CWE-862
Missing Authorization
Description
The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-665
CVEs mapped to this weakness (5,549)
page 27 of 278| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-27428 | Hig | 0.50 | 7.7 | 0.01 | Apr 8, 2025 | Due to directory traversal vulnerability, an authorized attacker could gain access to some critical information by using RFC enabled function module. Upon successful exploitation, they could read files from any managed system connected to SAP Solution Manager, leading to high… | ||
| CVE-2025-1657 | Hig | 0.50 | 8.8 | 0.00 | Mar 15, 2025 | The Directory Listings WordPress plugin – uListing plugin for WordPress is vulnerable to unauthorized modification of data and PHP Object Injection due to a missing capability check on the stm_listing_ajax AJAX action in all versions up to, and including, 2.2.0. This makes it… | ||
| CVE-2025-1309 | Hig | 0.50 | 8.8 | 0.00 | Mar 7, 2025 | The UiPress lite | Effortless custom dashboards, admin themes and pages plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the uip_save_form_as_option() function in all versions up… | ||
| CVE-2024-12544 | Hig | 0.50 | 8.8 | 0.01 | Mar 1, 2025 | The SurveyJS: Drag & Drop WordPress Form Builder to create, style and embed multiple forms of any complexity plugin for WordPress is vulnerable to arbitrary file deletion due to a missing capability check on the callback function of the SurveyJS_DeleteFile class in all versions… | ||
| CVE-2024-10591 | Hig | 0.50 | 8.8 | 0.00 | Jan 30, 2025 | The MWB HubSpot for WooCommerce – CRM, Abandoned Cart, Email Marketing, Marketing Automation & Analytics plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the hubwoo_save_updates()… | ||
| CVE-2024-12172 | Hig | 0.50 | 7.5 | 0.01 | Dec 12, 2024 | The WP Courses LMS – Online Courses Builder, eLearning Courses, Courses Solution, Education Courses plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the wpc_update_user_meta_option() function in all versions up to, and including,… | ||
| CVE-2024-11643 | Hig | 0.50 | 8.8 | 0.01 | Dec 4, 2024 | The Accessibility by AllAccessible plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the 'AllAccessible_save_settings' function in all versions up to, and including, 1.3.4. This… | ||
| CVE-2024-11194 | Hig | 0.50 | 8.8 | 0.01 | Nov 19, 2024 | The Classified Listing – Classified ads & Business Directory Plugin plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a misconfigured check on the 'rtcl_import_settings' function in all versions up to, and… | ||
| CVE-2024-49657 | Hig | 0.50 | 7.7 | 0.00 | Oct 23, 2024 | Missing Authorization vulnerability in Renata Bracichowicz 3D Work In Progress renee-work-in-progress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects 3D Work In Progress: from n/a through <= 1.0.3. | ||
| CVE-2024-6660 | Hig | 0.50 | 8.8 | 0.01 | Jul 17, 2024 | The BookingPress – Appointment Booking Calendar Plugin and Online Scheduling Plugin plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the bookingpress_import_data_continue_process_f… | ||
| CVE-2024-6069 | Hig | 0.50 | 8.8 | 0.01 | Jul 9, 2024 | The Registration Forms – User Registration Forms, Invitation-Based Registrations, Front-end User Profile, Login Form & Content Restriction plugin for WordPress is vulnerable to unauthorized arbitrary plugin installation due to a missing capability check on the… | ||
| CVE-2024-3750 | Hig | 0.50 | 8.8 | 0.01 | May 16, 2024 | The Visualizer: Tables and Charts Manager for WordPress plugin for WordPress is vulnerable to unauthorized modification and retrieval of data due to a missing capability check on the getQueryData() function in all versions up to, and including, 3.10.15. This makes it possible… | ||
| CVE-2024-4010 | Hig | 0.50 | 8.8 | 0.00 | May 15, 2024 | The Email Subscribers by Icegram Express plugin for WordPress is vulnerable to unauthorized access of data, modification of data, and loss of data due to a missing capability check on the handle_ajax_request function in all versions up to, and including, 5.7.19. This makes it… | ||
| CVE-2024-1438 | Hig | 0.50 | 7.7 | 0.00 | May 8, 2024 | Missing Authorization vulnerability in PressFore Rolo Slider.This issue affects Rolo Slider: from n/a through 1.0.9. | ||
| CVE-2024-3895 | Hig | 0.50 | 8.8 | 0.01 | May 2, 2024 | The WP Datepicker plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wpdp_add_new_datepicker_ajax() function in all versions up to, and including, 2.1.0. This makes it possible for authenticated attackers, with … | ||
| CVE-2024-2417 | Hig | 0.50 | 8.8 | 0.01 | May 2, 2024 | The User Registration – Custom Registration Form, Login Form, and User Profile WordPress Plugin plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the form_save_action() function in all versions up to, and including, 3.1.5. This… | ||
| CVE-2023-51500 | Hig | 0.50 | 7.7 | 0.00 | Apr 17, 2024 | Missing Authorization vulnerability in Undsgn Uncode Core.This issue affects Uncode Core: from n/a through 2.8.8. | ||
| CVE-2023-51418 | Hig | 0.50 | 7.7 | 0.00 | Apr 17, 2024 | Missing Authorization vulnerability in Joris van Montfort JVM rich text icons.This issue affects JVM rich text icons: from n/a through 1.2.6. | ||
