CWE-862
Missing Authorization
Description
The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-665
CVEs mapped to this weakness (5,549)
page 46 of 278| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-68861 | Hig | 0.46 | 7.1 | 0.00 | Dec 29, 2025 | Missing Authorization vulnerability in pluginoptimizer Plugin Optimizer plugin-optimizer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Plugin Optimizer: from n/a through <= 1.3.7. | ||
| CVE-2025-12934 | Hig | 0.46 | 8.1 | 0.00 | Dec 23, 2025 | The Beaver Builder – WordPress Page Builder plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on the 'duplicate_wpml_layout' function in all versions up to, and including, 2.9.4.1. This makes it possible for… | ||
| CVE-2025-64378 | Hig | 0.46 | 7.1 | 0.00 | Dec 18, 2025 | Missing Authorization vulnerability in CridioStudio ListingPro listingpro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ListingPro: from n/a through < 2.9.10. | ||
| CVE-2025-60079 | Hig | 0.46 | 7.1 | 0.00 | Dec 18, 2025 | Missing Authorization vulnerability in bPlugins Parallax Section block parallax-section allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Parallax Section block: from n/a through <= 1.0.9. | ||
| CVE-2025-54751 | Hig | 0.46 | 7.1 | 0.00 | Dec 18, 2025 | Missing Authorization vulnerability in WPXPO PostX ultimate-post allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PostX: from n/a through <= 4.1.36. | ||
| CVE-2025-5483 | Hig | 0.46 | 8.1 | 0.00 | Nov 7, 2025 | The LC Wizard plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check in the ghl-wizard/inc/wp_user.php file in versions 1.2.10 to 1.3.0. This makes it possible for unauthenticated attackers to create new user accounts with the administrator… | ||
| CVE-2025-54711 | Hig | 0.46 | 7.1 | 0.00 | Nov 6, 2025 | Missing Authorization vulnerability in bPlugins Info Cards info-cards allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Info Cards: from n/a through <= 1.0.11. | ||
| CVE-2025-49394 | Hig | 0.46 | 7.1 | 0.00 | Nov 6, 2025 | Missing Authorization vulnerability in bPlugins Image Gallery block – Create and display photo gallery/photo album. 3d-image-gallery allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Image Gallery block – Create and display photo… | ||
| CVE-2025-64348 | Hig | 0.46 | 7.1 | 0.00 | Oct 31, 2025 | ELOG allows an authenticated user to modify or overwrite the configuration file, resulting in denial of service. If the execute facility is specifically enabled with the "-x" command line flag, attackers could execute OS commands on the host machine. By default, ELOG is not… | ||
| CVE-2025-9243 | — | Hig | 0.46 | 8.1 | 0.00 | Oct 4, 2025 | The Cost Calculator Builder plugin for WordPress is vulnerable to unauthorizedmodification of data due to a missing capability check on the get_cc_orders and update_order_status functions in all versions up to, and including, 3.5.32. This makes it possible for authenticated… | |
| CVE-2024-32589 | Hig | 0.46 | 7.1 | 0.00 | Aug 31, 2025 | Missing Authorization vulnerability in Dmitry V. (CEO of "UKR Solution") Barcode Scanner with Inventory & Order Manager barcode-scanner-lite-pos-to-manage-products-inventory-and-orders.This issue affects Barcode Scanner with Inventory & Order Manager: from n/a through <= 1.5.3. | ||
| CVE-2025-54714 | Hig | 0.46 | 7.1 | 0.00 | Aug 28, 2025 | Missing Authorization vulnerability in Dylan James Zephyr Project Manager zephyr-project-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Zephyr Project Manager: from n/a through <= 3.3.201. | ||
| CVE-2025-54710 | Hig | 0.46 | 7.1 | 0.00 | Aug 28, 2025 | Missing Authorization vulnerability in bPlugins Tiktok Feed b-tiktok-feed allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Tiktok Feed: from n/a through <= 1.0.21. | ||
| CVE-2025-52785 | Hig | 0.46 | 7.1 | 0.00 | Aug 14, 2025 | Missing Authorization vulnerability in softnwords SMM API smm-api allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SMM API: from n/a through <= 6.0.31. | ||
| CVE-2025-52775 | Hig | 0.46 | 7.1 | 0.00 | Aug 14, 2025 | Missing Authorization vulnerability in Ronik@UnlimitedWP Project Cost Calculator project-cost-calculator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Project Cost Calculator: from n/a through <= 1.0.0. | ||
| CVE-2025-49888 | Hig | 0.46 | 7.1 | 0.00 | Jul 16, 2025 | Missing Authorization vulnerability in pimwick PW WooCommerce On Sale! pw-woocommerce-on-sale allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PW WooCommerce On Sale!: from n/a through <= 1.39. | ||
| CVE-2025-49651 | Hig | 0.46 | 8.1 | 0.00 | Jun 9, 2025 | Missing Authorization in Lablup's BackendAI allows attackers to takeover all active sessions; Accessing, stealing, or altering any data accessible in the session. This vulnerability exists in all current versions of BackendAI. | ||
| CVE-2025-47527 | Hig | 0.46 | 7.1 | 0.00 | Jun 9, 2025 | Missing Authorization vulnerability in Icegram Icegram Collect icegram-rainmaker allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Icegram Collect: from n/a through <= 1.3.18. | ||
| CVE-2025-47463 | Hig | 0.46 | 7.1 | 0.00 | Jun 9, 2025 | Missing Authorization vulnerability in Fahad Mahmood Stock Locations for WooCommerce stock-locations-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Stock Locations for WooCommerce: from n/a through <= 2.8.6. | ||
| CVE-2025-46488 | Hig | 0.46 | 7.1 | 0.00 | May 23, 2025 | Missing Authorization vulnerability in dastan800 Visual Builder visual-builder allows Reflected XSS.This issue affects Visual Builder: from n/a through <= 1.2.2. |
- risk 0.46cvss 7.1epss 0.00
Missing Authorization vulnerability in pluginoptimizer Plugin Optimizer plugin-optimizer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Plugin Optimizer: from n/a through <= 1.3.7.
