CWE-862
Missing Authorization
Description
The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-665
CVEs mapped to this weakness (5,549)
page 68 of 278| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-32210 | Med | 0.42 | 6.5 | 0.00 | Apr 10, 2025 | Missing Authorization vulnerability in CreativeMindsSolutions CM Registration and Invitation Codes cm-invitation-codes allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CM Registration and Invitation Codes: from n/a through <= 2.5.6. | ||
| CVE-2025-32208 | Med | 0.42 | 6.5 | 0.00 | Apr 10, 2025 | Missing Authorization vulnerability in Hive Support Hive Support hive-support allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Hive Support: from n/a through <= 1.2.5. | ||
| CVE-2025-2719 | Med | 0.42 | 6.5 | 0.00 | Apr 10, 2025 | The Swatchly – WooCommerce Variation Swatches for Products (product attributes: Image swatch, Color swatches, Label swatches) plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_dismiss function in versions… | ||
| CVE-2025-31381 | Med | 0.42 | 6.5 | 0.00 | Apr 4, 2025 | Missing Authorization vulnerability in shiptrack Booking Calendar and Notification booking-calendar-and-notification allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Booking Calendar and Notification: from n/a through <= 4.0.3. | ||
| CVE-2025-22285 | Med | 0.42 | 6.5 | 0.00 | Apr 4, 2025 | Missing Authorization vulnerability in enituretechnology Pallet Packaging for WooCommerce pallet-packaging-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Pallet Packaging for WooCommerce: from n/a through <= 1.1.15. | ||
| CVE-2025-31896 | Med | 0.42 | 6.5 | 0.00 | Apr 3, 2025 | Missing Authorization vulnerability in istmoplugins GetBookingsWP get-bookings-wp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GetBookingsWP: from n/a through <= 1.1.27. | ||
| CVE-2025-31858 | Med | 0.42 | 6.5 | 0.00 | Apr 3, 2025 | Missing Authorization vulnerability in matthewrubin Local Magic local-magic allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Local Magic: from n/a through <= 2.9.0. | ||
| CVE-2025-31795 | Med | 0.42 | 6.5 | 0.00 | Apr 3, 2025 | Missing Authorization vulnerability in Plugin Devs Shopify to WooCommerce Migration migrate-shopify-to-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Shopify to WooCommerce Migration: from n/a through <= 1.3.0. | ||
| CVE-2025-31789 | Med | 0.42 | 6.5 | 0.00 | Apr 3, 2025 | Missing Authorization vulnerability in Matat Technologies TextMe SMS textme-sms-integration allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects TextMe SMS: from n/a through <= 1.9.1. | ||
| CVE-2025-31768 | Med | 0.42 | 6.5 | 0.00 | Apr 3, 2025 | Missing Authorization vulnerability in OTWthemes Widget Manager Light widget-manager-light allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Widget Manager Light: from n/a through <= 1.18. | ||
| CVE-2025-31758 | Med | 0.42 | 6.5 | 0.00 | Apr 3, 2025 | Missing Authorization vulnerability in BinaryCarpenter Free Woocommerce Product Table View free-product-table-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Free Woocommerce Product Table View: from n/a through <= 1.78. | ||
| CVE-2025-31746 | Med | 0.42 | 6.4 | 0.00 | Apr 3, 2025 | Missing Authorization vulnerability in Think201 Clients clients allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Clients: from n/a through <= 1.1.4. | ||
| CVE-2025-31739 | Med | 0.42 | 6.4 | 0.00 | Apr 3, 2025 | Missing Authorization vulnerability in Manuel Schmalstieg Minimalistic Event Manager minimalistic-event-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Minimalistic Event Manager: from n/a through <= 1.1.1. | ||
| CVE-2025-31736 | Med | 0.42 | 6.5 | 0.00 | Apr 3, 2025 | Missing Authorization vulnerability in richtexteditor Rich Text Editor richtexteditor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Rich Text Editor: from n/a through <= 1.0.1. | ||
| CVE-2025-31729 | Med | 0.42 | 6.5 | 0.00 | Apr 3, 2025 | Missing Authorization vulnerability in jeffikus WooTumblog woo-tumblog allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WooTumblog: from n/a through <= 2.1.4. | ||
| CVE-2025-31581 | Med | 0.42 | 6.5 | 0.00 | Apr 3, 2025 | Missing Authorization vulnerability in Sandeep Kumar WP Video Playlist wp-video-playlist allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Video Playlist: from n/a through <= 1.1.2. | ||
| CVE-2025-31541 | Med | 0.42 | 6.5 | 0.00 | Apr 3, 2025 | Missing Authorization vulnerability in TuriTop TuriTop Booking System turitop-booking-system allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects TuriTop Booking System: from n/a through <= 1.0.10. | ||
| CVE-2025-30916 | Med | 0.42 | 6.5 | 0.00 | Apr 3, 2025 | Missing Authorization vulnerability in enituretechnology Residential Address Detection residential-address-detection allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Residential Address Detection: from n/a through <= 2.5.4. | ||
| CVE-2025-30915 | Med | 0.42 | 6.5 | 0.00 | Apr 3, 2025 | Missing Authorization vulnerability in enituretechnology Small Package Quotes – Worldwide Express Edition small-package-quotes-wwe-edition allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Small Package Quotes – Worldwide Express… | ||
| CVE-2024-13637 | Med | 0.42 | 6.5 | 0.00 | Apr 2, 2025 | The Demo Awesome plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the install_plugin function in all versions up to, and including, 1.0.3. This makes it possible for authenticated attackers, with Subscriber-level access… |
- risk 0.42cvss 6.5epss 0.00
Missing Authorization vulnerability in CreativeMindsSolutions CM Registration and Invitation Codes cm-invitation-codes allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CM Registration and Invitation Codes: from n/a through <= 2.5.6.
