CWE-862
Missing Authorization
Description
The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-665
CVEs mapped to this weakness (5,549)
page 34 of 278| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-64222 | Hig | 0.49 | 7.5 | 0.00 | Dec 18, 2025 | Missing Authorization vulnerability in FantasticPlugins WooCommerce Recover Abandoned Cart rac allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WooCommerce Recover Abandoned Cart: from n/a through <= 24.6.0. | ||
| CVE-2025-64214 | Hig | 0.49 | 7.5 | 0.00 | Dec 18, 2025 | Missing Authorization vulnerability in StylemixThemes MasterStudy LMS Pro masterstudy-lms-learning-management-system-pro allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects MasterStudy LMS Pro: from n/a through < 4.7.16. | ||
| CVE-2025-64209 | Hig | 0.49 | 7.5 | 0.00 | Dec 18, 2025 | Missing Authorization vulnerability in StylemixThemes Masterstudy masterstudy allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Masterstudy: from n/a through < 4.8.122. | ||
| CVE-2025-60086 | Hig | 0.49 | 7.5 | 0.00 | Dec 18, 2025 | Missing Authorization vulnerability in Matt WP Voting Contest wp-voting-contest allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Voting Contest: from n/a through <= 5.8. | ||
| CVE-2025-60077 | Hig | 0.49 | 7.5 | 0.00 | Dec 18, 2025 | Missing Authorization vulnerability in YayCommerce YayPricing yaypricing allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects YayPricing: from n/a through <= 3.5.3. | ||
| CVE-2025-60045 | Hig | 0.49 | 7.5 | 0.00 | Dec 18, 2025 | Missing Authorization vulnerability in ThemeAtelier IDonatePro idonate-pro allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects IDonatePro: from n/a through <= 2.1.11. | ||
| CVE-2025-58938 | Hig | 0.49 | 7.5 | 0.00 | Dec 18, 2025 | Missing Authorization vulnerability in ThemeAtelier IDonatePro idonate-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects IDonatePro: from n/a through <= 2.1.9. | ||
| CVE-2025-58877 | Hig | 0.49 | 7.5 | 0.00 | Dec 18, 2025 | Missing Authorization vulnerability in javothemes Javo Core javo-core allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Javo Core: from n/a through <= 3.0.0.529. | ||
| CVE-2025-13384 | Hig | 0.49 | 7.5 | 0.00 | Nov 22, 2025 | The CP Contact Form with PayPal plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.3.56. This is due to the plugin exposing an unauthenticated IPN-like endpoint (via the 'cp_contactformpp_ipncheck' query parameter) that processes… | ||
| CVE-2025-12955 | Hig | 0.49 | 7.5 | 0.00 | Nov 18, 2025 | The Live sales notification for WooCommerce plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 2.3.39. This is due to the "getOrders" function lacking proper authorization and capability checks when the plugin is configured to… | ||
| CVE-2025-58629 | Hig | 0.49 | 7.5 | 0.00 | Nov 6, 2025 | Missing Authorization vulnerability in kamleshyadav Miraculous miraculous allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Miraculous: from n/a through < 2.0.9. | ||
| CVE-2025-11890 | Hig | 0.49 | 7.5 | 0.00 | Nov 4, 2025 | The Crypto Payment Gateway with Payeer for WooCommerce plugin for WordPress is vulnerable to payment bypass in all versions up to, and including, 1.0.3. This is due to the plugin not properly verifying a payments status through server-side validation though the… | ||
| CVE-2025-62022 | Hig | 0.49 | 7.5 | 0.00 | Oct 22, 2025 | Missing Authorization vulnerability in BuddyPress BuddyPress buddypress.This issue affects BuddyPress: from n/a through <= 14.3.4. | ||
| CVE-2025-49925 | Hig | 0.49 | 7.5 | 0.00 | Oct 22, 2025 | Missing Authorization vulnerability in VibeThemes WPLMS wplms_plugin allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WPLMS: from n/a through <= 1.9.9.7. | ||
| CVE-2025-30944 | Hig | 0.49 | 7.5 | 0.00 | Oct 22, 2025 | Missing Authorization vulnerability in Essekia Tablesome Table Premium tablesome-premium allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Tablesome Table Premium: from n/a through <= 1.1.23. | ||
| CVE-2025-33182 | Hig | 0.49 | 7.6 | 0.00 | Oct 14, 2025 | NVIDIA Jetson Linux contains a vulnerability in UEFI, where improper authentication may allow a privileged user to cause corruption of the Linux Device Tree. A successful exploitation of this vulnerability might lead to data tampering, denial of service. | ||
| CVE-2025-59011 | Hig | 0.49 | 7.5 | 0.00 | Sep 26, 2025 | Missing Authorization vulnerability in shinetheme Traveler traveler allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Traveler: from n/a through < 3.2.3. | ||
| CVE-2025-53230 | Hig | 0.49 | 7.6 | 0.00 | Aug 28, 2025 | Missing Authorization vulnerability in honzat Page Manager for Elementor page-manager-for-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Page Manager for Elementor: from n/a through <= 2.0.5. | ||
| CVE-2025-54692 | Hig | 0.49 | 7.5 | 0.00 | Aug 14, 2025 | Missing Authorization vulnerability in WP Swings Membership For WooCommerce membership-for-woocommerce allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Membership For WooCommerce: from n/a through <= 2.9.0. | ||
| CVE-2025-54679 | Hig | 0.49 | 7.5 | 0.00 | Aug 14, 2025 | Missing Authorization vulnerability in vertim Neon Channel Product Customizer Free neon-channel-product-customizer-free allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Neon Channel Product Customizer Free: from n/a through <= 2.0. |
- risk 0.49cvss 7.5epss 0.00
Missing Authorization vulnerability in FantasticPlugins WooCommerce Recover Abandoned Cart rac allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WooCommerce Recover Abandoned Cart: from n/a through <= 24.6.0.
