CWE-862

Missing Authorization

ClassIncompleteLikelihood: High

Description

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

Hierarchy (View 1000)

Parents

CWE-285

Children

Related attack patterns (CAPEC)

CAPEC-665

CVEs mapped to this weakness (4,575)

page 56 of 229

CVE	Sev	Risk	CVSS	Published	Description
CVE-2025-48242	Med	0.42	6.5	May 19, 2025	Missing Authorization vulnerability in wpWax Legal Pages legal-pages allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Legal Pages: from n/a through <= 1.4.5.
CVE-2025-48127	Med	0.42	6.5	May 16, 2025	Missing Authorization vulnerability in App Cheap Push notification for Mobile and Web app push-notification-mobile-and-web-app allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Push notification for Mobile and Web app: from n/a through <= 2.0.3.
CVE-2025-46745	Med	0.42	6.5	May 12, 2025	An authenticated user without user-management permissions could view other users account information.
CVE-2025-39559	Med	0.42	6.5	Apr 17, 2025	Missing Authorization vulnerability in Eivin Landa Bring Fraktguiden for WooCommerce bring-fraktguiden-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Bring Fraktguiden for WooCommerce: from n/a through <= 1.11.4.
CVE-2025-39554	Med	0.42	6.5	Apr 17, 2025	Missing Authorization vulnerability in Elliot Sowersby / RelyWP AI Text to Speech ai-text-to-speech allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AI Text to Speech: from n/a through <= 3.0.3.
CVE-2025-27310	Med	0.42	6.5	Apr 17, 2025	Missing Authorization vulnerability in Radius of Thought Page and Post Lister page-and-post-lister allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Page and Post Lister: from n/a through <= 1.2.1.
CVE-2025-24737	Med	0.42	6.5	Apr 17, 2025	Missing Authorization vulnerability in Mat Bao Corporation WP Helper Premium wp-helper-lite allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WP Helper Premium: from n/a through <= 4.6.1.
CVE-2025-24583	Med	0.42	6.5	Apr 17, 2025	Missing Authorization vulnerability in AA Web Servant 12 Step Meeting List 12-step-meeting-list allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects 12 Step Meeting List: from n/a through <= 3.16.5.
CVE-2025-24581	Med	0.42	6.5	Apr 17, 2025	Missing Authorization vulnerability in Themefic Instantio instantio allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Instantio: from n/a through <= 3.3.7.
CVE-2025-24577	Med	0.42	6.5	Apr 17, 2025	Missing Authorization vulnerability in Ays Pro Poll Maker poll-maker allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Poll Maker: from n/a through <= 5.5.0.
CVE-2025-23958	Med	0.42	6.5	Apr 17, 2025	Missing Authorization vulnerability in FADI MED Editor Wysiwyg Background Color editor-wysiwyg-background-color allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Editor Wysiwyg Background Color: from n/a through <= 1.0.
CVE-2025-23906	Med	0.42	6.5	Apr 17, 2025	Missing Authorization vulnerability in wpseek WordPress Dashboard Tweeter allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WordPress Dashboard Tweeter: from n/a through 1.3.2.
CVE-2025-23773	Med	0.42	6.5	Apr 17, 2025	Missing Authorization vulnerability in mingocommerce Delete All Posts allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Delete All Posts: through 1.1.1.
CVE-2025-32244	Med	0.42	6.5	Apr 10, 2025	Missing Authorization vulnerability in QuantumCloud SEO Help seo-help allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SEO Help: from n/a through <= 6.7.9.
CVE-2025-32243	Med	0.42	6.5	Apr 10, 2025	Missing Authorization vulnerability in Toast Plugins Internal Link Optimiser internal-link-finder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Internal Link Optimiser: from n/a through <= 5.1.2.
CVE-2025-32242	Med	0.42	6.5	Apr 10, 2025	Missing Authorization vulnerability in Hive Support Hive Support hive-support allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Hive Support: from n/a through <= 1.2.5.
CVE-2025-32240	Med	0.42	6.5	Apr 10, 2025	Missing Authorization vulnerability in wpvsingh Site Notify site-notify allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Site Notify: from n/a through <= 1.0.
CVE-2025-32216	Med	0.42	6.4	Apr 10, 2025	Missing Authorization vulnerability in Spider Themes Spider Elements spider-elements allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Spider Elements: from n/a through <= 1.6.6.
CVE-2025-32213	Med	0.42	6.5	Apr 10, 2025	Missing Authorization vulnerability in flothemesplugins Flo Forms flo-forms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Flo Forms: from n/a through <= 1.0.43.
CVE-2025-32212	Med	0.42	6.5	Apr 10, 2025	Missing Authorization vulnerability in Specia Theme Specia Companion specia-companion allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Specia Companion: from n/a through <= 6.3.

