes it possible for authenticated attackers, with…
CVE-2025-22800	Wpexperts Post SMTP	Med	0.21	4.3	0.00	Jan 13, 2025	Missing Authorization vulnerability in Saad Iqbal Post SMTP post-smtp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Post SMTP: from n/a through <= 2.9.11.
CVE-2024-12606	Scribe Scribe	Med	0.21	4.3	0.00	Jan 10, 2025	The AI Scribe – SEO AI Writer, Content Generator, Humanizer, Blog Writer, SEO Optimizer, DALLE-3, AI WordPress Plugin ChatGPT (GPT-4o 128K) plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the engine_request_data()…
CVE-2024-12616	Bitly Bitly	Med	0.21	4.3	0.00	Jan 9, 2025	The Bitly's WordPress Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several AJAX actions in all versions up to, and including, 2.7.3. This makes it possible for authenticated attackers, with…
CVE-2024-10536	WordPress Post Block	Med	0.21	4.3	0.00	Jan 7, 2025	The FancyPost – Best Ultimate Post Block, Post Grid, Layouts, Carousel, Slider For Gutenberg & Elementor plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the handle_block_shortcode_export() function in all versions up to,…
CVE-2023-47778	WordPress Luckywp Scripts Control	Med	0.21	4.3	0.00	Jan 2, 2025	Missing Authorization vulnerability in LuckyWP LuckyWP Scripts Control luckywp-scripts-control allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LuckyWP Scripts Control: from n/a through <= 1.2.1.
CVE-2023-45765	Leevio Wp ERP	Med	0.21	4.3	0.00	Jan 2, 2025	Missing Authorization vulnerability in weDevs WP ERP erp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP ERP: from n/a through <= 1.12.6.
CVE-2024-12190	WordPress Bit Form	Med	0.21	4.3	0.00	Dec 25, 2024	The Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the bitform-form-entry-edit endpoint in all versions…
CVE-2024-54268	Siteorigin Siteorigin Widgets Bundle	Med	0.21	4.3	0.01	Dec 13, 2024	Missing Authorization vulnerability in Greg - SiteOrigin SiteOrigin Widgets Bundle so-widgets-bundle allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SiteOrigin Widgets Bundle: from n/a through <= 1.64.0.
CVE-2024-12018	Yeken Snippet Shortcodes	Med	0.21	4.3	0.00	Dec 12, 2024	The Snippet Shortcodes plugin for WordPress is vulnerable to unauthorized Shortcode Deletion due to missing authorization in all versions up to, and including, 4.1.6. Note that a nonce is used as authentication here, but the value is leaked. This makes it possible for…
CVE-2023-25993	Webberzone Top 10	Med	0.21	4.3	0.00	Dec 9, 2024	Missing Authorization vulnerability in WebberZone Top 10 allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Top 10: from n/a through 3.2.3.
CVE-2024-12026	WordPress Cf7 Message Filter	Med	0.21	4.3	0.00	Dec 7, 2024	The Message Filter for Contact Form 7 plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the saveFilter() function in all versions up to, and including, 1.6.3. This makes it possible for authenticated attackers, with…
CVE-2024-12027	WordPress Cf7 Message Filter	Med	0.21	4.3	0.00	Dec 6, 2024	The Message Filter for Contact Form 7 plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the updateFilter() and deleteFilter() functions in all versions up to, and including, 1.6.3. This makes it possible for…
CVE-2024-10532	WordPress Bard Extra	Med	0.21	4.3	0.01	Nov 21, 2024	The Bard Extra plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the bardxtra_import_xml() function in all versions up to, and including, 1.2.7. This makes it possible for authenticated attackers, with subscriber-level…
CVE-2024-11154	Publishpress Publishpress Revisions	Med	0.21	4.3	0.00	Nov 20, 2024	The PublishPress Revisions: Duplicate Posts, Submit, Approve and Schedule Content Changes plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.5.15 via the 'actAjaxRevisionDiffs' function. This makes it possible for…
CVE-2024-10786	WordPress Simple Local Avatars	Med	0.21	4.3	0.00	Nov 16, 2024	The Simple Local Avatars plugin for WordPress is vulnerable to unauthorized modification of datadue to a missing capability check on the sla_clear_user_cache function in all versions up to, and including, 2.7.11. This makes it possible for authenticated attackers, with…
CVE-2024-10399	WordPress Download Monitor	Med	0.21	4.3	0.00	Oct 30, 2024	The Download Monitor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_search_users function in all versions up to, and including, 5.0.13. This makes it possible for authenticated attackers, with…
CVE-2024-10437	WPC Smart Messages for WooCommerce	Med	0.21	4.3	0.00	Oct 29, 2024	The WPC Smart Messages for WooCommerce plugin for WordPress is vulnerable to unauthorized Smar Message activation/deactivation due to a missing capability check on the ajax_enable function in all versions up to, and including, 4.2.1. This makes it possible for authenticated…
CVE-2024-10092	WordPress Download Monitor	Med	0.21	4.3	0.00	Oct 26, 2024	The Download Monitor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_handle_api_key_actions function in all versions up to, and including, 5.0.12. This makes it possible for authenticated attackers, with…

CVE-2024-13368MedJan 25, 2025
Youzify
Youzify
risk 0.21cvss 4.3epss 0.00
The Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the youzify_offer_banner() function in all versions up to, and including, 1.3.4.…
CVE-2024-11851MedJan 15, 2025
Nitropack
Nitropack
risk 0.21cvss 4.3epss 0.00
The NitroPack plugin for WordPress is vulnerable to unauthorized arbitrary transient update due to a missing capability check on the nitropack_rml_notification function in all versions up to, and including, 1.17.0. This makes it possible for authenticated attackers, with…
CVE-2025-22800MedJan 13, 2025
Wpexperts
Post SMTP
risk 0.21cvss 4.3epss 0.00
Missing Authorization vulnerability in Saad Iqbal Post SMTP post-smtp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Post SMTP: from n/a through <= 2.9.11.
