CWE-862

Missing Authorization

ClassIncompleteLikelihood: High

Description

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

Hierarchy (View 1000)

Parents

CWE-285

Children

Related attack patterns (CAPEC)

CAPEC-665

CVEs mapped to this weakness (4,561)

page 31 of 229

CVE	Sev	Risk	CVSS	EPSS	Published	Description
CVE-2024-56008	Hig	0.49	7.5	0.00	Dec 18, 2024	Missing Authorization vulnerability in spreadr Spreadr Woocommerce spreadr-for-woocomerce allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Spreadr Woocommerce: from n/a through <= 1.0.4.
CVE-2023-39920	Hig	0.49	7.5	0.01	Dec 13, 2024	Missing Authorization vulnerability in Themeisle Redirection for Contact Form 7 wpcf7-redirect allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Redirection for Contact Form 7: from n/a through <= 2.9.2.
CVE-2023-35037	Hig	0.49	7.6	0.00	Dec 13, 2024	Missing Authorization vulnerability in Surfer Surfer surferseo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Surfer: from n/a through <= 1.3.2.357.
CVE-2023-32585	Hig	0.49	7.5	0.00	Dec 13, 2024	Missing Authorization vulnerability in Total-Soft Portfolio Gallery – Responsive Image Gallery allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Portfolio Gallery – Responsive Image Gallery: from n/a through 1.4.6.
CVE-2023-32520	Hig	0.49	7.5	0.01	Dec 13, 2024	Missing Authorization vulnerability in Webcodin WCP Contact Form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WCP Contact Form: from n/a through 3.1.0.
CVE-2023-30490	Hig	0.49	7.5	0.00	Dec 13, 2024	Missing Authorization vulnerability in Matthew Ruddy Easing Slider allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easing Slider : from n/a through 3.0.8.
CVE-2023-25988	Hig	0.49	7.5	0.00	Dec 13, 2024	Missing Authorization vulnerability in Video Gallery by Total-Soft Video Gallery – YouTube Gallery allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Video Gallery – YouTube Gallery: from n/a through 1.7.6.
CVE-2023-49831	Hig	0.49	7.5	0.00	Dec 9, 2024	Missing Authorization vulnerability in Metagauss RegistrationMagic custom-registration-form-builder-with-submission-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects RegistrationMagic: from n/a through <= 5.2.3.0.
CVE-2023-25714	Hig	0.49	7.5	0.01	Dec 9, 2024	Missing Authorization vulnerability in Fullworks Quick Paypal Payments allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Quick Paypal Payments: from n/a through 5.7.25.
CVE-2023-22701	Hig	0.49	7.5	0.00	Dec 9, 2024	Missing Authorization vulnerability in Shopfiles Ltd Ebook Store allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ebook Store: from n/a through 5.775.
CVE-2024-53805	Hig	0.49	7.5	0.00	Dec 6, 2024	Missing Authorization vulnerability in brandtoss WP Mailster wp-mailster allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Mailster: from n/a through <= 1.8.16.0.
CVE-2024-10567	Hig	0.49	7.5	0.00	Dec 4, 2024	The TI WooCommerce Wishlist plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wizard' function in all versions up to, and including, 2.9.1. This makes it possible for unauthenticated attackers to create new pages, modify plugin settings, and perform limited options updates.
CVE-2024-53605	Hig	0.49	7.5	0.00	Dec 2, 2024	Incorrect access control in the component content://com.handcent.messaging.provider.MessageProvider/ of Handcent NextSMS v10.9.9.7 allows attackers to access sensitive data.
CVE-2024-0122	Hig	0.49	7.6	0.00	Nov 23, 2024	NVIDIA Delegated Licensing Service for all appliance platforms contains a vulnerability where an attacker may cause an unauthorized action. A successful exploit of this vulnerability may lead to partial denial of service and confidential information disclosure.
CVE-2024-52383	Hig	0.49	7.5	0.00	Nov 14, 2024	Missing Authorization vulnerability in aitool Ai Auto Tool Content Writing Assistant (Gemini Writer, ChatGPT ) All in One ai-auto-tool allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ai Auto Tool Content Writing Assistant (Gemini Writer, ChatGPT ) All in One: from n/a through <= 2.1.2.
CVE-2024-43212	Hig	0.49	7.5	0.00	Nov 1, 2024	Missing Authorization vulnerability in MagePeople Team WpTravelly allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WpTravelly: from n/a through 1.7.7.
CVE-2024-43158	Hig	0.49	7.5	0.01	Nov 1, 2024	Missing Authorization vulnerability in masteriyo Masteriyo - LMS learning-management-system.This issue affects Masteriyo - LMS: from n/a through <= 1.11.4.
CVE-2024-38726	Hig	0.49	7.5	0.00	Nov 1, 2024	Missing Authorization vulnerability in PickPlugins Product Designer allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Product Designer: from n/a through 1.0.33.
CVE-2024-38699	Hig	0.49	7.5	0.01	Aug 13, 2024	Missing Authorization vulnerability in WP Swings Wallet System for WooCommerce allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Wallet System for WooCommerce: from n/a through 2.5.13.
CVE-2024-37935	Hig	0.49	7.5	0.01	Aug 13, 2024	Missing Authorization vulnerability in anhvnit Woocommerce OpenPos allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Woocommerce OpenPos: from n/a through 6.4.4.