| CVE-2024-1991 | Hig | 0.50 | 8.8 | 0.01 | Apr 9, 2024 | The RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the update_users_role() function in all versions up to, and including, 5.3.0.0. This… | ||
| CVE-2024-0683 | Hig | 0.50 | 7.3 | 0.01 | Mar 13, 2024 | The Bulgarisation for WooCommerce plugin for WordPress is vulnerable to unauthorized access due to missing capability checks on several functions in all versions up to, and including, 3.0.14. This makes it possible for unauthenticated and authenticated attackers, with… |
- risk 0.50cvss 7.7epss 0.01
Due to directory traversal vulnerability, an authorized attacker could gain access to some critical information by using RFC enabled function module. Upon successful exploitation, they could read files from any managed system connected to SAP Solution Manager, leading to high…
- risk 0.50cvss 8.8epss 0.00
The Directory Listings WordPress plugin – uListing plugin for WordPress is vulnerable to unauthorized modification of data and PHP Object Injection due to a missing capability check on the stm_listing_ajax AJAX action in all versions up to, and including, 2.2.0. This makes it…
- risk 0.50cvss 8.8epss 0.00
The UiPress lite | Effortless custom dashboards, admin themes and pages plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the uip_save_form_as_option() function in all versions up…
- risk 0.50cvss 8.8epss 0.01
The SurveyJS: Drag & Drop WordPress Form Builder to create, style and embed multiple forms of any complexity plugin for WordPress is vulnerable to arbitrary file deletion due to a missing capability check on the callback function of the SurveyJS_DeleteFile class in all versions…
- risk 0.50cvss 8.8epss 0.00
The MWB HubSpot for WooCommerce – CRM, Abandoned Cart, Email Marketing, Marketing Automation & Analytics plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the hubwoo_save_updates()…
- risk 0.50cvss 7.5epss 0.01
The WP Courses LMS – Online Courses Builder, eLearning Courses, Courses Solution, Education Courses plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the wpc_update_user_meta_option() function in all versions up to, and including,…
- risk 0.50cvss 8.8epss 0.01
The Accessibility by AllAccessible plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the 'AllAccessible_save_settings' function in all versions up to, and including, 1.3.4. This…
- risk 0.50cvss 8.8epss 0.01
The Classified Listing – Classified ads & Business Directory Plugin plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a misconfigured check on the 'rtcl_import_settings' function in all versions up to, and…
- risk 0.50cvss 7.7epss 0.00
Missing Authorization vulnerability in Renata Bracichowicz 3D Work In Progress renee-work-in-progress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects 3D Work In Progress: from n/a through <= 1.0.3.
- risk 0.50cvss 8.8epss 0.01
The BookingPress – Appointment Booking Calendar Plugin and Online Scheduling Plugin plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the bookingpress_import_data_continue_process_f…
- risk 0.50cvss 8.8epss 0.01
The Registration Forms – User Registration Forms, Invitation-Based Registrations, Front-end User Profile, Login Form & Content Restriction plugin for WordPress is vulnerable to unauthorized arbitrary plugin installation due to a missing capability check on the…
- risk 0.50cvss 8.8epss 0.01
The Visualizer: Tables and Charts Manager for WordPress plugin for WordPress is vulnerable to unauthorized modification and retrieval of data due to a missing capability check on the getQueryData() function in all versions up to, and including, 3.10.15. This makes it possible…
- risk 0.50cvss 8.8epss 0.00
The Email Subscribers by Icegram Express plugin for WordPress is vulnerable to unauthorized access of data, modification of data, and loss of data due to a missing capability check on the handle_ajax_request function in all versions up to, and including, 5.7.19. This makes it…
- risk 0.50cvss 7.7epss 0.00
Missing Authorization vulnerability in PressFore Rolo Slider.This issue affects Rolo Slider: from n/a through 1.0.9.
- risk 0.50cvss 8.8epss 0.01
The WP Datepicker plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wpdp_add_new_datepicker_ajax() function in all versions up to, and including, 2.1.0. This makes it possible for authenticated attackers, with …
- risk 0.50cvss 8.8epss 0.01
The User Registration – Custom Registration Form, Login Form, and User Profile WordPress Plugin plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the form_save_action() function in all versions up to, and including, 3.1.5. This…
- risk 0.50cvss 7.7epss 0.00
Missing Authorization vulnerability in Undsgn Uncode Core.This issue affects Uncode Core: from n/a through 2.8.8.
- risk 0.50cvss 7.7epss 0.00
Missing Authorization vulnerability in Joris van Montfort JVM rich text icons.This issue affects JVM rich text icons: from n/a through 1.2.6.
- risk 0.50cvss 8.8epss 0.01
The RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the update_users_role() function in all versions up to, and including, 5.3.0.0. This…
- risk 0.50cvss 7.3epss 0.01
The Bulgarisation for WooCommerce plugin for WordPress is vulnerable to unauthorized access due to missing capability checks on several functions in all versions up to, and including, 3.0.14. This makes it possible for unauthenticated and authenticated attackers, with…