CWE-862

Missing Authorization

ClassIncompleteLikelihood: High

Description

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

Hierarchy (View 1000)

Parents

CWE-285

Children

Related attack patterns (CAPEC)

CAPEC-665

CVEs mapped to this weakness (4,561)

page 29 of 229

CVE	Sev	Risk	CVSS	Published	Description
CVE-2025-6814	Hig	0.49	7.5	Jul 4, 2025	The Booking X plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the export_now() function in versions 1.0 to 1.1.2. This makes it possible for unauthenticated attackers to download all plugin data, including user accounts, user meta, and PayPal credentials, by issuing a crafted POST request.
CVE-2025-52802	Hig	0.49	7.5	Jun 20, 2025	Missing Authorization vulnerability in enguerranws Import YouTube videos as WP Posts import-youtube-videos-as-wp-post allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Import YouTube videos as WP Posts: from n/a through <= 2.1.
CVE-2025-49265	Hig	0.49	7.5	Jun 9, 2025	Missing Authorization vulnerability in WP Swings Membership For WooCommerce membership-for-woocommerce allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Membership For WooCommerce: from n/a through <= 2.8.1.
CVE-2025-32308	Hig	0.49	7.6	Jun 9, 2025	Missing Authorization vulnerability in looks_awesome Team Builder a-team-showcase allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Team Builder: from n/a through <= 1.5.7.
CVE-2025-47558	Hig	0.49	7.5	May 23, 2025	Missing Authorization vulnerability in RomanCode MapSVG mapsvg allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects MapSVG: from n/a through < 8.6.13.
CVE-2025-39451	Hig	0.49	7.5	May 19, 2025	Missing Authorization vulnerability in Crocoblock JetBlocks For Elementor jet-blocks allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects JetBlocks For Elementor: from n/a through <= 1.3.16.
CVE-2025-39449	Hig	0.49	7.5	May 19, 2025	Missing Authorization vulnerability in Crocoblock JetWooBuilder jet-woo-builder allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects JetWooBuilder: from n/a through <= 2.1.18.
CVE-2025-39447	Hig	0.49	7.5	May 19, 2025	Missing Authorization vulnerability in Crocoblock JetElements For Elementor jet-elements allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects JetElements For Elementor: from n/a through <= 2.7.4.1.
CVE-2021-47662	Hig	0.49	7.5	Apr 24, 2025	Due to missing authorization an unauthenticated remote attacker can cause a DoS attack by connecting via HTTPS and triggering the shutdown button.
CVE-2025-39532	Hig	0.49	7.5	Apr 17, 2025	Missing Authorization vulnerability in spicethemes Spice Blocks spice-blocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Spice Blocks: from n/a through <= 2.0.7.7.
CVE-2025-32544	Hig	0.49	7.5	Apr 17, 2025	Missing Authorization vulnerability in The Right Software WooCommerce Loyal Customers woocommerce-loyal-customer allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WooCommerce Loyal Customers: from n/a through <= 2.6.
CVE-2025-26968	Hig	0.49	7.5	Apr 17, 2025	Missing Authorization vulnerability in webbernaut Cloak Front End Email allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Cloak Front End Email: from n/a through 1.9.5.
CVE-2025-27008	Hig	0.49	7.5	Apr 15, 2025	Missing Authorization vulnerability in NotFound Unlimited Timeline unlimited-timeline allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Unlimited Timeline: from n/a through < 1.6.1.
CVE-2025-26953	Hig	0.49	7.5	Apr 15, 2025	Missing Authorization vulnerability in Crocoblock JetMenu jet-menu allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects JetMenu: from n/a through <= 2.4.9.
CVE-2025-32929	Hig	0.49	7.5	Apr 15, 2025	Missing Authorization vulnerability in Dmitry V. (CEO of "UKR Solution") Barcode Generator for WooCommerce embedding-barcodes-into-product-pages-and-orders allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Barcode Generator for WooCommerce: from n/a through <= 2.0.4.
CVE-2025-26958	Hig	0.49	7.5	Apr 15, 2025	Missing Authorization vulnerability in Crocoblock JetBlog jet-blog allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects JetBlog: from n/a through <= 2.4.3.
CVE-2025-26944	Hig	0.49	7.5	Apr 15, 2025	Missing Authorization vulnerability in Crocoblock JetPopup jet-popup allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects JetPopup: from n/a through <= 2.0.11.
CVE-2025-26942	Hig	0.49	7.5	Apr 15, 2025	Missing Authorization vulnerability in Crocoblock JetTricks jet-tricks allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects JetTricks: from n/a through <= 1.5.1.
CVE-2025-31041	Hig	0.49	7.5	Apr 11, 2025	Missing Authorization vulnerability in AnyTrack AnyTrack Affiliate Link Manager anytrack-affiliate-link-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AnyTrack Affiliate Link Manager: from n/a through <= 1.0.4.
CVE-2025-31377	Hig	0.49	7.5	Apr 9, 2025	Missing Authorization vulnerability in Asaquzzaman mishu Woo Product Feed For Marketing Channels woocommerce-to-google-merchant-center allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Woo Product Feed For Marketing Channels: from n/a through <= 1.9.0.