CVE-2024-56008HigDec 18, 2024
risk 0.49cvss 7.5epss 0.00
Missing Authorization vulnerability in spreadr Spreadr Woocommerce spreadr-for-woocomerce allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Spreadr Woocommerce: from n/a through <= 1.0.4.
CVE-2023-39920HigDec 13, 2024
risk 0.49cvss 7.5epss 0.01
Missing Authorization vulnerability in Themeisle Redirection for Contact Form 7 wpcf7-redirect allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Redirection for Contact Form 7: from n/a through <= 2.9.2.
CVE-2023-35037HigDec 13, 2024
risk 0.49cvss 7.6epss 0.00
Missing Authorization vulnerability in Surfer Surfer surferseo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Surfer: from n/a through <= 1.3.2.357.
CVE-2023-32585HigDec 13, 2024
risk 0.49cvss 7.5epss 0.00
Missing Authorization vulnerability in Total-Soft Portfolio Gallery – Responsive Image Gallery allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Portfolio Gallery – Responsive Image Gallery: from n/a through 1.4.6.
CVE-2023-32520HigDec 13, 2024
risk 0.49cvss 7.5epss 0.01
Missing Authorization vulnerability in Webcodin WCP Contact Form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WCP Contact Form: from n/a through 3.1.0.
CVE-2023-30490HigDec 13, 2024
risk 0.49cvss 7.5epss 0.00
Missing Authorization vulnerability in Matthew Ruddy Easing Slider allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easing Slider : from n/a through 3.0.8.
CVE-2023-25988HigDec 13, 2024
risk 0.49cvss 7.5epss 0.00
Missing Authorization vulnerability in Video Gallery by Total-Soft Video Gallery – YouTube Gallery allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Video Gallery – YouTube Gallery: from n/a through 1.7.6.
CVE-2023-49831HigDec 9, 2024
risk 0.49cvss 7.5epss 0.00
Missing Authorization vulnerability in Metagauss RegistrationMagic custom-registration-form-builder-with-submission-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects RegistrationMagic: from n/a through <= 5.2.3.0.
CVE-2023-25714HigDec 9, 2024
risk 0.49cvss 7.5epss 0.01
Missing Authorization vulnerability in Fullworks Quick Paypal Payments allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Quick Paypal Payments: from n/a through 5.7.25.
CVE-2023-22701HigDec 9, 2024
risk 0.49cvss 7.5epss 0.00
Missing Authorization vulnerability in Shopfiles Ltd Ebook Store allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ebook Store: from n/a through 5.775.
CVE-2024-53805HigDec 6, 2024
risk 0.49cvss 7.5epss 0.00
Missing Authorization vulnerability in brandtoss WP Mailster wp-mailster allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Mailster: from n/a through <= 1.8.16.0.
CVE-2024-10567HigDec 4, 2024
risk 0.49cvss 7.5epss 0.00
The TI WooCommerce Wishlist plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wizard' function in all versions up to, and including, 2.9.1. This makes it possible for unauthenticated attackers to create new pages, modify plugin settings, and perform limited options updates.
CVE-2024-53605HigDec 2, 2024
risk 0.49cvss 7.5epss 0.00
Incorrect access control in the component content://com.handcent.messaging.provider.MessageProvider/ of Handcent NextSMS v10.9.9.7 allows attackers to access sensitive data.
CVE-2024-0122HigNov 23, 2024
risk 0.49cvss 7.6epss 0.00
NVIDIA Delegated Licensing Service for all appliance platforms contains a vulnerability where an attacker may cause an unauthorized action. A successful exploit of this vulnerability may lead to partial denial of service and confidential information disclosure.
CVE-2024-52383HigNov 14, 2024
risk 0.49cvss 7.5epss 0.00
Missing Authorization vulnerability in aitool Ai Auto Tool Content Writing Assistant (Gemini Writer, ChatGPT ) All in One ai-auto-tool allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ai Auto Tool Content Writing Assistant (Gemini Writer, ChatGPT ) All in One: from n/a through <= 2.1.2.
CVE-2024-43212HigNov 1, 2024
risk 0.49cvss 7.5epss 0.00
Missing Authorization vulnerability in MagePeople Team WpTravelly allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WpTravelly: from n/a through 1.7.7.
CVE-2024-43158HigNov 1, 2024
risk 0.49cvss 7.5epss 0.01
Missing Authorization vulnerability in masteriyo Masteriyo - LMS learning-management-system.This issue affects Masteriyo - LMS: from n/a through <= 1.11.4.
CVE-2024-38726HigNov 1, 2024
risk 0.49cvss 7.5epss 0.00
Missing Authorization vulnerability in PickPlugins Product Designer allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Product Designer: from n/a through 1.0.33.
CVE-2024-38699HigAug 13, 2024
risk 0.49cvss 7.5epss 0.01
Missing Authorization vulnerability in WP Swings Wallet System for WooCommerce allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Wallet System for WooCommerce: from n/a through 2.5.13.
CVE-2024-37935HigAug 13, 2024
risk 0.49cvss 7.5epss 0.01
Missing Authorization vulnerability in anhvnit Woocommerce OpenPos allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Woocommerce OpenPos: from n/a through 6.4.4.