CWE-862
Missing Authorization
Description
The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-665
CVEs mapped to this weakness (5,549)
page 39 of 278| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-33594 | Hig | 0.49 | 7.5 | 0.00 | Apr 29, 2024 | Missing Authorization vulnerability in Leaky Paywall.This issue affects Leaky Paywall: from n/a through 4.20.8. | ||
| CVE-2024-33591 | Hig | 0.49 | 7.5 | 0.00 | Apr 29, 2024 | Missing Authorization vulnerability in Tips and Tricks HQ Easy Accept Payments.This issue affects Easy Accept Payments: from n/a through 4.9.10. | ||
| CVE-2024-33635 | Hig | 0.49 | 7.5 | 0.01 | Apr 29, 2024 | Missing Authorization vulnerability in Piotnet Piotnet Addons For Elementor Pro.This issue affects Piotnet Addons For Elementor Pro: from n/a through 7.1.17. | ||
| CVE-2024-33597 | Hig | 0.49 | 7.5 | 0.01 | Apr 29, 2024 | Missing Authorization vulnerability in ProFaceOff SSU.This issue affects SSU: from n/a through 1.5.0. | ||
| CVE-2023-44227 | Hig | 0.49 | 7.5 | 0.01 | Apr 17, 2024 | Missing Authorization vulnerability in Mitchell Bennis Simple File List.This issue affects Simple File List: from n/a through 6.1.9. | ||
| CVE-2023-51672 | Hig | 0.49 | 7.5 | 0.01 | Apr 11, 2024 | Missing Authorization vulnerability in FunnelKit FunnelKit Checkout.This issue affects FunnelKit Checkout: from n/a through 3.10.3. | ||
| CVE-2024-31343 | Hig | 0.49 | 7.5 | 0.01 | Apr 10, 2024 | Missing Authorization vulnerability in Sonaar Music MP3 Audio Player for Music, Radio & Podcast by Sonaar.This issue affects MP3 Audio Player for Music, Radio & Podcast by Sonaar: from n/a through 4.10.1. | ||
| CVE-2024-31358 | Hig | 0.49 | 7.5 | 0.01 | Apr 10, 2024 | Missing Authorization vulnerability in Saleswonder Team: Tobias 5 Stars Rating Funnel 5-stars-rating-funnel.This issue affects 5 Stars Rating Funnel: from n/a through <= 1.2.67. | ||
| CVE-2024-31297 | Hig | 0.49 | 7.5 | 0.00 | Apr 10, 2024 | Missing Authorization vulnerability in WPExperts Wholesale For WooCommerce.This issue affects Wholesale For WooCommerce: from n/a through 2.3.0. | ||
| CVE-2024-1934 | Hig | 0.49 | 7.5 | 0.01 | Apr 9, 2024 | The WP Compress – Image Optimizer plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wps_local_compress::__construct' function in all versions up to, and including, 6.11.10. This makes it possible for… | ||
| CVE-2024-27911 | — | Hig | 0.49 | 7.5 | 0.00 | Apr 5, 2024 | A vulnerability was reported in some Lenovo Printers that could allow an unauthenticated attacker to obtain the administrator password. | |
| CVE-2024-30487 | Hig | 0.49 | 7.6 | 0.00 | Mar 29, 2024 | Missing Authorization vulnerability in Sonaar Music MP3 Audio Player for Music, Radio & Podcast by Sonaar.This issue affects MP3 Audio Player for Music, Radio & Podcast by Sonaar: from n/a through 5.1. | ||
| CVE-2024-2848 | Hig | 0.49 | 7.5 | 0.01 | Mar 29, 2024 | The Responsive theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save_footer_text_callback function in all versions up to, and including, 5.0.2. This makes it possible for unauthenticated attackers to inject arbitrary… | ||
| CVE-2023-6038 | Hig | 0.49 | 7.5 | 0.04 | Nov 16, 2023 | A Local File Inclusion (LFI) vulnerability exists in the h2o-3 REST API, allowing unauthenticated remote attackers to read arbitrary files on the server with the permissions of the user running the h2o-3 instance. This issue affects the default installation and does not require… | ||
| CVE-2023-5132 | Hig | 0.49 | 7.5 | 0.01 | Oct 21, 2023 | The Soisy Pagamento Rateale plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the parseRemoteRequest function in versions up to, and including, 6.0.1. This makes it possible for unauthenticated attackers with knowledge of an… | ||
| CVE-2022-4943 | Hig | 0.49 | 7.5 | 0.01 | Oct 20, 2023 | The miniOrange's Google Authenticator plugin for WordPress is vulnerable to authorization bypass due to a missing capability check when changing plugin settings in versions up to, and including, 5.6.5. This makes it possible for unauthenticated attackers to change the plugin's… | ||
| CVE-2023-39966 | Hig | 0.49 | 7.5 | 0.01 | Aug 10, 2023 | 1Panel is an open source Linux server operation and maintenance management panel. In version 1.4.3, an arbitrary file write vulnerability could lead to direct control of the server. In the `api/v1/file.go` file, there is a function called `SaveContentthat,It `recieves JSON data… | ||
| CVE-2021-4355 | Hig | 0.49 | 7.5 | 0.01 | Jun 7, 2023 | The Welcart e-Commerce plugin for WordPress is vulnerable to authorization bypass due to missing capability checks on the download_orderdetail_list(), change_orderlist(), and download_member_list() functions called via admin_init hooks in versions up to, and including, 2.2.7.… | ||
| CVE-2021-4348 | Hig | 0.49 | 7.5 | 0.01 | Jun 7, 2023 | The Ultimate GDPR & CCPA plugin for WordPress is vulnerable to unauthenticated settings import and export via the export_settings & import_settings functions in versions up to, and including, 2.4. This makes it possible for unauthenticated attackers to change plugin settings and… | ||
| CVE-2021-4339 | Hig | 0.49 | 7.5 | 0.01 | Jun 7, 2023 | The uListing plugin for WordPress is vulnerable to authorization bypass due to a missing capability check in the "ulisting/includes/route.php" file on the /1/api/ulisting-user/search REST-API route in versions up to, and including, 1.6.6. This makes it possible for… |
- risk 0.49cvss 7.5epss 0.00
Missing Authorization vulnerability in Leaky Paywall.This issue affects Leaky Paywall: from n/a through 4.20.8.
