CWE-862
Missing Authorization
Description
The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-665
CVEs mapped to this weakness (5,549)
page 61 of 278| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-14172 | — | Med | 0.42 | 6.5 | 0.00 | Jan 9, 2026 | The WP Page Permalink Extension plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.5.4. This is due to missing authorization checks on the `cwpp_trigger_flush_rewrite_rules` function hooked to… | |
| CVE-2026-22522 | Med | 0.42 | 6.5 | 0.00 | Jan 8, 2026 | Missing Authorization vulnerability in Munir Kamal Block Slider block-slider allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Block Slider: from n/a through <= 2.2.3. | ||
| CVE-2025-67926 | Med | 0.42 | 6.5 | 0.00 | Jan 8, 2026 | Missing Authorization vulnerability in Shahjahan Jewel Fluent Support fluent-support allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Fluent Support: from n/a through <= 1.10.4. | ||
| CVE-2025-67917 | Med | 0.42 | 6.5 | 0.00 | Jan 8, 2026 | Missing Authorization vulnerability in shinetheme Traveler traveler allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Traveler: from n/a through <= 3.2.6. | ||
| CVE-2025-67913 | Med | 0.42 | 6.5 | 0.00 | Jan 8, 2026 | Missing Authorization vulnerability in Aruba.it Dev Aruba HiSpeed Cache aruba-hispeed-cache allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Aruba HiSpeed Cache: from n/a through < 3.0.3. | ||
| CVE-2025-46434 | Med | 0.42 | 6.5 | 0.00 | Jan 7, 2026 | Missing Authorization vulnerability in POSIMYTH Innovation The Plus Addons for Elementor Pro theplus_elementor_addon allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects The Plus Addons for Elementor Pro: from n/a through < 6.3.7. | ||
| CVE-2025-14901 | Med | 0.42 | 6.5 | 0.00 | Jan 7, 2026 | The Bit Form – Contact Form Plugin plugin for WordPress is vulnerable to unauthorized workflow execution due to missing authorization in the triggerWorkFlow function in all versions up to, and including, 2.21.6. This is due to a logic flaw in the nonce verification where the… | ||
| CVE-2025-14070 | Hig | 0.42 | 7.5 | 0.00 | Jan 7, 2026 | The Reviewify plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'send_test_email' AJAX action in all versions up to, and including, 1.0.7. This makes it possible for authenticated attackers, with Contributor-level… | ||
| CVE-2025-69363 | Med | 0.42 | 6.5 | 0.00 | Jan 6, 2026 | Missing Authorization vulnerability in CyberChimps Responsive Addons for Elementor responsive-addons-for-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Responsive Addons for Elementor: from n/a through <= 2.0.8. | ||
| CVE-2025-5919 | Med | 0.42 | 6.5 | 0.00 | Jan 6, 2026 | The Appointment Booking and Scheduling Calendar Plugin – WP Timetics plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on the update and register_routes functions in all versions up to, and including, 1.0.36.… | ||
| CVE-2025-39561 | Med | 0.42 | 6.5 | 0.00 | Jan 5, 2026 | Missing Authorization vulnerability in Marketing Fire, LLC LoginWP - Pro allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects LoginWP - Pro: from n/a through 4.0.8.5. | ||
| CVE-2025-69024 | Med | 0.42 | 6.5 | 0.00 | Dec 30, 2025 | Missing Authorization vulnerability in bizswoop BizPrint print-google-cloud-print-gcp-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects BizPrint: from n/a through <= 4.6.7. | ||
| CVE-2025-68498 | Med | 0.42 | 6.5 | 0.00 | Dec 30, 2025 | Missing Authorization vulnerability in Crocoblock JetTabs jet-tabs allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JetTabs: from n/a through <= 2.2.12. | ||
| CVE-2025-68503 | Med | 0.42 | 6.5 | 0.00 | Dec 29, 2025 | Missing Authorization vulnerability in Crocoblock JetBlog jet-blog allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JetBlog: from n/a through <= 2.4.7. | ||
| CVE-2025-68569 | Med | 0.42 | 6.5 | 0.00 | Dec 24, 2025 | Missing Authorization vulnerability in codepeople WP Time Slots Booking Form wp-time-slots-booking-form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Time Slots Booking Form: from n/a through <= 1.2.39. | ||
| CVE-2025-68511 | Med | 0.42 | 6.5 | 0.00 | Dec 24, 2025 | Missing Authorization vulnerability in Jegstudio Gutenverse Form gutenverse-form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Gutenverse Form: from n/a through <= 2.3.1. | ||
| CVE-2023-40679 | Med | 0.42 | 6.5 | 0.00 | Dec 24, 2025 | Missing Authorization vulnerability in Jewel Theme Master Addons for Elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Master Addons for Elementor: from n/a through 2.0.5.3. | ||
| CVE-2025-12980 | Hig | 0.42 | 7.5 | 0.00 | Dec 21, 2025 | The Post Grid Gutenberg Blocks for News, Magazines, Blog Websites – PostX plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the '/ultp/v2/get_dynamic_content/' REST API endpoint in all versions up to, and including, 5.0.3.… | ||
| CVE-2025-66058 | Med | 0.42 | 6.5 | 0.00 | Dec 18, 2025 | Missing Authorization vulnerability in PickPlugins Post Grid and Gutenberg Blocks post-grid allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Post Grid and Gutenberg Blocks: from n/a through <= 2.3.17. | ||
| CVE-2025-66104 | Med | 0.42 | 6.5 | 0.00 | Dec 18, 2025 | Missing Authorization vulnerability in Anton Vanyukov Offload, AI & Optimize with Cloudflare Images cf-images allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Offload, AI & Optimize with Cloudflare Images: from n/a through <= 1.9.5. |
- risk 0.42cvss 6.5epss 0.00
The WP Page Permalink Extension plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.5.4. This is due to missing authorization checks on the `cwpp_trigger_flush_rewrite_rules` function hooked to…
- risk 0.42cvss 6.5epss 0.00
Missing Authorization vulnerability in Munir Kamal Block Slider block-slider allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Block Slider: from n/a through <= 2.2.3.