- risk 0.49cvss 7.5epss 0.00
Missing Authorization vulnerability in StylemixThemes MasterStudy LMS Pro masterstudy-lms-learning-management-system-pro allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects MasterStudy LMS Pro: from n/a through < 4.7.16.
- risk 0.49cvss 7.5epss 0.00
Missing Authorization vulnerability in StylemixThemes Masterstudy masterstudy allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Masterstudy: from n/a through < 4.8.122.
- risk 0.49cvss 7.5epss 0.00
Missing Authorization vulnerability in Matt WP Voting Contest wp-voting-contest allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Voting Contest: from n/a through <= 5.8.
- risk 0.49cvss 7.5epss 0.00
Missing Authorization vulnerability in YayCommerce YayPricing yaypricing allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects YayPricing: from n/a through <= 3.5.3.
- risk 0.49cvss 7.5epss 0.00
Missing Authorization vulnerability in ThemeAtelier IDonatePro idonate-pro allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects IDonatePro: from n/a through <= 2.1.11.
- risk 0.49cvss 7.5epss 0.00
Missing Authorization vulnerability in ThemeAtelier IDonatePro idonate-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects IDonatePro: from n/a through <= 2.1.9.
- risk 0.49cvss 7.5epss 0.00
Missing Authorization vulnerability in javothemes Javo Core javo-core allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Javo Core: from n/a through <= 3.0.0.529.
- risk 0.49cvss 7.5epss 0.00
The CP Contact Form with PayPal plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.3.56. This is due to the plugin exposing an unauthenticated IPN-like endpoint (via the 'cp_contactformpp_ipncheck' query parameter) that processes…
- risk 0.49cvss 7.5epss 0.00
The Live sales notification for WooCommerce plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 2.3.39. This is due to the "getOrders" function lacking proper authorization and capability checks when the plugin is configured to…
- risk 0.49cvss 7.5epss 0.00
Missing Authorization vulnerability in kamleshyadav Miraculous miraculous allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Miraculous: from n/a through < 2.0.9.
- risk 0.49cvss 7.5epss 0.00
The Crypto Payment Gateway with Payeer for WooCommerce plugin for WordPress is vulnerable to payment bypass in all versions up to, and including, 1.0.3. This is due to the plugin not properly verifying a payments status through server-side validation though the…
- risk 0.49cvss 7.5epss 0.00
Missing Authorization vulnerability in BuddyPress BuddyPress buddypress.This issue affects BuddyPress: from n/a through <= 14.3.4.
- risk 0.49cvss 7.5epss 0.00
Missing Authorization vulnerability in VibeThemes WPLMS wplms_plugin allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WPLMS: from n/a through <= 1.9.9.7.
- risk 0.49cvss 7.5epss 0.00
Missing Authorization vulnerability in Essekia Tablesome Table Premium tablesome-premium allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Tablesome Table Premium: from n/a through <= 1.1.23.
- risk 0.49cvss 7.6epss 0.00
NVIDIA Jetson Linux contains a vulnerability in UEFI, where improper authentication may allow a privileged user to cause corruption of the Linux Device Tree. A successful exploitation of this vulnerability might lead to data tampering, denial of service.
- risk 0.49cvss 7.5epss 0.00
Missing Authorization vulnerability in shinetheme Traveler traveler allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Traveler: from n/a through < 3.2.3.
- risk 0.49cvss 7.6epss 0.00
Missing Authorization vulnerability in honzat Page Manager for Elementor page-manager-for-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Page Manager for Elementor: from n/a through <= 2.0.5.
- risk 0.49cvss 7.5epss 0.00
Missing Authorization vulnerability in WP Swings Membership For WooCommerce membership-for-woocommerce allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Membership For WooCommerce: from n/a through <= 2.9.0.
- risk 0.49cvss 7.5epss 0.00
Missing Authorization vulnerability in vertim Neon Channel Product Customizer Free neon-channel-product-customizer-free allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Neon Channel Product Customizer Free: from n/a through <= 2.0.