CVE-2024-12606MedJan 10, 2025
Scribe
Scribe
risk 0.21cvss 4.3epss 0.00
The AI Scribe – SEO AI Writer, Content Generator, Humanizer, Blog Writer, SEO Optimizer, DALLE-3, AI WordPress Plugin ChatGPT (GPT-4o 128K) plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the engine_request_data()…
CVE-2024-12616MedJan 9, 2025
Bitly
Bitly
risk 0.21cvss 4.3epss 0.00
The Bitly's WordPress Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several AJAX actions in all versions up to, and including, 2.7.3. This makes it possible for authenticated attackers, with…
CVE-2024-10536MedJan 7, 2025
WordPress
Post Block
risk 0.21cvss 4.3epss 0.00
The FancyPost – Best Ultimate Post Block, Post Grid, Layouts, Carousel, Slider For Gutenberg & Elementor plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the handle_block_shortcode_export() function in all versions up to,…
CVE-2023-47778MedJan 2, 2025
WordPress
Luckywp Scripts Control
risk 0.21cvss 4.3epss 0.00
Missing Authorization vulnerability in LuckyWP LuckyWP Scripts Control luckywp-scripts-control allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LuckyWP Scripts Control: from n/a through <= 1.2.1.
CVE-2023-45765MedJan 2, 2025
Leevio
Wp ERP
risk 0.21cvss 4.3epss 0.00
Missing Authorization vulnerability in weDevs WP ERP erp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP ERP: from n/a through <= 1.12.6.
CVE-2024-12190MedDec 25, 2024
WordPress
Bit Form
risk 0.21cvss 4.3epss 0.00
The Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the bitform-form-entry-edit endpoint in all versions…
CVE-2024-54268MedDec 13, 2024
Siteorigin
Siteorigin Widgets Bundle
risk 0.21cvss 4.3epss 0.01
Missing Authorization vulnerability in Greg - SiteOrigin SiteOrigin Widgets Bundle so-widgets-bundle allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SiteOrigin Widgets Bundle: from n/a through <= 1.64.0.
CVE-2024-12018MedDec 12, 2024
Yeken
Snippet Shortcodes
risk 0.21cvss 4.3epss 0.00
The Snippet Shortcodes plugin for WordPress is vulnerable to unauthorized Shortcode Deletion due to missing authorization in all versions up to, and including, 4.1.6. Note that a nonce is used as authentication here, but the value is leaked. This makes it possible for…
CVE-2023-25993MedDec 9, 2024
Webberzone
Top 10
risk 0.21cvss 4.3epss 0.00
Missing Authorization vulnerability in WebberZone Top 10 allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Top 10: from n/a through 3.2.3.
CVE-2024-12026MedDec 7, 2024
WordPress
Cf7 Message Filter
risk 0.21cvss 4.3epss 0.00
The Message Filter for Contact Form 7 plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the saveFilter() function in all versions up to, and including, 1.6.3. This makes it possible for authenticated attackers, with…
CVE-2024-12027MedDec 6, 2024
WordPress
Cf7 Message Filter
risk 0.21cvss 4.3epss 0.00
The Message Filter for Contact Form 7 plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the updateFilter() and deleteFilter() functions in all versions up to, and including, 1.6.3. This makes it possible for…
CVE-2024-10532MedNov 21, 2024
WordPress
Bard Extra
risk 0.21cvss 4.3epss 0.01
The Bard Extra plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the bardxtra_import_xml() function in all versions up to, and including, 1.2.7. This makes it possible for authenticated attackers, with subscriber-level…
CVE-2024-11154MedNov 20, 2024
Publishpress
Publishpress Revisions
risk 0.21cvss 4.3epss 0.00
The PublishPress Revisions: Duplicate Posts, Submit, Approve and Schedule Content Changes plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.5.15 via the 'actAjaxRevisionDiffs' function. This makes it possible for…
CVE-2024-10786MedNov 16, 2024
WordPress
Simple Local Avatars
risk 0.21cvss 4.3epss 0.00
The Simple Local Avatars plugin for WordPress is vulnerable to unauthorized modification of datadue to a missing capability check on the sla_clear_user_cache function in all versions up to, and including, 2.7.11. This makes it possible for authenticated attackers, with…
CVE-2024-10399MedOct 30, 2024
WordPress
Download Monitor
risk 0.21cvss 4.3epss 0.00
The Download Monitor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_search_users function in all versions up to, and including, 5.0.13. This makes it possible for authenticated attackers, with…
CVE-2024-10437MedOct 29, 2024
WPC
Smart Messages for WooCommerce
risk 0.21cvss 4.3epss 0.00
The WPC Smart Messages for WooCommerce plugin for WordPress is vulnerable to unauthorized Smar Message activation/deactivation due to a missing capability check on the ajax_enable function in all versions up to, and including, 4.2.1. This makes it possible for authenticated…
CVE-2024-10092MedOct 26, 2024
WordPress
Download Monitor
risk 0.21cvss 4.3epss 0.00
The Download Monitor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_handle_api_key_actions function in all versions up to, and including, 5.0.12. This makes it possible for authenticated attackers, with…