- risk 0.42cvss 6.5epss 0.00
Missing Authorization vulnerability in Shahjahan Jewel Fluent Support fluent-support allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Fluent Support: from n/a through <= 1.10.4.
- risk 0.42cvss 6.5epss 0.00
Missing Authorization vulnerability in shinetheme Traveler traveler allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Traveler: from n/a through <= 3.2.6.
- risk 0.42cvss 6.5epss 0.00
Missing Authorization vulnerability in Aruba.it Dev Aruba HiSpeed Cache aruba-hispeed-cache allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Aruba HiSpeed Cache: from n/a through < 3.0.3.
- risk 0.42cvss 6.5epss 0.00
Missing Authorization vulnerability in POSIMYTH Innovation The Plus Addons for Elementor Pro theplus_elementor_addon allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects The Plus Addons for Elementor Pro: from n/a through < 6.3.7.
- risk 0.42cvss 6.5epss 0.00
The Bit Form – Contact Form Plugin plugin for WordPress is vulnerable to unauthorized workflow execution due to missing authorization in the triggerWorkFlow function in all versions up to, and including, 2.21.6. This is due to a logic flaw in the nonce verification where the…
- risk 0.42cvss 7.5epss 0.00
The Reviewify plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'send_test_email' AJAX action in all versions up to, and including, 1.0.7. This makes it possible for authenticated attackers, with Contributor-level…
- risk 0.42cvss 6.5epss 0.00
Missing Authorization vulnerability in CyberChimps Responsive Addons for Elementor responsive-addons-for-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Responsive Addons for Elementor: from n/a through <= 2.0.8.
- risk 0.42cvss 6.5epss 0.00
The Appointment Booking and Scheduling Calendar Plugin – WP Timetics plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on the update and register_routes functions in all versions up to, and including, 1.0.36.…
- risk 0.42cvss 6.5epss 0.00
Missing Authorization vulnerability in Marketing Fire, LLC LoginWP - Pro allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects LoginWP - Pro: from n/a through 4.0.8.5.
- risk 0.42cvss 6.5epss 0.00
Missing Authorization vulnerability in bizswoop BizPrint print-google-cloud-print-gcp-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects BizPrint: from n/a through <= 4.6.7.
- risk 0.42cvss 6.5epss 0.00
Missing Authorization vulnerability in Crocoblock JetTabs jet-tabs allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JetTabs: from n/a through <= 2.2.12.
- risk 0.42cvss 6.5epss 0.00
Missing Authorization vulnerability in Crocoblock JetBlog jet-blog allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JetBlog: from n/a through <= 2.4.7.
- risk 0.42cvss 6.5epss 0.00
Missing Authorization vulnerability in codepeople WP Time Slots Booking Form wp-time-slots-booking-form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Time Slots Booking Form: from n/a through <= 1.2.39.
- risk 0.42cvss 6.5epss 0.00
Missing Authorization vulnerability in Jegstudio Gutenverse Form gutenverse-form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Gutenverse Form: from n/a through <= 2.3.1.
- risk 0.42cvss 6.5epss 0.00
Missing Authorization vulnerability in Jewel Theme Master Addons for Elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Master Addons for Elementor: from n/a through 2.0.5.3.
- risk 0.42cvss 7.5epss 0.00
The Post Grid Gutenberg Blocks for News, Magazines, Blog Websites – PostX plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the '/ultp/v2/get_dynamic_content/' REST API endpoint in all versions up to, and including, 5.0.3.…
- risk 0.42cvss 6.5epss 0.00
Missing Authorization vulnerability in PickPlugins Post Grid and Gutenberg Blocks post-grid allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Post Grid and Gutenberg Blocks: from n/a through <= 2.3.17.
- risk 0.42cvss 6.5epss 0.00
Missing Authorization vulnerability in Anton Vanyukov Offload, AI & Optimize with Cloudflare Images cf-images allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Offload, AI & Optimize with Cloudflare Images: from n/a through <= 1.9.5.