CWE-862

Missing Authorization

ClassIncompleteLikelihood: High

Description

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

Hierarchy (View 1000)

Parents

CWE-285

Children

Related attack patterns (CAPEC)

CAPEC-665

CVEs mapped to this weakness (4,575)

page 53 of 229

CVE	Sev	Risk	CVSS	Published	Description
CVE-2025-53424	Med	0.42	6.5	Oct 22, 2025	Missing Authorization vulnerability in vanquish WooCommerce Orders & Customers Exporter woocommerce-orders-ei allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WooCommerce Orders & Customers Exporter: from n/a through <= 5.4.
CVE-2025-53421	Med	0.42	6.5	Oct 22, 2025	Missing Authorization vulnerability in PickPlugins Accordion accordions allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Accordion: from n/a through <= 2.3.14.
CVE-2025-52757	Med	0.42	6.5	Oct 22, 2025	Missing Authorization vulnerability in FantasticPlugins SUMO Memberships for WooCommerce sumomemberships allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SUMO Memberships for WooCommerce: from n/a through < 7.8.0.
CVE-2025-52738	Med	0.42	6.5	Oct 22, 2025	Missing Authorization vulnerability in Wikimedia Foundation Wikipedia Preview wikipedia-preview allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Wikipedia Preview: from n/a through <= 1.15.0.
CVE-2025-49961	Med	0.42	6.5	Oct 22, 2025	Missing Authorization vulnerability in Breeze Team Breeze Checkout breeze-checkout allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Breeze Checkout: from n/a through <= 1.4.0.
CVE-2025-48096	Med	0.42	6.5	Oct 22, 2025	Missing Authorization vulnerability in FRESHFACE Custom CSS custom-css-editor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Custom CSS: from n/a through <= 1.4.0.
CVE-2025-60098	Med	0.42	6.5	Sep 26, 2025	Missing Authorization vulnerability in Jeff Farthing Theme My Login theme-my-login allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Theme My Login: from n/a through <= 7.1.12.
CVE-2025-48326	Med	0.42	6.5	Sep 26, 2025	Missing Authorization vulnerability in Acclectic Media Acclectic Media Organizer acclectic-media-organizer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Acclectic Media Organizer: from n/a through <= 1.4.
CVE-2025-59581	Med	0.42	6.5	Sep 22, 2025	Missing Authorization vulnerability in VW THEMES Ibtana ibtana-visual-editor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ibtana: from n/a through <= 1.2.5.3.
CVE-2025-59576	Med	0.42	6.5	Sep 22, 2025	Missing Authorization vulnerability in Stylemix MasterStudy LMS masterstudy-lms-learning-management-system allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MasterStudy LMS: from n/a through <= 3.6.20.
CVE-2025-58680	Med	0.42	6.5	Sep 22, 2025	Missing Authorization vulnerability in gutentor Gutentor gutentor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Gutentor: from n/a through <= 3.5.2.
CVE-2025-58678	Med	0.42	6.5	Sep 22, 2025	Missing Authorization vulnerability in PickPlugins Accordion accordions allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Accordion: from n/a through <= 2.3.15.
CVE-2025-57955	Med	0.42	6.5	Sep 22, 2025	Missing Authorization vulnerability in Plugin Devs Post Carousel Slider for Elementor post-carousel-slider-for-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Post Carousel Slider for Elementor: from n/a through <= 1.7.0.
CVE-2025-57909	Med	0.42	6.5	Sep 22, 2025	Missing Authorization vulnerability in Rouergue Création Editor Custom Color Palette editor-custom-color-palette allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Editor Custom Color Palette: from n/a through <= 3.5.6.
CVE-2025-39541	Med	0.42	6.5	Sep 9, 2025	Missing Authorization vulnerability in Roland Murg WP Simple Booking Calendar wp-simple-booking-calendar.This issue affects WP Simple Booking Calendar: from n/a through <= 2.0.13.
CVE-2025-42917	Med	0.42	6.5	Sep 9, 2025	SAP HCM Approve Timesheets Fiori 2.0 application does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. This issue has a significant impact on the application's integrity, while confidentiality and availability remain unaffected.
CVE-2025-42912	Med	0.42	6.5	Sep 9, 2025	SAP HCM My Timesheet Fiori 2.0 application does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. This issue has a significant impact on the application's integrity, while confidentiality and availability remain unaffected.
CVE-2025-54744	Med	0.42	6.5	Sep 5, 2025	Missing Authorization vulnerability in Stylemix MasterStudy LMS masterstudy-lms-learning-management-system allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MasterStudy LMS: from n/a through <= 3.6.15.
CVE-2025-53571	Med	0.42	6.5	Sep 5, 2025	Missing Authorization vulnerability in VillaTheme HAPPY happy-helpdesk-support-ticket-system allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects HAPPY: from n/a through <= 1.0.6.
CVE-2025-8268	Med	0.42	6.5	Sep 3, 2025	The AI Engine plugin for WordPress is vulnerable to unauthorized access and loss of data due to a missing capability check on the rest_list and delete_files functions in all versions up to, and including, 2.9.5. This makes it possible for unauthenticated attackers to list and delete files uploaded by other users.