- risk 0.46cvss 8.1epss 0.00
The Beaver Builder – WordPress Page Builder plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on the 'duplicate_wpml_layout' function in all versions up to, and including, 2.9.4.1. This makes it possible for…
- risk 0.46cvss 7.1epss 0.00
Missing Authorization vulnerability in CridioStudio ListingPro listingpro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ListingPro: from n/a through < 2.9.10.
- risk 0.46cvss 7.1epss 0.00
Missing Authorization vulnerability in bPlugins Parallax Section block parallax-section allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Parallax Section block: from n/a through <= 1.0.9.
- risk 0.46cvss 7.1epss 0.00
Missing Authorization vulnerability in WPXPO PostX ultimate-post allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PostX: from n/a through <= 4.1.36.
- risk 0.46cvss 8.1epss 0.00
The LC Wizard plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check in the ghl-wizard/inc/wp_user.php file in versions 1.2.10 to 1.3.0. This makes it possible for unauthenticated attackers to create new user accounts with the administrator…
- risk 0.46cvss 7.1epss 0.00
Missing Authorization vulnerability in bPlugins Info Cards info-cards allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Info Cards: from n/a through <= 1.0.11.
- risk 0.46cvss 7.1epss 0.00
Missing Authorization vulnerability in bPlugins Image Gallery block – Create and display photo gallery/photo album. 3d-image-gallery allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Image Gallery block – Create and display photo…
- risk 0.46cvss 7.1epss 0.00
ELOG allows an authenticated user to modify or overwrite the configuration file, resulting in denial of service. If the execute facility is specifically enabled with the "-x" command line flag, attackers could execute OS commands on the host machine. By default, ELOG is not…
- risk 0.46cvss 8.1epss 0.00
The Cost Calculator Builder plugin for WordPress is vulnerable to unauthorizedmodification of data due to a missing capability check on the get_cc_orders and update_order_status functions in all versions up to, and including, 3.5.32. This makes it possible for authenticated…
- risk 0.46cvss 7.1epss 0.00
Missing Authorization vulnerability in Dmitry V. (CEO of "UKR Solution") Barcode Scanner with Inventory & Order Manager barcode-scanner-lite-pos-to-manage-products-inventory-and-orders.This issue affects Barcode Scanner with Inventory & Order Manager: from n/a through <= 1.5.3.
- risk 0.46cvss 7.1epss 0.00
Missing Authorization vulnerability in Dylan James Zephyr Project Manager zephyr-project-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Zephyr Project Manager: from n/a through <= 3.3.201.
- risk 0.46cvss 7.1epss 0.00
Missing Authorization vulnerability in bPlugins Tiktok Feed b-tiktok-feed allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Tiktok Feed: from n/a through <= 1.0.21.
- risk 0.46cvss 7.1epss 0.00
Missing Authorization vulnerability in softnwords SMM API smm-api allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SMM API: from n/a through <= 6.0.31.
- risk 0.46cvss 7.1epss 0.00
Missing Authorization vulnerability in Ronik@UnlimitedWP Project Cost Calculator project-cost-calculator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Project Cost Calculator: from n/a through <= 1.0.0.
- risk 0.46cvss 7.1epss 0.00
Missing Authorization vulnerability in pimwick PW WooCommerce On Sale! pw-woocommerce-on-sale allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PW WooCommerce On Sale!: from n/a through <= 1.39.
- risk 0.46cvss 8.1epss 0.00
Missing Authorization in Lablup's BackendAI allows attackers to takeover all active sessions; Accessing, stealing, or altering any data accessible in the session. This vulnerability exists in all current versions of BackendAI.
- risk 0.46cvss 7.1epss 0.00
Missing Authorization vulnerability in Icegram Icegram Collect icegram-rainmaker allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Icegram Collect: from n/a through <= 1.3.18.
- risk 0.46cvss 7.1epss 0.00
Missing Authorization vulnerability in Fahad Mahmood Stock Locations for WooCommerce stock-locations-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Stock Locations for WooCommerce: from n/a through <= 2.8.6.
- risk 0.46cvss 7.1epss 0.00
Missing Authorization vulnerability in dastan800 Visual Builder visual-builder allows Reflected XSS.This issue affects Visual Builder: from n/a through <= 1.2.2.