CWE-862
Missing Authorization
Description
The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-665
CVEs mapped to this weakness (5,549)
page 47 of 278| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-39583 | Hig | 0.46 | 7.1 | 0.00 | Apr 17, 2025 | Missing Authorization vulnerability in Bertha AI – Andrew Palmer BERTHA AI bertha-ai-free allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects BERTHA AI: from n/a through <= 1.12.10.2. | ||
| CVE-2025-32620 | Hig | 0.46 | 7.1 | 0.00 | Apr 17, 2025 | Missing Authorization vulnerability in fromdoppler Doppler Forms doppler-form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Doppler Forms: from n/a through <= 2.4.6. | ||
| CVE-2025-32624 | Hig | 0.46 | 7.1 | 0.00 | Apr 9, 2025 | Missing Authorization vulnerability in czater Czater.pl – live chat i telefon czater allows Cross Site Request Forgery.This issue affects Czater.pl – live chat i telefon: from n/a through <= 1.0.5. | ||
| CVE-2024-2292 | — | Hig | 0.46 | 7.1 | 0.00 | Mar 20, 2025 | Due to a lack of access control, unauthorized users are able to view and modify information pertaining to other users. | |
| CVE-2025-24654 | Hig | 0.46 | 7.1 | 0.00 | Mar 3, 2025 | Missing Authorization vulnerability in SEO Squirrly SEO Plugin by Squirrly SEO squirrly-seo.This issue affects SEO Plugin by Squirrly SEO: from n/a through <= 12.4.07. | ||
| CVE-2025-24692 | Hig | 0.46 | 7.1 | 0.00 | Feb 14, 2025 | Missing Authorization vulnerability in M.Code Bulk Menu Edit bulk-menu-edit allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Bulk Menu Edit: from n/a through <= 1.3. | ||
| CVE-2025-23982 | Hig | 0.46 | 7.1 | 0.00 | Jan 27, 2025 | Missing Authorization vulnerability in Gopi krishnan Fare Calculator fare-calculator allows Stored XSS.This issue affects Fare Calculator: from n/a through <= 1.1. | ||
| CVE-2024-50967 | Med | 0.46 | 6.5 | 0.02 | Jan 17, 2025 | The /rest/rights/ REST API endpoint in Becon DATAGerry through 2.2.0 contains an Incorrect Access Control vulnerability. An attacker can remotely access this endpoint without authentication, leading to unauthorized disclosure of sensitive information. | ||
| CVE-2024-11848 | Hig | 0.46 | 8.1 | 0.01 | Jan 15, 2025 | The NitroPack plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'nitropack_dismiss_notice_forever' AJAX action in all versions up to, and including, 1.17.0. This makes it possible for authenticated attackers, with… | ||
| CVE-2023-48758 | Hig | 0.46 | 7.1 | 0.00 | Jan 2, 2025 | Missing Authorization vulnerability in Crocoblock JetEngine jet-engine allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JetEngine: from n/a through <= 3.2.4. | ||
| CVE-2023-46632 | Hig | 0.46 | 7.1 | 0.00 | Jan 2, 2025 | Missing Authorization vulnerability in David Cramer My Shortcodes allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects My Shortcodes: from n/a through 2.3. | ||
| CVE-2024-54381 | Hig | 0.46 | 7.1 | 0.00 | Dec 18, 2024 | Missing Authorization vulnerability in Dotstore Advance Menu Manager advance-menu-manager.This issue affects Advance Menu Manager: from n/a through <= 3.1.1. | ||
| CVE-2024-54256 | Hig | 0.46 | 7.1 | 0.01 | Dec 13, 2024 | Missing Authorization vulnerability in Seerox Easy Blocks pro easy-blocks-pro allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Easy Blocks pro: from n/a through <= 1.0.21. | ||
| CVE-2023-51355 | Hig | 0.46 | 8.2 | 0.00 | Dec 9, 2024 | Missing Authorization vulnerability in MultiVendorX MultiVendorX dc-woocommerce-multi-vendor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MultiVendorX: from n/a through <= 4.0.23. | ||
| CVE-2024-47314 | Hig | 0.46 | 7.1 | 0.00 | Nov 1, 2024 | Missing Authorization vulnerability in sunshinephotocart Sunshine Photo Cart sunshine-photo-cart allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sunshine Photo Cart: from n/a through <= 3.2.8. | ||
| CVE-2024-38721 | Hig | 0.46 | 7.1 | 0.00 | Nov 1, 2024 | Missing Authorization vulnerability in spider-themes EazyDocs allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects EazyDocs: from n/a through 2.5.0. | ||
| CVE-2024-44156 | Hig | 0.46 | 7.1 | 0.00 | Oct 28, 2024 | A path deletion vulnerability was addressed by preventing vulnerable code from running with privileges. This issue is fixed in macOS Sequoia 15.1, macOS Sonoma 14.7.1, macOS Ventura 13.7.1. An app may be able to bypass Privacy preferences. | ||
| CVE-2024-43256 | Hig | 0.46 | 7.1 | 0.00 | Aug 19, 2024 | Missing Authorization vulnerability in nouthemes Leopard - WordPress offload media allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Leopard - WordPress offload media: from n/a through 2.0.36. | ||
| CVE-2024-34444 | Hig | 0.46 | 7.1 | 0.00 | Jun 19, 2024 | Missing Authorization vulnerability in ThemePunch OHG Slider Revolution.This issue affects Slider Revolution: from n/a before 6.7.0. | ||
| CVE-2023-6696 | Hig | 0.46 | 8.1 | 0.00 | Jun 15, 2024 | The Popup Builder – Create highly converting, mobile friendly marketing popups. plugin for WordPress is vulnerable to unauthorized access of functionality due to a missing capability check on several functions in all versions up to, and including, 4.3.1. While some functions… |
- risk 0.46cvss 7.1epss 0.00
Missing Authorization vulnerability in Bertha AI – Andrew Palmer BERTHA AI bertha-ai-free allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects BERTHA AI: from n/a through <= 1.12.10.2.
