CWE-862

Missing Authorization

ClassIncompleteLikelihood: High

Description

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

Hierarchy (View 1000)

Parents

CWE-285

Children

Related attack patterns (CAPEC)

CAPEC-665

CVEs mapped to this weakness (4,561)

page 30 of 229

CVE	Sev	Risk	CVSS	Published	Description
CVE-2025-31909	Hig	0.49	7.5	Apr 3, 2025	Missing Authorization vulnerability in Apptivo Apptivo Business Site CRM apptivo-business-site allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Apptivo Business Site CRM: from n/a through <= 5.3.
CVE-2025-31580	Hig	0.49	7.5	Apr 1, 2025	Missing Authorization vulnerability in Anzar Ahmed Ni WooCommerce Product Enquiry ni-woocommerce-product-enquiry allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Ni WooCommerce Product Enquiry: from n/a through <= 4.1.8.
CVE-2025-31415	Hig	0.49	7.6	Apr 1, 2025	Missing Authorization vulnerability in YayCommerce YayExtra yayextra allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects YayExtra: from n/a through <= 1.5.2.
CVE-2025-30880	Hig	0.49	7.5	Apr 1, 2025	Missing Authorization vulnerability in JoomSky JS Help Desk js-support-ticket allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JS Help Desk: from n/a through <= 2.9.2.
CVE-2025-30797	Hig	0.49	7.5	Apr 1, 2025	Missing Authorization vulnerability in bigdrop.gr Greek Multi Tool – Fix peralinks, accents, auto create menus and more greek-multi-tool allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Greek Multi Tool – Fix peralinks, accents, auto create menus and more: from n/a through <= 2.3.1.
CVE-2025-30855	Hig	0.49	7.5	Mar 31, 2025	Missing Authorization vulnerability in Ads by WPQuads Ads by WPQuads quick-adsense-reloaded allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ads by WPQuads: from n/a through <= 2.0.87.1.
CVE-2025-26956	Hig	0.49	7.6	Mar 27, 2025	Missing Authorization vulnerability in shinetheme Traveler traveler.This issue affects Traveler: from n/a through < 3.2.1.
CVE-2024-13412	Hig	0.49	7.5	Mar 19, 2025	The CozyStay theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_handler function in all versions up to, and including, 1.7.0. This makes it possible for unauthenticated attackers to execute arbitrary actions.
CVE-2025-30107	Hig	0.49	7.5	Mar 18, 2025	On IROAD V9 devices, Managing Settings and Obtaining Sensitive Data and Sabotaging the Car Battery can be performed by unauthorized parties. A vulnerability in the dashcam's configuration management allows unauthorized users to modify settings, disable critical functions, and turn off battery protection, potentially causing physical damage to the vehicle.
CVE-2025-22280	Hig	0.49	7.6	Feb 27, 2025	Missing Authorization vulnerability in revmakx DefendWP Firewall defend-wp-firewall allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects DefendWP Firewall: from n/a through <= 1.1.0.
CVE-2024-13468	Hig	0.49	7.5	Feb 19, 2025	The Trash Duplicate and 301 Redirect plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'duplicates-action-top' action in all versions up to, and including, 1.9. This makes it possible for unauthenticated attackers to delete arbitrary posts/pages.
CVE-2025-22657	Hig	0.49	7.5	Feb 18, 2025	Missing Authorization vulnerability in Vito Peleg Atarim atarim-visual-collaboration allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Atarim: from n/a through <= 4.0.9.
CVE-2024-12269	Hig	0.49	7.5	Jan 30, 2025	The Safe Ai Malware Protection for WP plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the export_db() function in all versions up to, and including, 1.0.17. This makes it possible for unauthenticated attackers to retrieve a complete dump of the site's database.
CVE-2025-23512	Hig	0.49	7.5	Jan 22, 2025	Missing Authorization vulnerability in 118group Team 118GROUP Agent team-118group-agent allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Team 118GROUP Agent: from n/a through <= 1.6.0.
CVE-2025-22717	Hig	0.49	7.5	Jan 21, 2025	Missing Authorization vulnerability in Joe Dolson My Tickets my-tickets allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects My Tickets: from n/a through <= 2.0.9.
CVE-2025-22318	Hig	0.49	7.5	Jan 21, 2025	Missing Authorization vulnerability in enituretechnology Standard Box Sizes – for WooCommerce standard-box-sizes.This issue affects Standard Box Sizes – for WooCommerce: from n/a through <= 1.6.13.
CVE-2025-22592	Hig	0.49	7.5	Jan 7, 2025	Missing Authorization vulnerability in 8blocks 1003 Mortgage Application 1003-mortgage-application allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects 1003 Mortgage Application: from n/a through <= 1.87.
CVE-2023-47693	Hig	0.49	7.5	Jan 2, 2025	Missing Authorization vulnerability in Themefic Ultimate Addons for Contact Form 7 ultimate-addons-for-contact-form-7 allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ultimate Addons for Contact Form 7: from n/a through <= 3.2.6.
CVE-2023-47648	Hig	0.49	7.5	Jan 2, 2025	Missing Authorization vulnerability in Spider Themes EazyDocs eazydocs allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects EazyDocs: from n/a through <= 2.3.5.
CVE-2023-47224	Hig	0.49	7.5	Jan 2, 2025	Missing Authorization vulnerability in WP Travel WP Travel wp-travel allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Travel: from n/a through <= 7.8.0.