- risk 0.42cvss 6.5epss 0.00
Missing Authorization vulnerability in Hive Support Hive Support hive-support allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Hive Support: from n/a through <= 1.2.5.
- risk 0.42cvss 6.5epss 0.00
The Swatchly – WooCommerce Variation Swatches for Products (product attributes: Image swatch, Color swatches, Label swatches) plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_dismiss function in versions…
- risk 0.42cvss 6.5epss 0.00
Missing Authorization vulnerability in shiptrack Booking Calendar and Notification booking-calendar-and-notification allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Booking Calendar and Notification: from n/a through <= 4.0.3.
- risk 0.42cvss 6.5epss 0.00
Missing Authorization vulnerability in enituretechnology Pallet Packaging for WooCommerce pallet-packaging-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Pallet Packaging for WooCommerce: from n/a through <= 1.1.15.
- risk 0.42cvss 6.5epss 0.00
Missing Authorization vulnerability in istmoplugins GetBookingsWP get-bookings-wp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GetBookingsWP: from n/a through <= 1.1.27.
- risk 0.42cvss 6.5epss 0.00
Missing Authorization vulnerability in matthewrubin Local Magic local-magic allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Local Magic: from n/a through <= 2.9.0.
- risk 0.42cvss 6.5epss 0.00
Missing Authorization vulnerability in Plugin Devs Shopify to WooCommerce Migration migrate-shopify-to-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Shopify to WooCommerce Migration: from n/a through <= 1.3.0.
- risk 0.42cvss 6.5epss 0.00
Missing Authorization vulnerability in Matat Technologies TextMe SMS textme-sms-integration allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects TextMe SMS: from n/a through <= 1.9.1.
- risk 0.42cvss 6.5epss 0.00
Missing Authorization vulnerability in OTWthemes Widget Manager Light widget-manager-light allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Widget Manager Light: from n/a through <= 1.18.
- risk 0.42cvss 6.5epss 0.00
Missing Authorization vulnerability in BinaryCarpenter Free Woocommerce Product Table View free-product-table-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Free Woocommerce Product Table View: from n/a through <= 1.78.
- risk 0.42cvss 6.4epss 0.00
Missing Authorization vulnerability in Think201 Clients clients allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Clients: from n/a through <= 1.1.4.
- risk 0.42cvss 6.4epss 0.00
Missing Authorization vulnerability in Manuel Schmalstieg Minimalistic Event Manager minimalistic-event-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Minimalistic Event Manager: from n/a through <= 1.1.1.
- risk 0.42cvss 6.5epss 0.00
Missing Authorization vulnerability in richtexteditor Rich Text Editor richtexteditor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Rich Text Editor: from n/a through <= 1.0.1.
- risk 0.42cvss 6.5epss 0.00
Missing Authorization vulnerability in jeffikus WooTumblog woo-tumblog allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WooTumblog: from n/a through <= 2.1.4.
- risk 0.42cvss 6.5epss 0.00
Missing Authorization vulnerability in Sandeep Kumar WP Video Playlist wp-video-playlist allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Video Playlist: from n/a through <= 1.1.2.
- risk 0.42cvss 6.5epss 0.00
Missing Authorization vulnerability in TuriTop TuriTop Booking System turitop-booking-system allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects TuriTop Booking System: from n/a through <= 1.0.10.
- risk 0.42cvss 6.5epss 0.00
Missing Authorization vulnerability in enituretechnology Residential Address Detection residential-address-detection allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Residential Address Detection: from n/a through <= 2.5.4.
- risk 0.42cvss 6.5epss 0.00
Missing Authorization vulnerability in enituretechnology Small Package Quotes – Worldwide Express Edition small-package-quotes-wwe-edition allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Small Package Quotes – Worldwide Express…
- risk 0.42cvss 6.5epss 0.00
The Demo Awesome plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the install_plugin function in all versions up to, and including, 1.0.3. This makes it possible for authenticated attackers, with Subscriber-level access…