CWE-862
Missing Authorization
Description
The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-665
CVEs mapped to this weakness (5,549)
page 33 of 278| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-68058 | Hig | 0.49 | 7.6 | 0.00 | Jan 22, 2026 | Missing Authorization vulnerability in e-plugins Institutions Directory institutions-directory allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Institutions Directory: from n/a through <= 1.3..4. | ||
| CVE-2025-68057 | Hig | 0.49 | 7.6 | 0.00 | Jan 22, 2026 | Missing Authorization vulnerability in e-plugins Hospital Doctor Directory hospital-doctor-directory allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Hospital Doctor Directory: from n/a through <= 1.3.9. | ||
| CVE-2025-67967 | Hig | 0.49 | 7.6 | 0.00 | Jan 22, 2026 | Missing Authorization vulnerability in e-plugins Lawyer Directory lawyer-directory allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Lawyer Directory: from n/a through <= 1.3.3. | ||
| CVE-2025-22715 | Hig | 0.49 | 7.5 | 0.00 | Jan 8, 2026 | Missing Authorization vulnerability in loopus WP Attractive Donations System - Easy Stripe & Paypal donations WP_AttractiveDonationsSystem allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Attractive Donations System - Easy Stripe &… | ||
| CVE-2025-14360 | Hig | 0.49 | 7.5 | 0.00 | Jan 8, 2026 | Missing Authorization vulnerability in Kaira Blockons blockons allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Blockons: from n/a through <= 1.2.19. | ||
| CVE-2025-14358 | Hig | 0.49 | 7.5 | 0.00 | Jan 8, 2026 | Missing Authorization vulnerability in sizam REHub Framework rehub-framework allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects REHub Framework: from n/a through <= 19.9.5. | ||
| CVE-2025-13493 | Hig | 0.49 | 7.5 | 0.00 | Jan 7, 2026 | The Latest Registered Users plugin for WordPress is vulnerable to unauthorized user data export in all versions up to, and including, 1.4. This is due to missing authorization and nonce validation in the rnd_handle_form_submit function hooked to both admin_post_my_simple_form… | ||
| CVE-2025-11877 | Hig | 0.49 | 7.5 | 0.00 | Jan 7, 2026 | The User Activity Log plugin is vulnerable to a limited options update in versions up to, and including, 2.2. The failed-login handler 'ual_shook_wp_login_failed' lacks a capability check and writes failed usernames directly into update_option() calls. This makes it possible for… | ||
| CVE-2025-46255 | Hig | 0.49 | 7.5 | 0.00 | Jan 5, 2026 | Missing Authorization vulnerability in Marketing Fire LLC LoginWP - Pro allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects LoginWP - Pro: from n/a through 4.0.8.5. | ||
| CVE-2025-68850 | Hig | 0.49 | 7.5 | 0.00 | Jan 5, 2026 | Missing Authorization vulnerability in codepeople Sell Downloads sell-downloads allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sell Downloads: from n/a through <= 1.1.12. | ||
| CVE-2025-68547 | Hig | 0.49 | 7.5 | 0.00 | Jan 5, 2026 | Missing Authorization vulnerability in wpweb Follow My Blog Post follow-my-blog-post allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Follow My Blog Post: from n/a through <= 2.4.0. | ||
| CVE-2025-68036 | Hig | 0.49 | 7.5 | 0.00 | Dec 30, 2025 | Missing Authorization vulnerability in Imran Tauqeer CubeWP cubewp-framework allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects CubeWP: from n/a through <= 1.1.27. | ||
| CVE-2025-68608 | Hig | 0.49 | 7.5 | 0.00 | Dec 24, 2025 | Missing Authorization vulnerability in DeluxeThemes Userpro userpro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Userpro: from n/a through <= 5.1.9. | ||
| CVE-2024-24844 | Hig | 0.49 | 7.5 | 0.00 | Dec 23, 2025 | Missing Authorization vulnerability in IdeaBox Creations PowerPack Pro for Elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PowerPack Pro for Elementor: from n/a through 2.10.6. | ||
| CVE-2025-7782 | Hig | 0.49 | 7.6 | 0.00 | Dec 20, 2025 | The WP JobHunt plugin for WordPress, used by the JobCareer theme, is vulnerable to unauthorized modification of data due to a missing capability check on the 'cs_update_application_status_callback' function in all versions up to, and including, 7.7. This makes it possible for… | ||
| CVE-2025-66117 | Hig | 0.49 | 7.5 | 0.00 | Dec 18, 2025 | Missing Authorization vulnerability in Ays Pro Easy Form easy-form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Form: from n/a through <= 2.7.8. | ||
| CVE-2025-66088 | Hig | 0.49 | 7.5 | 0.00 | Dec 18, 2025 | Missing Authorization vulnerability in Property Hive PropertyHive propertyhive allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PropertyHive: from n/a through <= 2.1.12. | ||
| CVE-2025-66070 | Hig | 0.49 | 7.5 | 0.00 | Dec 18, 2025 | Missing Authorization vulnerability in Tomdever wpForo Forum wpforo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects wpForo Forum: from n/a through <= 2.4.10. | ||
| CVE-2025-66054 | Hig | 0.49 | 7.5 | 0.00 | Dec 18, 2025 | Missing Authorization vulnerability in ThimPress LearnPress learnpress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LearnPress: from n/a through <= 4.2.9.4. | ||
| CVE-2025-64268 | Hig | 0.49 | 7.5 | 0.00 | Dec 18, 2025 | Missing Authorization vulnerability in Arraytics Timetics timetics allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Timetics: from n/a through <= 1.0.44. |
- risk 0.49cvss 7.6epss 0.00
Missing Authorization vulnerability in e-plugins Institutions Directory institutions-directory allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Institutions Directory: from n/a through <= 1.3..4.