- risk 0.46cvss 7.1epss 0.00
Missing Authorization vulnerability in fromdoppler Doppler Forms doppler-form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Doppler Forms: from n/a through <= 2.4.6.
- risk 0.46cvss 7.1epss 0.00
Missing Authorization vulnerability in czater Czater.pl – live chat i telefon czater allows Cross Site Request Forgery.This issue affects Czater.pl – live chat i telefon: from n/a through <= 1.0.5.
- risk 0.46cvss 7.1epss 0.00
Due to a lack of access control, unauthorized users are able to view and modify information pertaining to other users.
- risk 0.46cvss 7.1epss 0.00
Missing Authorization vulnerability in SEO Squirrly SEO Plugin by Squirrly SEO squirrly-seo.This issue affects SEO Plugin by Squirrly SEO: from n/a through <= 12.4.07.
- risk 0.46cvss 7.1epss 0.00
Missing Authorization vulnerability in M.Code Bulk Menu Edit bulk-menu-edit allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Bulk Menu Edit: from n/a through <= 1.3.
- risk 0.46cvss 7.1epss 0.00
Missing Authorization vulnerability in Gopi krishnan Fare Calculator fare-calculator allows Stored XSS.This issue affects Fare Calculator: from n/a through <= 1.1.
- risk 0.46cvss 6.5epss 0.02
The /rest/rights/ REST API endpoint in Becon DATAGerry through 2.2.0 contains an Incorrect Access Control vulnerability. An attacker can remotely access this endpoint without authentication, leading to unauthorized disclosure of sensitive information.
- risk 0.46cvss 8.1epss 0.01
The NitroPack plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'nitropack_dismiss_notice_forever' AJAX action in all versions up to, and including, 1.17.0. This makes it possible for authenticated attackers, with…
- risk 0.46cvss 7.1epss 0.00
Missing Authorization vulnerability in Crocoblock JetEngine jet-engine allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JetEngine: from n/a through <= 3.2.4.
- risk 0.46cvss 7.1epss 0.00
Missing Authorization vulnerability in David Cramer My Shortcodes allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects My Shortcodes: from n/a through 2.3.
- risk 0.46cvss 7.1epss 0.00
Missing Authorization vulnerability in Dotstore Advance Menu Manager advance-menu-manager.This issue affects Advance Menu Manager: from n/a through <= 3.1.1.
- risk 0.46cvss 7.1epss 0.01
Missing Authorization vulnerability in Seerox Easy Blocks pro easy-blocks-pro allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Easy Blocks pro: from n/a through <= 1.0.21.
- risk 0.46cvss 8.2epss 0.00
Missing Authorization vulnerability in MultiVendorX MultiVendorX dc-woocommerce-multi-vendor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MultiVendorX: from n/a through <= 4.0.23.
- risk 0.46cvss 7.1epss 0.00
Missing Authorization vulnerability in sunshinephotocart Sunshine Photo Cart sunshine-photo-cart allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sunshine Photo Cart: from n/a through <= 3.2.8.
- risk 0.46cvss 7.1epss 0.00
Missing Authorization vulnerability in spider-themes EazyDocs allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects EazyDocs: from n/a through 2.5.0.
- risk 0.46cvss 7.1epss 0.00
A path deletion vulnerability was addressed by preventing vulnerable code from running with privileges. This issue is fixed in macOS Sequoia 15.1, macOS Sonoma 14.7.1, macOS Ventura 13.7.1. An app may be able to bypass Privacy preferences.
- risk 0.46cvss 7.1epss 0.00
Missing Authorization vulnerability in nouthemes Leopard - WordPress offload media allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Leopard - WordPress offload media: from n/a through 2.0.36.
- risk 0.46cvss 7.1epss 0.00
Missing Authorization vulnerability in ThemePunch OHG Slider Revolution.This issue affects Slider Revolution: from n/a before 6.7.0.
- risk 0.46cvss 8.1epss 0.00
The Popup Builder – Create highly converting, mobile friendly marketing popups. plugin for WordPress is vulnerable to unauthorized access of functionality due to a missing capability check on several functions in all versions up to, and including, 4.3.1. While some functions…