CVE-2025-53424MedOct 22, 2025
risk 0.42cvss 6.5epss 0.00
Missing Authorization vulnerability in vanquish WooCommerce Orders & Customers Exporter woocommerce-orders-ei allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WooCommerce Orders & Customers Exporter: from n/a through <= 5.4.
CVE-2025-53421MedOct 22, 2025
risk 0.42cvss 6.5epss 0.00
Missing Authorization vulnerability in PickPlugins Accordion accordions allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Accordion: from n/a through <= 2.3.14.
CVE-2025-52757MedOct 22, 2025
risk 0.42cvss 6.5epss 0.00
Missing Authorization vulnerability in FantasticPlugins SUMO Memberships for WooCommerce sumomemberships allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SUMO Memberships for WooCommerce: from n/a through < 7.8.0.
CVE-2025-52738MedOct 22, 2025
risk 0.42cvss 6.5epss 0.00
Missing Authorization vulnerability in Wikimedia Foundation Wikipedia Preview wikipedia-preview allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Wikipedia Preview: from n/a through <= 1.15.0.
CVE-2025-49961MedOct 22, 2025
risk 0.42cvss 6.5epss 0.00
Missing Authorization vulnerability in Breeze Team Breeze Checkout breeze-checkout allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Breeze Checkout: from n/a through <= 1.4.0.
CVE-2025-48096MedOct 22, 2025
risk 0.42cvss 6.5epss 0.00
Missing Authorization vulnerability in FRESHFACE Custom CSS custom-css-editor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Custom CSS: from n/a through <= 1.4.0.
CVE-2025-60098MedSep 26, 2025
risk 0.42cvss 6.5epss 0.00
Missing Authorization vulnerability in Jeff Farthing Theme My Login theme-my-login allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Theme My Login: from n/a through <= 7.1.12.
CVE-2025-48326MedSep 26, 2025
risk 0.42cvss 6.5epss 0.00
Missing Authorization vulnerability in Acclectic Media Acclectic Media Organizer acclectic-media-organizer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Acclectic Media Organizer: from n/a through <= 1.4.
CVE-2025-59581MedSep 22, 2025
risk 0.42cvss 6.5epss 0.00
Missing Authorization vulnerability in VW THEMES Ibtana ibtana-visual-editor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ibtana: from n/a through <= 1.2.5.3.
CVE-2025-59576MedSep 22, 2025
risk 0.42cvss 6.5epss 0.00
Missing Authorization vulnerability in Stylemix MasterStudy LMS masterstudy-lms-learning-management-system allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MasterStudy LMS: from n/a through <= 3.6.20.
CVE-2025-58680MedSep 22, 2025
risk 0.42cvss 6.5epss 0.00
Missing Authorization vulnerability in gutentor Gutentor gutentor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Gutentor: from n/a through <= 3.5.2.
CVE-2025-58678MedSep 22, 2025
risk 0.42cvss 6.5epss 0.00
Missing Authorization vulnerability in PickPlugins Accordion accordions allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Accordion: from n/a through <= 2.3.15.
CVE-2025-57955MedSep 22, 2025
risk 0.42cvss 6.5epss 0.00
Missing Authorization vulnerability in Plugin Devs Post Carousel Slider for Elementor post-carousel-slider-for-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Post Carousel Slider for Elementor: from n/a through <= 1.7.0.
CVE-2025-57909MedSep 22, 2025
risk 0.42cvss 6.5epss 0.00
Missing Authorization vulnerability in Rouergue Création Editor Custom Color Palette editor-custom-color-palette allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Editor Custom Color Palette: from n/a through <= 3.5.6.
CVE-2025-39541MedSep 9, 2025
risk 0.42cvss 6.5epss 0.00
Missing Authorization vulnerability in Roland Murg WP Simple Booking Calendar wp-simple-booking-calendar.This issue affects WP Simple Booking Calendar: from n/a through <= 2.0.13.
CVE-2025-42917MedSep 9, 2025
risk 0.42cvss 6.5epss 0.00
SAP HCM Approve Timesheets Fiori 2.0 application does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. This issue has a significant impact on the application's integrity, while confidentiality and availability remain unaffected.
CVE-2025-42912MedSep 9, 2025
risk 0.42cvss 6.5epss 0.00
SAP HCM My Timesheet Fiori 2.0 application does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. This issue has a significant impact on the application's integrity, while confidentiality and availability remain unaffected.
CVE-2025-54744MedSep 5, 2025
risk 0.42cvss 6.5epss 0.00
Missing Authorization vulnerability in Stylemix MasterStudy LMS masterstudy-lms-learning-management-system allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MasterStudy LMS: from n/a through <= 3.6.15.
CVE-2025-53571MedSep 5, 2025
risk 0.42cvss 6.5epss 0.00
Missing Authorization vulnerability in VillaTheme HAPPY happy-helpdesk-support-ticket-system allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects HAPPY: from n/a through <= 1.0.6.
CVE-2025-8268MedSep 3, 2025
risk 0.42cvss 6.5epss 0.00
The AI Engine plugin for WordPress is vulnerable to unauthorized access and loss of data due to a missing capability check on the rest_list and delete_files functions in all versions up to, and including, 2.9.5. This makes it possible for unauthenticated attackers to list and delete files uploaded by other users.