- risk 0.49cvss 7.6epss 0.00
Missing Authorization vulnerability in e-plugins Hospital Doctor Directory hospital-doctor-directory allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Hospital Doctor Directory: from n/a through <= 1.3.9.
- risk 0.49cvss 7.6epss 0.00
Missing Authorization vulnerability in e-plugins Lawyer Directory lawyer-directory allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Lawyer Directory: from n/a through <= 1.3.3.
- risk 0.49cvss 7.5epss 0.00
Missing Authorization vulnerability in loopus WP Attractive Donations System - Easy Stripe & Paypal donations WP_AttractiveDonationsSystem allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Attractive Donations System - Easy Stripe &…
- risk 0.49cvss 7.5epss 0.00
Missing Authorization vulnerability in Kaira Blockons blockons allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Blockons: from n/a through <= 1.2.19.
- risk 0.49cvss 7.5epss 0.00
Missing Authorization vulnerability in sizam REHub Framework rehub-framework allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects REHub Framework: from n/a through <= 19.9.5.
- risk 0.49cvss 7.5epss 0.00
The Latest Registered Users plugin for WordPress is vulnerable to unauthorized user data export in all versions up to, and including, 1.4. This is due to missing authorization and nonce validation in the rnd_handle_form_submit function hooked to both admin_post_my_simple_form…
- risk 0.49cvss 7.5epss 0.00
The User Activity Log plugin is vulnerable to a limited options update in versions up to, and including, 2.2. The failed-login handler 'ual_shook_wp_login_failed' lacks a capability check and writes failed usernames directly into update_option() calls. This makes it possible for…
- risk 0.49cvss 7.5epss 0.00
Missing Authorization vulnerability in Marketing Fire LLC LoginWP - Pro allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects LoginWP - Pro: from n/a through 4.0.8.5.
- risk 0.49cvss 7.5epss 0.00
Missing Authorization vulnerability in codepeople Sell Downloads sell-downloads allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sell Downloads: from n/a through <= 1.1.12.
- risk 0.49cvss 7.5epss 0.00
Missing Authorization vulnerability in wpweb Follow My Blog Post follow-my-blog-post allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Follow My Blog Post: from n/a through <= 2.4.0.
- risk 0.49cvss 7.5epss 0.00
Missing Authorization vulnerability in Imran Tauqeer CubeWP cubewp-framework allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects CubeWP: from n/a through <= 1.1.27.
- risk 0.49cvss 7.5epss 0.00
Missing Authorization vulnerability in DeluxeThemes Userpro userpro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Userpro: from n/a through <= 5.1.9.
- risk 0.49cvss 7.5epss 0.00
Missing Authorization vulnerability in IdeaBox Creations PowerPack Pro for Elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PowerPack Pro for Elementor: from n/a through 2.10.6.
- risk 0.49cvss 7.6epss 0.00
The WP JobHunt plugin for WordPress, used by the JobCareer theme, is vulnerable to unauthorized modification of data due to a missing capability check on the 'cs_update_application_status_callback' function in all versions up to, and including, 7.7. This makes it possible for…
- risk 0.49cvss 7.5epss 0.00
Missing Authorization vulnerability in Ays Pro Easy Form easy-form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Form: from n/a through <= 2.7.8.
- risk 0.49cvss 7.5epss 0.00
Missing Authorization vulnerability in Property Hive PropertyHive propertyhive allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PropertyHive: from n/a through <= 2.1.12.
- risk 0.49cvss 7.5epss 0.00
Missing Authorization vulnerability in Tomdever wpForo Forum wpforo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects wpForo Forum: from n/a through <= 2.4.10.
- risk 0.49cvss 7.5epss 0.00
Missing Authorization vulnerability in ThimPress LearnPress learnpress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LearnPress: from n/a through <= 4.2.9.4.
- risk 0.49cvss 7.5epss 0.00
Missing Authorization vulnerability in Arraytics Timetics timetics allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Timetics: from n/a through <= 1.0.44.