CWE-862
Missing Authorization
Description
The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-665
CVEs mapped to this weakness (5,549)
page 29 of 278| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-48883 | Hig | 0.49 | 7.5 | 0.00 | Jun 15, 2026 | Unauthenticated Broken Access Control in WPC Product Bundles for WooCommerce <= 8.5.3 versions. | ||
| CVE-2026-48873 | Hig | 0.49 | 7.5 | 0.00 | Jun 15, 2026 | Unauthenticated Broken Access Control in Montonio for WooCommerce <= 10.1.2 versions. | ||
| CVE-2026-48835 | Hig | 0.49 | 7.5 | 0.00 | Jun 15, 2026 | Unauthenticated Broken Access Control in Contact Form by WPForms <= 1.10.0.4 versions. | ||
| CVE-2026-42666 | Hig | 0.49 | 7.5 | 0.00 | Jun 15, 2026 | Unauthenticated Broken Access Control in Salon booking system <= 10.30.25 versions. | ||
| CVE-2026-40776 | Hig | 0.49 | 7.5 | 0.00 | Jun 15, 2026 | Unauthenticated Broken Access Control in WP Event SOlution <= 4.1.8 versions. | ||
| CVE-2026-40774 | Hig | 0.49 | 7.5 | 0.00 | Jun 15, 2026 | Unauthenticated Broken Access Control in Booking Package <= 1.7.06 versions. | ||
| CVE-2026-40741 | Hig | 0.49 | 7.5 | 0.00 | Jun 15, 2026 | Unauthenticated Broken Access Control in Redsys for WooCommerce Light <= 7.0.0 versions. | ||
| CVE-2026-39534 | Hig | 0.49 | 7.5 | 0.00 | Jun 15, 2026 | Unauthenticated Broken Access Control in WP Directory Kit <= 1.5.0 versions. | ||
| CVE-2026-39533 | Hig | 0.49 | 7.5 | 0.00 | Jun 15, 2026 | Unauthenticated Broken Access Control in AWP Classifieds <= 4.4.4 versions. | ||
| CVE-2026-39524 | Hig | 0.49 | 7.5 | 0.00 | Jun 15, 2026 | Unauthenticated Broken Access Control in Masteriyo - LMS <= 2.1.5 versions. | ||
| CVE-2026-39513 | Hig | 0.49 | 7.5 | 0.00 | Jun 15, 2026 | Unauthenticated Broken Access Control in Easy Appointments <= 3.12.21 versions. | ||
| CVE-2026-39503 | Hig | 0.49 | 7.5 | 0.00 | Jun 15, 2026 | Unauthenticated Broken Access Control in Easy Digital Downloads <= 3.6.5 versions. | ||
| CVE-2026-34898 | Hig | 0.49 | 7.5 | 0.00 | Jun 15, 2026 | Unauthenticated Broken Access Control in Event Tickets Manager for WooCommerce <= 1.5.3 versions. | ||
| CVE-2026-34886 | Hig | 0.49 | 7.5 | 0.00 | Jun 15, 2026 | Unauthenticated Broken Access Control in Simple Membership <= 4.7.1 versions. | ||
| CVE-2026-25425 | Hig | 0.49 | 7.5 | 0.00 | Jun 15, 2026 | Unauthenticated Broken Access Control in User Registration <= 5.1.2 versions. | ||
| CVE-2026-50108 | Hig | 0.49 | 7.5 | 0.00 | Jun 12, 2026 | The Naxclow platform API that returns device relay registration details exposes a persistent credential without verifying that the requester is the legitimate device or owner. An actor able to present a platform-valid request signature can retrieve credentials for arbitrary… | ||
| CVE-2026-26237 | Hig | 0.49 | 7.5 | 0.00 | Jun 10, 2026 | A missing authorization vulnerability has been reported to affect QuMagie. The remote attackers can then exploit the vulnerability to access unauthorized data or perform unauthorized actions. We have already fixed the vulnerability in the following version: QuMagie 2.9.0 and… | ||
| CVE-2026-26236 | Hig | 0.49 | 7.5 | 0.00 | Jun 9, 2026 | A missing authorization vulnerability has been reported to affect QuMagie. The remote attackers can then exploit the vulnerability to access unauthorized data or perform unauthorized actions. We have already fixed the vulnerability in the following version: QuMagie 2.9.0 and… | ||
| CVE-2026-10737 | Hig | 0.49 | 7.5 | 0.00 | Jun 4, 2026 | The SP Project & Document Manager plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the view_file function in all versions up to, and including, 4.71. This makes it possible for unauthenticated attackers to read file metadata and… | ||
| CVE-2026-42670 | Hig | 0.49 | 7.5 | 0.00 | Jun 2, 2026 | Missing Authorization vulnerability in Etoile Web Design Incorporated Five Star Restaurant Reservations allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Five Star Restaurant Reservations: from n/a through 2.7.14. |
- risk 0.49cvss 7.5epss 0.00
Unauthenticated Broken Access Control in WPC Product Bundles for WooCommerce <= 8.5.3 versions.
