CWE-862
Missing Authorization
Description
The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-665
CVEs mapped to this weakness (5,549)
page 35 of 278| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-52731 | Hig | 0.49 | 7.5 | 0.00 | Aug 14, 2025 | Missing Authorization vulnerability in themefunction WordPress Event Manager, Event Calendar and Booking Plugin eventin-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WordPress Event Manager, Event Calendar and Booking Plugin: from… | ||
| CVE-2025-31425 | Hig | 0.49 | 7.5 | 0.00 | Aug 14, 2025 | Missing Authorization vulnerability in kamleshyadav WP Lead Capturing Pages leadcapture allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Lead Capturing Pages: from n/a through < 2.6. | ||
| CVE-2025-30639 | Hig | 0.49 | 7.5 | 0.00 | Aug 14, 2025 | Missing Authorization vulnerability in ThemeAtelier IDonatePro idonate-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects IDonatePro: from n/a through <= 2.1.9. | ||
| CVE-2025-52804 | Hig | 0.49 | 7.5 | 0.00 | Jul 16, 2025 | Missing Authorization vulnerability in uxper Nuss nuss allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Nuss: from n/a through <= 1.3.7.1. | ||
| CVE-2025-52803 | Hig | 0.49 | 7.5 | 0.00 | Jul 16, 2025 | Missing Authorization vulnerability in uxper Sala allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Sala: from n/a through 1.1.3. | ||
| CVE-2025-29000 | Hig | 0.49 | 7.5 | 0.00 | Jul 16, 2025 | Missing Authorization vulnerability in August Infotech Multi-language Responsive Contact Form responsive-contact-form allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Multi-language Responsive Contact Form: from n/a through <= 2.8. | ||
| CVE-2025-53485 | Hig | 0.49 | 7.5 | 0.00 | Jul 4, 2025 | SetTranslationHandler.php does not validate that the user is an election admin, allowing any (even unauthenticated) user to change election-related translation text. While partially broken in newer MediaWiki versions, the check is still missing. This issue affects Mediawiki… | ||
| CVE-2025-6814 | Hig | 0.49 | 7.5 | 0.00 | Jul 4, 2025 | The Booking X plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the export_now() function in versions 1.0 to 1.1.2. This makes it possible for unauthenticated attackers to download all plugin data, including user accounts,… | ||
| CVE-2025-52802 | Hig | 0.49 | 7.5 | 0.00 | Jun 20, 2025 | Missing Authorization vulnerability in enguerranws Import YouTube videos as WP Posts import-youtube-videos-as-wp-post allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Import YouTube videos as WP Posts: from n/a through <= 2.1. | ||
| CVE-2025-49265 | Hig | 0.49 | 7.5 | 0.00 | Jun 9, 2025 | Missing Authorization vulnerability in WP Swings Membership For WooCommerce membership-for-woocommerce allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Membership For WooCommerce: from n/a through <= 2.8.1. | ||
| CVE-2025-32308 | Hig | 0.49 | 7.6 | 0.00 | Jun 9, 2025 | Missing Authorization vulnerability in looks_awesome Team Builder a-team-showcase allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Team Builder: from n/a through <= 1.5.7. | ||
| CVE-2025-47558 | Hig | 0.49 | 7.5 | 0.00 | May 23, 2025 | Missing Authorization vulnerability in RomanCode MapSVG mapsvg allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects MapSVG: from n/a through < 8.6.13. | ||
| CVE-2025-39451 | Hig | 0.49 | 7.5 | 0.00 | May 19, 2025 | Missing Authorization vulnerability in Crocoblock JetBlocks For Elementor jet-blocks allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects JetBlocks For Elementor: from n/a through <= 1.3.16. | ||
| CVE-2025-39449 | Hig | 0.49 | 7.5 | 0.00 | May 19, 2025 | Missing Authorization vulnerability in Crocoblock JetWooBuilder jet-woo-builder allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects JetWooBuilder: from n/a through <= 2.1.18. | ||
| CVE-2025-39447 | Hig | 0.49 | 7.5 | 0.00 | May 19, 2025 | Missing Authorization vulnerability in Crocoblock JetElements For Elementor jet-elements allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects JetElements For Elementor: from n/a through <= 2.7.4.1. | ||
| CVE-2021-47662 | — | Hig | 0.49 | 7.5 | 0.00 | Apr 24, 2025 | Due to missing authorization an unauthenticated remote attacker can cause a DoS attack by connecting via HTTPS and triggering the shutdown button. | |
| CVE-2025-39532 | Hig | 0.49 | 7.5 | 0.00 | Apr 17, 2025 | Missing Authorization vulnerability in spicethemes Spice Blocks spice-blocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Spice Blocks: from n/a through <= 2.0.7.7. | ||
| CVE-2025-32544 | Hig | 0.49 | 7.5 | 0.00 | Apr 17, 2025 | Missing Authorization vulnerability in The Right Software WooCommerce Loyal Customers woocommerce-loyal-customer allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WooCommerce Loyal Customers: from n/a through <= 2.6. | ||
| CVE-2025-26968 | Hig | 0.49 | 7.5 | 0.00 | Apr 17, 2025 | Missing Authorization vulnerability in webbernaut Cloak Front End Email allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Cloak Front End Email: from n/a through 1.9.5. | ||
| CVE-2025-27008 | Hig | 0.49 | 7.5 | 0.00 | Apr 15, 2025 | Missing Authorization vulnerability in NotFound Unlimited Timeline unlimited-timeline allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Unlimited Timeline: from n/a through < 1.6.1. |
- risk 0.49cvss 7.5epss 0.00
Missing Authorization vulnerability in themefunction WordPress Event Manager, Event Calendar and Booking Plugin eventin-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WordPress Event Manager, Event Calendar and Booking Plugin: from…
- risk 0.49cvss 7.5epss 0.00
Missing Authorization vulnerability in kamleshyadav WP Lead Capturing Pages leadcapture allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Lead Capturing Pages: from n/a through < 2.6.