CVE-2025-6814HigJul 4, 2025
risk 0.49cvss 7.5epss 0.00
The Booking X plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the export_now() function in versions 1.0 to 1.1.2. This makes it possible for unauthenticated attackers to download all plugin data, including user accounts, user meta, and PayPal credentials, by issuing a crafted POST request.
CVE-2025-52802HigJun 20, 2025
risk 0.49cvss 7.5epss 0.00
Missing Authorization vulnerability in enguerranws Import YouTube videos as WP Posts import-youtube-videos-as-wp-post allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Import YouTube videos as WP Posts: from n/a through <= 2.1.
CVE-2025-49265HigJun 9, 2025
risk 0.49cvss 7.5epss 0.00
Missing Authorization vulnerability in WP Swings Membership For WooCommerce membership-for-woocommerce allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Membership For WooCommerce: from n/a through <= 2.8.1.
CVE-2025-32308HigJun 9, 2025
risk 0.49cvss 7.6epss 0.00
Missing Authorization vulnerability in looks_awesome Team Builder a-team-showcase allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Team Builder: from n/a through <= 1.5.7.
CVE-2025-47558HigMay 23, 2025
risk 0.49cvss 7.5epss 0.00
Missing Authorization vulnerability in RomanCode MapSVG mapsvg allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects MapSVG: from n/a through < 8.6.13.
CVE-2025-39451HigMay 19, 2025
risk 0.49cvss 7.5epss 0.00
Missing Authorization vulnerability in Crocoblock JetBlocks For Elementor jet-blocks allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects JetBlocks For Elementor: from n/a through <= 1.3.16.
CVE-2025-39449HigMay 19, 2025
risk 0.49cvss 7.5epss 0.00
Missing Authorization vulnerability in Crocoblock JetWooBuilder jet-woo-builder allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects JetWooBuilder: from n/a through <= 2.1.18.
CVE-2025-39447HigMay 19, 2025
risk 0.49cvss 7.5epss 0.00
Missing Authorization vulnerability in Crocoblock JetElements For Elementor jet-elements allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects JetElements For Elementor: from n/a through <= 2.7.4.1.
CVE-2021-47662HigApr 24, 2025
risk 0.49cvss 7.5epss 0.00
Due to missing authorization an unauthenticated remote attacker can cause a DoS attack by connecting via HTTPS and triggering the shutdown button.
CVE-2025-39532HigApr 17, 2025
risk 0.49cvss 7.5epss 0.00
Missing Authorization vulnerability in spicethemes Spice Blocks spice-blocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Spice Blocks: from n/a through <= 2.0.7.7.
CVE-2025-32544HigApr 17, 2025
risk 0.49cvss 7.5epss 0.00
Missing Authorization vulnerability in The Right Software WooCommerce Loyal Customers woocommerce-loyal-customer allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WooCommerce Loyal Customers: from n/a through <= 2.6.
CVE-2025-26968HigApr 17, 2025
risk 0.49cvss 7.5epss 0.00
Missing Authorization vulnerability in webbernaut Cloak Front End Email allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Cloak Front End Email: from n/a through 1.9.5.
CVE-2025-27008HigApr 15, 2025
risk 0.49cvss 7.5epss 0.00
Missing Authorization vulnerability in NotFound Unlimited Timeline unlimited-timeline allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Unlimited Timeline: from n/a through < 1.6.1.
CVE-2025-26953HigApr 15, 2025
risk 0.49cvss 7.5epss 0.00
Missing Authorization vulnerability in Crocoblock JetMenu jet-menu allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects JetMenu: from n/a through <= 2.4.9.
CVE-2025-32929HigApr 15, 2025
risk 0.49cvss 7.5epss 0.00
Missing Authorization vulnerability in Dmitry V. (CEO of "UKR Solution") Barcode Generator for WooCommerce embedding-barcodes-into-product-pages-and-orders allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Barcode Generator for WooCommerce: from n/a through <= 2.0.4.
CVE-2025-26958HigApr 15, 2025
risk 0.49cvss 7.5epss 0.00
Missing Authorization vulnerability in Crocoblock JetBlog jet-blog allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects JetBlog: from n/a through <= 2.4.3.
CVE-2025-26944HigApr 15, 2025
risk 0.49cvss 7.5epss 0.00
Missing Authorization vulnerability in Crocoblock JetPopup jet-popup allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects JetPopup: from n/a through <= 2.0.11.
CVE-2025-26942HigApr 15, 2025
risk 0.49cvss 7.5epss 0.00
Missing Authorization vulnerability in Crocoblock JetTricks jet-tricks allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects JetTricks: from n/a through <= 1.5.1.
CVE-2025-31041HigApr 11, 2025
risk 0.49cvss 7.5epss 0.00
Missing Authorization vulnerability in AnyTrack AnyTrack Affiliate Link Manager anytrack-affiliate-link-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AnyTrack Affiliate Link Manager: from n/a through <= 1.0.4.
CVE-2025-31377HigApr 9, 2025
risk 0.49cvss 7.5epss 0.00
Missing Authorization vulnerability in Asaquzzaman mishu Woo Product Feed For Marketing Channels woocommerce-to-google-merchant-center allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Woo Product Feed For Marketing Channels: from n/a through <= 1.9.0.