- risk 0.49cvss 7.5epss 0.00
Unauthenticated Broken Access Control in Montonio for WooCommerce <= 10.1.2 versions.
- risk 0.49cvss 7.5epss 0.00
Unauthenticated Broken Access Control in Contact Form by WPForms <= 1.10.0.4 versions.
- risk 0.49cvss 7.5epss 0.00
Unauthenticated Broken Access Control in Salon booking system <= 10.30.25 versions.
- risk 0.49cvss 7.5epss 0.00
Unauthenticated Broken Access Control in WP Event SOlution <= 4.1.8 versions.
- risk 0.49cvss 7.5epss 0.00
Unauthenticated Broken Access Control in Booking Package <= 1.7.06 versions.
- risk 0.49cvss 7.5epss 0.00
Unauthenticated Broken Access Control in Redsys for WooCommerce Light <= 7.0.0 versions.
- risk 0.49cvss 7.5epss 0.00
Unauthenticated Broken Access Control in WP Directory Kit <= 1.5.0 versions.
- risk 0.49cvss 7.5epss 0.00
Unauthenticated Broken Access Control in AWP Classifieds <= 4.4.4 versions.
- risk 0.49cvss 7.5epss 0.00
Unauthenticated Broken Access Control in Masteriyo - LMS <= 2.1.5 versions.
- risk 0.49cvss 7.5epss 0.00
Unauthenticated Broken Access Control in Easy Appointments <= 3.12.21 versions.
- risk 0.49cvss 7.5epss 0.00
Unauthenticated Broken Access Control in Easy Digital Downloads <= 3.6.5 versions.
- risk 0.49cvss 7.5epss 0.00
Unauthenticated Broken Access Control in Event Tickets Manager for WooCommerce <= 1.5.3 versions.
- risk 0.49cvss 7.5epss 0.00
Unauthenticated Broken Access Control in Simple Membership <= 4.7.1 versions.
- risk 0.49cvss 7.5epss 0.00
Unauthenticated Broken Access Control in User Registration <= 5.1.2 versions.
- risk 0.49cvss 7.5epss 0.00
The Naxclow platform API that returns device relay registration details exposes a persistent credential without verifying that the requester is the legitimate device or owner. An actor able to present a platform-valid request signature can retrieve credentials for arbitrary…
- risk 0.49cvss 7.5epss 0.00
A missing authorization vulnerability has been reported to affect QuMagie. The remote attackers can then exploit the vulnerability to access unauthorized data or perform unauthorized actions. We have already fixed the vulnerability in the following version: QuMagie 2.9.0 and…
- risk 0.49cvss 7.5epss 0.00
A missing authorization vulnerability has been reported to affect QuMagie. The remote attackers can then exploit the vulnerability to access unauthorized data or perform unauthorized actions. We have already fixed the vulnerability in the following version: QuMagie 2.9.0 and…
- risk 0.49cvss 7.5epss 0.00
The SP Project & Document Manager plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the view_file function in all versions up to, and including, 4.71. This makes it possible for unauthenticated attackers to read file metadata and…
- risk 0.49cvss 7.5epss 0.00
Missing Authorization vulnerability in Etoile Web Design Incorporated Five Star Restaurant Reservations allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Five Star Restaurant Reservations: from n/a through 2.7.14.