- risk 0.49cvss 7.5epss 0.00
Missing Authorization vulnerability in ThemeAtelier IDonatePro idonate-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects IDonatePro: from n/a through <= 2.1.9.
- risk 0.49cvss 7.5epss 0.00
Missing Authorization vulnerability in uxper Nuss nuss allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Nuss: from n/a through <= 1.3.7.1.
- risk 0.49cvss 7.5epss 0.00
Missing Authorization vulnerability in uxper Sala allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Sala: from n/a through 1.1.3.
- risk 0.49cvss 7.5epss 0.00
Missing Authorization vulnerability in August Infotech Multi-language Responsive Contact Form responsive-contact-form allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Multi-language Responsive Contact Form: from n/a through <= 2.8.
- risk 0.49cvss 7.5epss 0.00
SetTranslationHandler.php does not validate that the user is an election admin, allowing any (even unauthenticated) user to change election-related translation text. While partially broken in newer MediaWiki versions, the check is still missing. This issue affects Mediawiki…
- risk 0.49cvss 7.5epss 0.00
The Booking X plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the export_now() function in versions 1.0 to 1.1.2. This makes it possible for unauthenticated attackers to download all plugin data, including user accounts,…
- risk 0.49cvss 7.5epss 0.00
Missing Authorization vulnerability in enguerranws Import YouTube videos as WP Posts import-youtube-videos-as-wp-post allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Import YouTube videos as WP Posts: from n/a through <= 2.1.
- risk 0.49cvss 7.5epss 0.00
Missing Authorization vulnerability in WP Swings Membership For WooCommerce membership-for-woocommerce allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Membership For WooCommerce: from n/a through <= 2.8.1.
- risk 0.49cvss 7.6epss 0.00
Missing Authorization vulnerability in looks_awesome Team Builder a-team-showcase allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Team Builder: from n/a through <= 1.5.7.
- risk 0.49cvss 7.5epss 0.00
Missing Authorization vulnerability in RomanCode MapSVG mapsvg allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects MapSVG: from n/a through < 8.6.13.
- risk 0.49cvss 7.5epss 0.00
Missing Authorization vulnerability in Crocoblock JetBlocks For Elementor jet-blocks allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects JetBlocks For Elementor: from n/a through <= 1.3.16.
- risk 0.49cvss 7.5epss 0.00
Missing Authorization vulnerability in Crocoblock JetWooBuilder jet-woo-builder allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects JetWooBuilder: from n/a through <= 2.1.18.
- risk 0.49cvss 7.5epss 0.00
Missing Authorization vulnerability in Crocoblock JetElements For Elementor jet-elements allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects JetElements For Elementor: from n/a through <= 2.7.4.1.
- risk 0.49cvss 7.5epss 0.00
Due to missing authorization an unauthenticated remote attacker can cause a DoS attack by connecting via HTTPS and triggering the shutdown button.
- risk 0.49cvss 7.5epss 0.00
Missing Authorization vulnerability in spicethemes Spice Blocks spice-blocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Spice Blocks: from n/a through <= 2.0.7.7.
- risk 0.49cvss 7.5epss 0.00
Missing Authorization vulnerability in The Right Software WooCommerce Loyal Customers woocommerce-loyal-customer allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WooCommerce Loyal Customers: from n/a through <= 2.6.
- risk 0.49cvss 7.5epss 0.00
Missing Authorization vulnerability in webbernaut Cloak Front End Email allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Cloak Front End Email: from n/a through 1.9.5.
- risk 0.49cvss 7.5epss 0.00
Missing Authorization vulnerability in NotFound Unlimited Timeline unlimited-timeline allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Unlimited Timeline: from n/a through < 1.6.1.