CWE-862

Missing Authorization

ClassIncompleteLikelihood: High

Description

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

Hierarchy (View 1000)

Parents

CWE-285

Children

Related attack patterns (CAPEC)

CAPEC-665

CVEs mapped to this weakness (4,575)

page 59 of 229

CVE	Sev	Risk	CVSS	EPSS	Published	Description
CVE-2025-23771	Med	0.42	6.5	0.00	Feb 14, 2025	Missing Authorization vulnerability in Murali Push Notification for Post and BuddyPress push-notification-for-post-and-buddypress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Push Notification for Post and BuddyPress: from n/a through <= 2.11.
CVE-2025-23766	Med	0.42	6.5	0.00	Feb 14, 2025	Missing Authorization vulnerability in ashamil OPSI Israel Domestic Shipments woo-ups-pickup allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects OPSI Israel Domestic Shipments: from n/a through <= 2.8.2.
CVE-2025-23534	Med	0.42	6.5	0.00	Feb 14, 2025	Missing Authorization vulnerability in Mark Winiarski WPLingo wplingo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPLingo: from n/a through <= 1.1.2.
CVE-2025-22730	Med	0.42	6.5	0.00	Feb 4, 2025	Missing Authorization vulnerability in ksher thailand Ksher ksher-payment allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ksher: from n/a through <= 1.1.2.
CVE-2024-13529	Med	0.42	6.5	0.00	Feb 4, 2025	The SocialV - Social Network and Community BuddyPress Theme theme for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'socialv_send_download_file' function in all versions up to, and including, 2.0.15. This makes it possible for authenticated attackers, with Subscriber-level access and above, to download arbitrary files from the target system.
CVE-2025-24697	Med	0.42	6.5	0.00	Feb 3, 2025	Missing Authorization vulnerability in Realwebcare Image Gallery – Responsive Photo Gallery awesome-responsive-photo-gallery allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Image Gallery – Responsive Photo Gallery: from n/a through <= 1.0.5.
CVE-2025-24643	Med	0.42	6.5	0.00	Feb 3, 2025	Missing Authorization vulnerability in AmentoTech Private Limited WPGuppy wpguppy-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPGuppy: from n/a through <= 1.1.0.
CVE-2025-24642	Med	0.42	6.5	0.00	Feb 3, 2025	Missing Authorization vulnerability in theme funda Setup Default Featured Image setup-default-feature-image allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Setup Default Featured Image: from n/a through <= 1.2.
CVE-2025-23527	Med	0.42	6.5	0.00	Feb 3, 2025	Missing Authorization vulnerability in hemnathmouli WC Wallet wc-wallet allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WC Wallet: from n/a through <= 2.2.0.
CVE-2025-22265	Med	0.42	6.5	0.00	Jan 31, 2025	Missing Authorization vulnerability in mgplugin EMI Calculator emi-calculator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects EMI Calculator: from n/a through <= 1.1.
CVE-2025-24143	Med	0.42	6.5	0.00	Jan 27, 2025	The issue was addressed with improved access restrictions to the file system. This issue is fixed in Safari 18.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, visionOS 2.3. A maliciously crafted webpage may be able to fingerprint the user.
CVE-2025-24606	Med	0.42	6.4	0.00	Jan 27, 2025	Missing Authorization vulnerability in BoldGrid Client Invoicing by Sprout Invoices sprout-invoices allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Client Invoicing by Sprout Invoices: from n/a through <= 20.8.1.
CVE-2025-23656	Med	0.42	6.5	0.00	Jan 27, 2025	Missing Authorization vulnerability in Saul Morales Pacheco Donate visa donate-visa allows Stored XSS.This issue affects Donate visa: from n/a through <= 1.0.0.
CVE-2025-23529	Med	0.42	6.5	0.00	Jan 27, 2025	Missing Authorization vulnerability in blokhauswp Minterpress minterpress allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Minterpress: from n/a through <= 1.0.5.
CVE-2024-13370	Med	0.42	6.5	0.00	Jan 25, 2025	The Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the save_addon_key_license() function in all versions up to, and including, 1.3.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update arbitrary options to a value of a valid license key.
CVE-2025-24594	Med	0.42	6.5	0.00	Jan 24, 2025	Missing Authorization vulnerability in aribhour Linet ERP-Woocommerce Integration linet-erp-woocommerce-integration allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Linet ERP-Woocommerce Integration: from n/a through <= 3.5.7.
CVE-2025-24588	Med	0.42	6.5	0.00	Jan 24, 2025	Missing Authorization vulnerability in patreon Patreon WordPress patreon-connect allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Patreon WordPress: from n/a through <= 1.9.1.
CVE-2025-24580	Med	0.42	6.5	0.00	Jan 24, 2025	Missing Authorization vulnerability in AA Web Servant 12 Step Meeting List 12-step-meeting-list allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects 12 Step Meeting List: from n/a through <= 3.16.5.
CVE-2025-23486	Med	0.42	6.5	0.00	Jan 22, 2025	Missing Authorization vulnerability in tamlyn Database Sync database-sync allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Database Sync: from n/a through <= 0.5.1.
CVE-2024-13367	Med	0.42	6.5	0.01	Jan 17, 2025	The Sandbox plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the export_download action in all versions up to, and including, 0.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to download an entire copy of a sandbox environment which can contain sensitive information like the wp-config.php file.

