CWE-862

Missing Authorization

ClassIncompleteLikelihood: High

Description

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

Hierarchy (View 1000)

Parents

CWE-285

Children

Related attack patterns (CAPEC)

CAPEC-665

CVEs mapped to this weakness (4,575)

page 62 of 229

CVE	Sev	Risk	CVSS	EPSS	Published	Description
CVE-2022-46796	Med	0.42	6.5	0.00	Dec 13, 2024	Missing Authorization vulnerability in VillaTheme CURCY allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CURCY: from n/a through 2.1.25.
CVE-2022-46795	Med	0.42	6.5	0.00	Dec 13, 2024	Missing Authorization vulnerability in Tyche Softwares Print Invoice & Delivery Notes for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Print Invoice & Delivery Notes for WooCommerce: from n/a through 4.7.2.
CVE-2022-45840	Med	0.42	6.5	0.00	Dec 13, 2024	Missing Authorization vulnerability in Lucian Apostol Auto Affiliate Links allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Auto Affiliate Links: from n/a through 6.2.1.5.
CVE-2024-54218	Med	0.42	6.5	0.00	Dec 9, 2024	Missing Authorization vulnerability in thehp AIO Contact aio-contact.This issue affects AIO Contact: from n/a through <= 2.8.1.
CVE-2024-54251	Med	0.42	6.5	0.00	Dec 9, 2024	Missing Authorization vulnerability in prodigycommerce Prodigy Commerce prodigy-commerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Prodigy Commerce: from n/a through <= 3.1.2.
CVE-2023-51360	Med	0.42	6.5	0.00	Dec 9, 2024	Missing Authorization vulnerability in WPDeveloper Essential Blocks for Gutenberg essential-blocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Essential Blocks for Gutenberg: from n/a through <= 4.2.0.
CVE-2023-50884	Med	0.42	6.5	0.00	Dec 9, 2024	Missing Authorization vulnerability in LA-Studio LA-Studio Element Kit for Elementor lastudio-element-kit allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LA-Studio Element Kit for Elementor: from n/a through <= 1.1.5.
CVE-2023-49857	Med	0.42	6.5	0.00	Dec 9, 2024	Missing Authorization vulnerability in awesomesupport Awesome Support awesome-support allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Awesome Support: from n/a through <= 6.1.7.
CVE-2023-49848	Med	0.42	6.5	0.00	Dec 9, 2024	Missing Authorization vulnerability in Marc dooder Sharkdropship dropshipping for Aliexpress, eBay, Amazon, etsy woo-aliexpress-dropshipping allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sharkdropship dropshipping for Aliexpress, eBay, Amazon, etsy: from n/a through <= 2.1.1.
CVE-2023-49167	Med	0.42	6.5	0.00	Dec 9, 2024	Missing Authorization vulnerability in code4life Database for CF7 database-for-cf7 allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Database for CF7: from n/a through <= 1.2.4.
CVE-2023-48779	Med	0.42	6.5	0.00	Dec 9, 2024	Missing Authorization vulnerability in 3DWeb 360 Javascript Viewer 360deg-javascript-viewer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects 360 Javascript Viewer: from n/a through <= 1.7.11.
CVE-2023-48274	Med	0.42	6.5	0.01	Dec 9, 2024	Missing Authorization vulnerability in Mondial Relay WooCommerce - WCMultiShipping WCMultiShipping allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WCMultiShipping: from n/a through 2.3.5.
CVE-2023-47826	Med	0.42	6.5	0.00	Dec 9, 2024	Missing Authorization vulnerability in NicheAddons Restaurant & Cafe Addon for Elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Restaurant & Cafe Addon for Elementor: from n/a through 1.5.3.
CVE-2023-47764	Med	0.42	6.5	0.00	Dec 9, 2024	Missing Authorization vulnerability in metaphorcreations Ditty ditty-news-ticker allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ditty: from n/a through <= 3.1.24.
CVE-2023-32299	Med	0.42	6.5	0.01	Dec 9, 2024	Missing Authorization vulnerability in Anzar Ahmed Ni WooCommerce Sales Report ni-woocommerce-sales-report allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ni WooCommerce Sales Report: from n/a through <= 3.7.3.
CVE-2023-30870	Med	0.42	6.5	0.00	Dec 9, 2024	Missing Authorization vulnerability in wooproductimporter Sharkdropship for AliExpress Dropship and Affiliate allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sharkdropship for AliExpress Dropship and Affiliate: from n/a through 2.2.3.
CVE-2023-28689	Med	0.42	6.5	0.00	Dec 9, 2024	Missing Authorization vulnerability in JoomSky JS Job Manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JS Job Manager: from n/a through 2.0.0.
CVE-2023-26522	Med	0.42	6.5	0.00	Dec 9, 2024	Missing Authorization vulnerability in OneWebsite WP Repost allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Repost: from n/a through 0.1.
CVE-2023-25454	Med	0.42	6.5	0.00	Dec 9, 2024	Missing Authorization vulnerability in Nate Reist Protected Posts Logout Button allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Protected Posts Logout Button: from n/a through 1.4.5.
CVE-2023-25035	Med	0.42	6.5	0.00	Dec 9, 2024	Missing Authorization vulnerability in Fullworks Quick Contact Form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Quick Contact Form : from n/a through 8.0.3.1.