CVE-2025-31909HigApr 3, 2025
risk 0.49cvss 7.5epss 0.00
Missing Authorization vulnerability in Apptivo Apptivo Business Site CRM apptivo-business-site allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Apptivo Business Site CRM: from n/a through <= 5.3.
CVE-2025-31580HigApr 1, 2025
risk 0.49cvss 7.5epss 0.00
Missing Authorization vulnerability in Anzar Ahmed Ni WooCommerce Product Enquiry ni-woocommerce-product-enquiry allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Ni WooCommerce Product Enquiry: from n/a through <= 4.1.8.
CVE-2025-31415HigApr 1, 2025
risk 0.49cvss 7.6epss 0.00
Missing Authorization vulnerability in YayCommerce YayExtra yayextra allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects YayExtra: from n/a through <= 1.5.2.
CVE-2025-30880HigApr 1, 2025
risk 0.49cvss 7.5epss 0.00
Missing Authorization vulnerability in JoomSky JS Help Desk js-support-ticket allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JS Help Desk: from n/a through <= 2.9.2.
CVE-2025-30797HigApr 1, 2025
risk 0.49cvss 7.5epss 0.00
Missing Authorization vulnerability in bigdrop.gr Greek Multi Tool – Fix peralinks, accents, auto create menus and more greek-multi-tool allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Greek Multi Tool – Fix peralinks, accents, auto create menus and more: from n/a through <= 2.3.1.
CVE-2025-30855HigMar 31, 2025
risk 0.49cvss 7.5epss 0.00
Missing Authorization vulnerability in Ads by WPQuads Ads by WPQuads quick-adsense-reloaded allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ads by WPQuads: from n/a through <= 2.0.87.1.
CVE-2025-26956HigMar 27, 2025
risk 0.49cvss 7.6epss 0.00
Missing Authorization vulnerability in shinetheme Traveler traveler.This issue affects Traveler: from n/a through < 3.2.1.
CVE-2024-13412HigMar 19, 2025
risk 0.49cvss 7.5epss 0.00
The CozyStay theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_handler function in all versions up to, and including, 1.7.0. This makes it possible for unauthenticated attackers to execute arbitrary actions.
CVE-2025-30107HigMar 18, 2025
risk 0.49cvss 7.5epss 0.00
On IROAD V9 devices, Managing Settings and Obtaining Sensitive Data and Sabotaging the Car Battery can be performed by unauthorized parties. A vulnerability in the dashcam's configuration management allows unauthorized users to modify settings, disable critical functions, and turn off battery protection, potentially causing physical damage to the vehicle.
CVE-2025-22280HigFeb 27, 2025
risk 0.49cvss 7.6epss 0.00
Missing Authorization vulnerability in revmakx DefendWP Firewall defend-wp-firewall allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects DefendWP Firewall: from n/a through <= 1.1.0.
CVE-2024-13468HigFeb 19, 2025
risk 0.49cvss 7.5epss 0.00
The Trash Duplicate and 301 Redirect plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'duplicates-action-top' action in all versions up to, and including, 1.9. This makes it possible for unauthenticated attackers to delete arbitrary posts/pages.
CVE-2025-22657HigFeb 18, 2025
risk 0.49cvss 7.5epss 0.00
Missing Authorization vulnerability in Vito Peleg Atarim atarim-visual-collaboration allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Atarim: from n/a through <= 4.0.9.
CVE-2024-12269HigJan 30, 2025
risk 0.49cvss 7.5epss 0.00
The Safe Ai Malware Protection for WP plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the export_db() function in all versions up to, and including, 1.0.17. This makes it possible for unauthenticated attackers to retrieve a complete dump of the site's database.
CVE-2025-23512HigJan 22, 2025
risk 0.49cvss 7.5epss 0.00
Missing Authorization vulnerability in 118group Team 118GROUP Agent team-118group-agent allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Team 118GROUP Agent: from n/a through <= 1.6.0.
CVE-2025-22717HigJan 21, 2025
risk 0.49cvss 7.5epss 0.00
Missing Authorization vulnerability in Joe Dolson My Tickets my-tickets allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects My Tickets: from n/a through <= 2.0.9.
CVE-2025-22318HigJan 21, 2025
risk 0.49cvss 7.5epss 0.00
Missing Authorization vulnerability in enituretechnology Standard Box Sizes – for WooCommerce standard-box-sizes.This issue affects Standard Box Sizes – for WooCommerce: from n/a through <= 1.6.13.
CVE-2025-22592HigJan 7, 2025
risk 0.49cvss 7.5epss 0.00
Missing Authorization vulnerability in 8blocks 1003 Mortgage Application 1003-mortgage-application allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects 1003 Mortgage Application: from n/a through <= 1.87.
CVE-2023-47693HigJan 2, 2025
risk 0.49cvss 7.5epss 0.00
Missing Authorization vulnerability in Themefic Ultimate Addons for Contact Form 7 ultimate-addons-for-contact-form-7 allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ultimate Addons for Contact Form 7: from n/a through <= 3.2.6.
CVE-2023-47648HigJan 2, 2025
risk 0.49cvss 7.5epss 0.00
Missing Authorization vulnerability in Spider Themes EazyDocs eazydocs allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects EazyDocs: from n/a through <= 2.3.5.
CVE-2023-47224HigJan 2, 2025
risk 0.49cvss 7.5epss 0.00
Missing Authorization vulnerability in WP Travel WP Travel wp-travel allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Travel: from n/a through <= 7.8.0.