CVE-2025-48242MedMay 19, 2025
risk 0.42cvss 6.5epss 0.00
Missing Authorization vulnerability in wpWax Legal Pages legal-pages allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Legal Pages: from n/a through <= 1.4.5.
CVE-2025-48127MedMay 16, 2025
risk 0.42cvss 6.5epss 0.00
Missing Authorization vulnerability in App Cheap Push notification for Mobile and Web app push-notification-mobile-and-web-app allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Push notification for Mobile and Web app: from n/a through <= 2.0.3.
CVE-2025-46745MedMay 12, 2025
risk 0.42cvss 6.5epss 0.00
An authenticated user without user-management permissions could view other users account information.
CVE-2025-39559MedApr 17, 2025
risk 0.42cvss 6.5epss 0.00
Missing Authorization vulnerability in Eivin Landa Bring Fraktguiden for WooCommerce bring-fraktguiden-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Bring Fraktguiden for WooCommerce: from n/a through <= 1.11.4.
CVE-2025-39554MedApr 17, 2025
risk 0.42cvss 6.5epss 0.00
Missing Authorization vulnerability in Elliot Sowersby / RelyWP AI Text to Speech ai-text-to-speech allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AI Text to Speech: from n/a through <= 3.0.3.
CVE-2025-27310MedApr 17, 2025
risk 0.42cvss 6.5epss 0.00
Missing Authorization vulnerability in Radius of Thought Page and Post Lister page-and-post-lister allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Page and Post Lister: from n/a through <= 1.2.1.
CVE-2025-24737MedApr 17, 2025
risk 0.42cvss 6.5epss 0.00
Missing Authorization vulnerability in Mat Bao Corporation WP Helper Premium wp-helper-lite allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WP Helper Premium: from n/a through <= 4.6.1.
CVE-2025-24583MedApr 17, 2025
risk 0.42cvss 6.5epss 0.00
Missing Authorization vulnerability in AA Web Servant 12 Step Meeting List 12-step-meeting-list allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects 12 Step Meeting List: from n/a through <= 3.16.5.
CVE-2025-24581MedApr 17, 2025
risk 0.42cvss 6.5epss 0.00
Missing Authorization vulnerability in Themefic Instantio instantio allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Instantio: from n/a through <= 3.3.7.
CVE-2025-24577MedApr 17, 2025
risk 0.42cvss 6.5epss 0.00
Missing Authorization vulnerability in Ays Pro Poll Maker poll-maker allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Poll Maker: from n/a through <= 5.5.0.
CVE-2025-23958MedApr 17, 2025
risk 0.42cvss 6.5epss 0.00
Missing Authorization vulnerability in FADI MED Editor Wysiwyg Background Color editor-wysiwyg-background-color allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Editor Wysiwyg Background Color: from n/a through <= 1.0.
CVE-2025-23906MedApr 17, 2025
risk 0.42cvss 6.5epss 0.00
Missing Authorization vulnerability in wpseek WordPress Dashboard Tweeter allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WordPress Dashboard Tweeter: from n/a through 1.3.2.
CVE-2025-23773MedApr 17, 2025
risk 0.42cvss 6.5epss 0.00
Missing Authorization vulnerability in mingocommerce Delete All Posts allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Delete All Posts: through 1.1.1.
CVE-2025-32244MedApr 10, 2025
risk 0.42cvss 6.5epss 0.00
Missing Authorization vulnerability in QuantumCloud SEO Help seo-help allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SEO Help: from n/a through <= 6.7.9.
CVE-2025-32243MedApr 10, 2025
risk 0.42cvss 6.5epss 0.00
Missing Authorization vulnerability in Toast Plugins Internal Link Optimiser internal-link-finder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Internal Link Optimiser: from n/a through <= 5.1.2.
CVE-2025-32242MedApr 10, 2025
risk 0.42cvss 6.5epss 0.00
Missing Authorization vulnerability in Hive Support Hive Support hive-support allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Hive Support: from n/a through <= 1.2.5.
CVE-2025-32240MedApr 10, 2025
risk 0.42cvss 6.5epss 0.00
Missing Authorization vulnerability in wpvsingh Site Notify site-notify allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Site Notify: from n/a through <= 1.0.
CVE-2025-32216MedApr 10, 2025
risk 0.42cvss 6.4epss 0.00
Missing Authorization vulnerability in Spider Themes Spider Elements spider-elements allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Spider Elements: from n/a through <= 1.6.6.
CVE-2025-32213MedApr 10, 2025
risk 0.42cvss 6.5epss 0.00
Missing Authorization vulnerability in flothemesplugins Flo Forms flo-forms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Flo Forms: from n/a through <= 1.0.43.
CVE-2025-32212MedApr 10, 2025
risk 0.42cvss 6.5epss 0.00
Missing Authorization vulnerability in Specia Theme Specia Companion specia-companion allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Specia Companion: from n/a through <= 6.3.