CWE-862

Missing Authorization

ClassIncompleteLikelihood: High

Description

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

Hierarchy (View 1000)

Parents

CWE-285

Children

Related attack patterns (CAPEC)

CAPEC-665

CVEs mapped to this weakness (4,575)

page 55 of 229

CVE	Sev	Risk	CVSS	Published	Description
CVE-2025-49431	Med	0.42	6.5	Jul 4, 2025	Missing Authorization vulnerability in Gnuget MF Plus WPML mf-plus-wpml allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MF Plus WPML: from n/a through <= 1.1.
CVE-2025-47634	Med	0.42	6.5	Jul 4, 2025	Missing Authorization vulnerability in Keylor Mendoza WC Pickup Store wc-pickup-store allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WC Pickup Store: from n/a through <= 1.8.9.
CVE-2025-39362	Med	0.42	6.5	Jul 2, 2025	Missing Authorization vulnerability in Mollie Mollie Payments for WooCommerce mollie-payments-for-woocommerce.This issue affects Mollie Payments for WooCommerce: from n/a through <= 8.0.2.
CVE-2025-53284	Med	0.42	6.5	Jun 27, 2025	Missing Authorization vulnerability in pankaj.sakaria CMS Blocks cms-blocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CMS Blocks: from n/a through <= 1.1.
CVE-2025-50034	Med	0.42	6.5	Jun 20, 2025	Missing Authorization vulnerability in Mahmudul Hasan Arif Enhanced Blocks – Page Builder Blocks for Gutenberg enhanced-blocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Enhanced Blocks – Page Builder Blocks for Gutenberg: from n/a through <= 1.4.1.
CVE-2025-49234	Med	0.42	6.5	Jun 17, 2025	Missing Authorization vulnerability in Deepak anand WP Dummy Content Generator wp-dummy-content-generator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Dummy Content Generator: from n/a through <= 3.4.6.
CVE-2025-48147	Med	0.42	6.5	Jun 9, 2025	Missing Authorization vulnerability in Crypto Cloud CryptoCloud - Crypto Payment Gateway cryptocloud-crypto-payment-gateway allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CryptoCloud - Crypto Payment Gateway: from n/a through <= 2.1.2.
CVE-2025-48139	Med	0.42	6.5	Jun 9, 2025	Missing Authorization vulnerability in relentlo StyleAI relentlosoftware allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects StyleAI: from n/a through <= 1.0.4.
CVE-2023-25997	Med	0.42	6.5	Jun 6, 2025	Missing Authorization vulnerability in SolaPlugins Sola Support Ticket allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Sola Support Ticket: from n/a through 3.17.
CVE-2025-1777	Med	0.42	6.4	Jun 6, 2025	The BM Content Builder plugin for WordPress is vulnerable to unauthorized modification of data to a missing capability check on the 'ux_cb_page_options_save' function in all versions up to, and including, 3.16.2.1. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
CVE-2025-48133	Med	0.42	6.5	Jun 5, 2025	Missing Authorization vulnerability in Uncanny Owl Uncanny Automator uncanny-automator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Uncanny Automator: from n/a through <= 6.4.0.2.
CVE-2025-47585	Med	0.42	6.5	Jun 2, 2025	Missing Authorization vulnerability in magepeopleteam Booking and Rental Manager booking-and-rental-manager-for-woocommerce allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Booking and Rental Manager: from n/a through <= 2.3.8.
CVE-2025-4597	Med	0.42	6.5	May 30, 2025	The Woo Slider Pro – Drag Drop Slider Builder For WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the woo_slide_pro_delete_draft_preview AJAX action in all versions up to, and including, 1.12. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary posts.
CVE-2025-48334	Med	0.42	6.5	May 30, 2025	Missing Authorization vulnerability in BinaryCarpenter Woo Slider Pro woo-slider-pro-drag-drop-slider-builder-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Woo Slider Pro: from n/a through <= 1.12.
CVE-2025-48275	Med	0.42	6.5	May 23, 2025	Missing Authorization vulnerability in dastan800 Visual Header visual-header allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Visual Header: from n/a through <= 1.3.
CVE-2025-48271	Med	0.42	6.5	May 23, 2025	Missing Authorization vulnerability in Leadinfo Leadinfo leadinfo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Leadinfo: from n/a through <= 1.1.
CVE-2025-47619	Med	0.42	6.5	May 23, 2025	Missing Authorization vulnerability in 6Storage 6Storage Rentals 6storage-rentals allows Path Traversal.This issue affects 6Storage Rentals: from n/a through <= 2.20.2.
CVE-2025-47529	Med	0.42	6.5	May 23, 2025	Missing Authorization vulnerability in UX Design Experts Experto CTA Widget – Call To Action, Sticky CTA, Floating Button Plugin experto-cta-widget allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Experto CTA Widget – Call To Action, Sticky CTA, Floating Button Plugin: from n/a through <= 1.1.1.
CVE-2025-43838	Med	0.42	6.5	May 19, 2025	Missing Authorization vulnerability in ChoPlugins.com Custom PC Builder Lite for WooCommerce custom-pc-builder-lite-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Custom PC Builder Lite for WooCommerce: from n/a through <= 1.0.1.
CVE-2025-48257	Med	0.42	6.5	May 19, 2025	Missing Authorization vulnerability in Projectopia Projectopia projectopia-core allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Projectopia: from n/a through <= 5.1.17.