CVE-2025-23771MedFeb 14, 2025
risk 0.42cvss 6.5epss 0.00
Missing Authorization vulnerability in Murali Push Notification for Post and BuddyPress push-notification-for-post-and-buddypress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Push Notification for Post and BuddyPress: from n/a through <= 2.11.
CVE-2025-23766MedFeb 14, 2025
risk 0.42cvss 6.5epss 0.00
Missing Authorization vulnerability in ashamil OPSI Israel Domestic Shipments woo-ups-pickup allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects OPSI Israel Domestic Shipments: from n/a through <= 2.8.2.
CVE-2025-23534MedFeb 14, 2025
risk 0.42cvss 6.5epss 0.00
Missing Authorization vulnerability in Mark Winiarski WPLingo wplingo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPLingo: from n/a through <= 1.1.2.
CVE-2025-22730MedFeb 4, 2025
risk 0.42cvss 6.5epss 0.00
Missing Authorization vulnerability in ksher thailand Ksher ksher-payment allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ksher: from n/a through <= 1.1.2.
CVE-2024-13529MedFeb 4, 2025
risk 0.42cvss 6.5epss 0.00
The SocialV - Social Network and Community BuddyPress Theme theme for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'socialv_send_download_file' function in all versions up to, and including, 2.0.15. This makes it possible for authenticated attackers, with Subscriber-level access and above, to download arbitrary files from the target system.
CVE-2025-24697MedFeb 3, 2025
risk 0.42cvss 6.5epss 0.00
Missing Authorization vulnerability in Realwebcare Image Gallery – Responsive Photo Gallery awesome-responsive-photo-gallery allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Image Gallery – Responsive Photo Gallery: from n/a through <= 1.0.5.
CVE-2025-24643MedFeb 3, 2025
risk 0.42cvss 6.5epss 0.00
Missing Authorization vulnerability in AmentoTech Private Limited WPGuppy wpguppy-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPGuppy: from n/a through <= 1.1.0.
CVE-2025-24642MedFeb 3, 2025
risk 0.42cvss 6.5epss 0.00
Missing Authorization vulnerability in theme funda Setup Default Featured Image setup-default-feature-image allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Setup Default Featured Image: from n/a through <= 1.2.
CVE-2025-23527MedFeb 3, 2025
risk 0.42cvss 6.5epss 0.00
Missing Authorization vulnerability in hemnathmouli WC Wallet wc-wallet allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WC Wallet: from n/a through <= 2.2.0.
CVE-2025-22265MedJan 31, 2025
risk 0.42cvss 6.5epss 0.00
Missing Authorization vulnerability in mgplugin EMI Calculator emi-calculator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects EMI Calculator: from n/a through <= 1.1.
CVE-2025-24143MedJan 27, 2025
risk 0.42cvss 6.5epss 0.00
The issue was addressed with improved access restrictions to the file system. This issue is fixed in Safari 18.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, visionOS 2.3. A maliciously crafted webpage may be able to fingerprint the user.
CVE-2025-24606MedJan 27, 2025
risk 0.42cvss 6.4epss 0.00
Missing Authorization vulnerability in BoldGrid Client Invoicing by Sprout Invoices sprout-invoices allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Client Invoicing by Sprout Invoices: from n/a through <= 20.8.1.
CVE-2025-23656MedJan 27, 2025
risk 0.42cvss 6.5epss 0.00
Missing Authorization vulnerability in Saul Morales Pacheco Donate visa donate-visa allows Stored XSS.This issue affects Donate visa: from n/a through <= 1.0.0.
CVE-2025-23529MedJan 27, 2025
risk 0.42cvss 6.5epss 0.00
Missing Authorization vulnerability in blokhauswp Minterpress minterpress allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Minterpress: from n/a through <= 1.0.5.
CVE-2024-13370MedJan 25, 2025
risk 0.42cvss 6.5epss 0.00
The Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the save_addon_key_license() function in all versions up to, and including, 1.3.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update arbitrary options to a value of a valid license key.
CVE-2025-24594MedJan 24, 2025
risk 0.42cvss 6.5epss 0.00
Missing Authorization vulnerability in aribhour Linet ERP-Woocommerce Integration linet-erp-woocommerce-integration allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Linet ERP-Woocommerce Integration: from n/a through <= 3.5.7.
CVE-2025-24588MedJan 24, 2025
risk 0.42cvss 6.5epss 0.00
Missing Authorization vulnerability in patreon Patreon WordPress patreon-connect allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Patreon WordPress: from n/a through <= 1.9.1.
CVE-2025-24580MedJan 24, 2025
risk 0.42cvss 6.5epss 0.00
Missing Authorization vulnerability in AA Web Servant 12 Step Meeting List 12-step-meeting-list allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects 12 Step Meeting List: from n/a through <= 3.16.5.
CVE-2025-23486MedJan 22, 2025
risk 0.42cvss 6.5epss 0.00
Missing Authorization vulnerability in tamlyn Database Sync database-sync allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Database Sync: from n/a through <= 0.5.1.
CVE-2024-13367MedJan 17, 2025
risk 0.42cvss 6.5epss 0.01
The Sandbox plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the export_download action in all versions up to, and including, 0.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to download an entire copy of a sandbox environment which can contain sensitive information like the wp-config.php file.