CVE-2022-46796MedDec 13, 2024
risk 0.42cvss 6.5epss 0.00
Missing Authorization vulnerability in VillaTheme CURCY allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CURCY: from n/a through 2.1.25.
CVE-2022-46795MedDec 13, 2024
risk 0.42cvss 6.5epss 0.00
Missing Authorization vulnerability in Tyche Softwares Print Invoice & Delivery Notes for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Print Invoice & Delivery Notes for WooCommerce: from n/a through 4.7.2.
CVE-2022-45840MedDec 13, 2024
risk 0.42cvss 6.5epss 0.00
Missing Authorization vulnerability in Lucian Apostol Auto Affiliate Links allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Auto Affiliate Links: from n/a through 6.2.1.5.
CVE-2024-54218MedDec 9, 2024
risk 0.42cvss 6.5epss 0.00
Missing Authorization vulnerability in thehp AIO Contact aio-contact.This issue affects AIO Contact: from n/a through <= 2.8.1.
CVE-2024-54251MedDec 9, 2024
risk 0.42cvss 6.5epss 0.00
Missing Authorization vulnerability in prodigycommerce Prodigy Commerce prodigy-commerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Prodigy Commerce: from n/a through <= 3.1.2.
CVE-2023-51360MedDec 9, 2024
risk 0.42cvss 6.5epss 0.00
Missing Authorization vulnerability in WPDeveloper Essential Blocks for Gutenberg essential-blocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Essential Blocks for Gutenberg: from n/a through <= 4.2.0.
CVE-2023-50884MedDec 9, 2024
risk 0.42cvss 6.5epss 0.00
Missing Authorization vulnerability in LA-Studio LA-Studio Element Kit for Elementor lastudio-element-kit allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LA-Studio Element Kit for Elementor: from n/a through <= 1.1.5.
CVE-2023-49857MedDec 9, 2024
risk 0.42cvss 6.5epss 0.00
Missing Authorization vulnerability in awesomesupport Awesome Support awesome-support allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Awesome Support: from n/a through <= 6.1.7.
CVE-2023-49848MedDec 9, 2024
risk 0.42cvss 6.5epss 0.00
Missing Authorization vulnerability in Marc dooder Sharkdropship dropshipping for Aliexpress, eBay, Amazon, etsy woo-aliexpress-dropshipping allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sharkdropship dropshipping for Aliexpress, eBay, Amazon, etsy: from n/a through <= 2.1.1.
CVE-2023-49167MedDec 9, 2024
risk 0.42cvss 6.5epss 0.00
Missing Authorization vulnerability in code4life Database for CF7 database-for-cf7 allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Database for CF7: from n/a through <= 1.2.4.
CVE-2023-48779MedDec 9, 2024
risk 0.42cvss 6.5epss 0.00
Missing Authorization vulnerability in 3DWeb 360 Javascript Viewer 360deg-javascript-viewer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects 360 Javascript Viewer: from n/a through <= 1.7.11.
CVE-2023-48274MedDec 9, 2024
risk 0.42cvss 6.5epss 0.01
Missing Authorization vulnerability in Mondial Relay WooCommerce - WCMultiShipping WCMultiShipping allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WCMultiShipping: from n/a through 2.3.5.
CVE-2023-47826MedDec 9, 2024
risk 0.42cvss 6.5epss 0.00
Missing Authorization vulnerability in NicheAddons Restaurant & Cafe Addon for Elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Restaurant & Cafe Addon for Elementor: from n/a through 1.5.3.
CVE-2023-47764MedDec 9, 2024
risk 0.42cvss 6.5epss 0.00
Missing Authorization vulnerability in metaphorcreations Ditty ditty-news-ticker allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ditty: from n/a through <= 3.1.24.
CVE-2023-32299MedDec 9, 2024
risk 0.42cvss 6.5epss 0.01
Missing Authorization vulnerability in Anzar Ahmed Ni WooCommerce Sales Report ni-woocommerce-sales-report allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ni WooCommerce Sales Report: from n/a through <= 3.7.3.
CVE-2023-30870MedDec 9, 2024
risk 0.42cvss 6.5epss 0.00
Missing Authorization vulnerability in wooproductimporter Sharkdropship for AliExpress Dropship and Affiliate allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sharkdropship for AliExpress Dropship and Affiliate: from n/a through 2.2.3.
CVE-2023-28689MedDec 9, 2024
risk 0.42cvss 6.5epss 0.00
Missing Authorization vulnerability in JoomSky JS Job Manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JS Job Manager: from n/a through 2.0.0.
CVE-2023-26522MedDec 9, 2024
risk 0.42cvss 6.5epss 0.00
Missing Authorization vulnerability in OneWebsite WP Repost allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Repost: from n/a through 0.1.
CVE-2023-25454MedDec 9, 2024
risk 0.42cvss 6.5epss 0.00
Missing Authorization vulnerability in Nate Reist Protected Posts Logout Button allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Protected Posts Logout Button: from n/a through 1.4.5.
CVE-2023-25035MedDec 9, 2024
risk 0.42cvss 6.5epss 0.00
Missing Authorization vulnerability in Fullworks Quick Contact Form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Quick Contact Form : from n/a through 8.0.3.1.