CVE-2025-49431MedJul 4, 2025
risk 0.42cvss 6.5epss 0.00
Missing Authorization vulnerability in Gnuget MF Plus WPML mf-plus-wpml allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MF Plus WPML: from n/a through <= 1.1.
CVE-2025-47634MedJul 4, 2025
risk 0.42cvss 6.5epss 0.00
Missing Authorization vulnerability in Keylor Mendoza WC Pickup Store wc-pickup-store allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WC Pickup Store: from n/a through <= 1.8.9.
CVE-2025-39362MedJul 2, 2025
risk 0.42cvss 6.5epss 0.00
Missing Authorization vulnerability in Mollie Mollie Payments for WooCommerce mollie-payments-for-woocommerce.This issue affects Mollie Payments for WooCommerce: from n/a through <= 8.0.2.
CVE-2025-53284MedJun 27, 2025
risk 0.42cvss 6.5epss 0.00
Missing Authorization vulnerability in pankaj.sakaria CMS Blocks cms-blocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CMS Blocks: from n/a through <= 1.1.
CVE-2025-50034MedJun 20, 2025
risk 0.42cvss 6.5epss 0.00
Missing Authorization vulnerability in Mahmudul Hasan Arif Enhanced Blocks – Page Builder Blocks for Gutenberg enhanced-blocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Enhanced Blocks – Page Builder Blocks for Gutenberg: from n/a through <= 1.4.1.
CVE-2025-49234MedJun 17, 2025
risk 0.42cvss 6.5epss 0.00
Missing Authorization vulnerability in Deepak anand WP Dummy Content Generator wp-dummy-content-generator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Dummy Content Generator: from n/a through <= 3.4.6.
CVE-2025-48147MedJun 9, 2025
risk 0.42cvss 6.5epss 0.00
Missing Authorization vulnerability in Crypto Cloud CryptoCloud - Crypto Payment Gateway cryptocloud-crypto-payment-gateway allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CryptoCloud - Crypto Payment Gateway: from n/a through <= 2.1.2.
CVE-2025-48139MedJun 9, 2025
risk 0.42cvss 6.5epss 0.00
Missing Authorization vulnerability in relentlo StyleAI relentlosoftware allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects StyleAI: from n/a through <= 1.0.4.
CVE-2023-25997MedJun 6, 2025
risk 0.42cvss 6.5epss 0.00
Missing Authorization vulnerability in SolaPlugins Sola Support Ticket allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Sola Support Ticket: from n/a through 3.17.
CVE-2025-1777MedJun 6, 2025
risk 0.42cvss 6.4epss 0.00
The BM Content Builder plugin for WordPress is vulnerable to unauthorized modification of data to a missing capability check on the 'ux_cb_page_options_save' function in all versions up to, and including, 3.16.2.1. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
CVE-2025-48133MedJun 5, 2025
risk 0.42cvss 6.5epss 0.00
Missing Authorization vulnerability in Uncanny Owl Uncanny Automator uncanny-automator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Uncanny Automator: from n/a through <= 6.4.0.2.
CVE-2025-47585MedJun 2, 2025
risk 0.42cvss 6.5epss 0.00
Missing Authorization vulnerability in magepeopleteam Booking and Rental Manager booking-and-rental-manager-for-woocommerce allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Booking and Rental Manager: from n/a through <= 2.3.8.
CVE-2025-4597MedMay 30, 2025
risk 0.42cvss 6.5epss 0.00
The Woo Slider Pro – Drag Drop Slider Builder For WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the woo_slide_pro_delete_draft_preview AJAX action in all versions up to, and including, 1.12. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary posts.
CVE-2025-48334MedMay 30, 2025
risk 0.42cvss 6.5epss 0.00
Missing Authorization vulnerability in BinaryCarpenter Woo Slider Pro woo-slider-pro-drag-drop-slider-builder-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Woo Slider Pro: from n/a through <= 1.12.
CVE-2025-48275MedMay 23, 2025
risk 0.42cvss 6.5epss 0.00
Missing Authorization vulnerability in dastan800 Visual Header visual-header allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Visual Header: from n/a through <= 1.3.
CVE-2025-48271MedMay 23, 2025
risk 0.42cvss 6.5epss 0.00
Missing Authorization vulnerability in Leadinfo Leadinfo leadinfo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Leadinfo: from n/a through <= 1.1.
CVE-2025-47619MedMay 23, 2025
risk 0.42cvss 6.5epss 0.00
Missing Authorization vulnerability in 6Storage 6Storage Rentals 6storage-rentals allows Path Traversal.This issue affects 6Storage Rentals: from n/a through <= 2.20.2.
CVE-2025-47529MedMay 23, 2025
risk 0.42cvss 6.5epss 0.00
Missing Authorization vulnerability in UX Design Experts Experto CTA Widget – Call To Action, Sticky CTA, Floating Button Plugin experto-cta-widget allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Experto CTA Widget – Call To Action, Sticky CTA, Floating Button Plugin: from n/a through <= 1.1.1.
CVE-2025-43838MedMay 19, 2025
risk 0.42cvss 6.5epss 0.00
Missing Authorization vulnerability in ChoPlugins.com Custom PC Builder Lite for WooCommerce custom-pc-builder-lite-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Custom PC Builder Lite for WooCommerce: from n/a through <= 1.0.1.
CVE-2025-48257MedMay 19, 2025
risk 0.42cvss 6.5epss 0.00
Missing Authorization vulnerability in Projectopia Projectopia projectopia-core allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Projectopia: from n/a through <= 5.1.17.