- risk 0.49cvss 7.5epss 0.00
Missing Authorization vulnerability in Tips and Tricks HQ Easy Accept Payments.This issue affects Easy Accept Payments: from n/a through 4.9.10.
- risk 0.49cvss 7.5epss 0.01
Missing Authorization vulnerability in Piotnet Piotnet Addons For Elementor Pro.This issue affects Piotnet Addons For Elementor Pro: from n/a through 7.1.17.
- risk 0.49cvss 7.5epss 0.01
Missing Authorization vulnerability in ProFaceOff SSU.This issue affects SSU: from n/a through 1.5.0.
- risk 0.49cvss 7.5epss 0.01
Missing Authorization vulnerability in Mitchell Bennis Simple File List.This issue affects Simple File List: from n/a through 6.1.9.
- risk 0.49cvss 7.5epss 0.01
Missing Authorization vulnerability in FunnelKit FunnelKit Checkout.This issue affects FunnelKit Checkout: from n/a through 3.10.3.
- risk 0.49cvss 7.5epss 0.01
Missing Authorization vulnerability in Sonaar Music MP3 Audio Player for Music, Radio & Podcast by Sonaar.This issue affects MP3 Audio Player for Music, Radio & Podcast by Sonaar: from n/a through 4.10.1.
- risk 0.49cvss 7.5epss 0.01
Missing Authorization vulnerability in Saleswonder Team: Tobias 5 Stars Rating Funnel 5-stars-rating-funnel.This issue affects 5 Stars Rating Funnel: from n/a through <= 1.2.67.
- risk 0.49cvss 7.5epss 0.00
Missing Authorization vulnerability in WPExperts Wholesale For WooCommerce.This issue affects Wholesale For WooCommerce: from n/a through 2.3.0.
- risk 0.49cvss 7.5epss 0.01
The WP Compress – Image Optimizer plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wps_local_compress::__construct' function in all versions up to, and including, 6.11.10. This makes it possible for…
- risk 0.49cvss 7.5epss 0.00
A vulnerability was reported in some Lenovo Printers that could allow an unauthenticated attacker to obtain the administrator password.
- risk 0.49cvss 7.6epss 0.00
Missing Authorization vulnerability in Sonaar Music MP3 Audio Player for Music, Radio & Podcast by Sonaar.This issue affects MP3 Audio Player for Music, Radio & Podcast by Sonaar: from n/a through 5.1.
- risk 0.49cvss 7.5epss 0.01
The Responsive theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save_footer_text_callback function in all versions up to, and including, 5.0.2. This makes it possible for unauthenticated attackers to inject arbitrary…
- risk 0.49cvss 7.5epss 0.04
A Local File Inclusion (LFI) vulnerability exists in the h2o-3 REST API, allowing unauthenticated remote attackers to read arbitrary files on the server with the permissions of the user running the h2o-3 instance. This issue affects the default installation and does not require…
- risk 0.49cvss 7.5epss 0.01
The Soisy Pagamento Rateale plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the parseRemoteRequest function in versions up to, and including, 6.0.1. This makes it possible for unauthenticated attackers with knowledge of an…
- risk 0.49cvss 7.5epss 0.01
The miniOrange's Google Authenticator plugin for WordPress is vulnerable to authorization bypass due to a missing capability check when changing plugin settings in versions up to, and including, 5.6.5. This makes it possible for unauthenticated attackers to change the plugin's…
- risk 0.49cvss 7.5epss 0.01
1Panel is an open source Linux server operation and maintenance management panel. In version 1.4.3, an arbitrary file write vulnerability could lead to direct control of the server. In the `api/v1/file.go` file, there is a function called `SaveContentthat,It `recieves JSON data…
- risk 0.49cvss 7.5epss 0.01
The Welcart e-Commerce plugin for WordPress is vulnerable to authorization bypass due to missing capability checks on the download_orderdetail_list(), change_orderlist(), and download_member_list() functions called via admin_init hooks in versions up to, and including, 2.2.7.…
- risk 0.49cvss 7.5epss 0.01
The Ultimate GDPR & CCPA plugin for WordPress is vulnerable to unauthenticated settings import and export via the export_settings & import_settings functions in versions up to, and including, 2.4. This makes it possible for unauthenticated attackers to change plugin settings and…
- risk 0.49cvss 7.5epss 0.01
The uListing plugin for WordPress is vulnerable to authorization bypass due to a missing capability check in the "ulisting/includes/route.php" file on the /1/api/ulisting-user/search REST-API route in versions up to, and including, 1.6.6. This makes it possible for…