CWE-862
Missing Authorization
Description
The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-665
CVEs mapped to this weakness (5,549)
page 69 of 278| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-2779 | Med | 0.42 | 6.5 | 0.00 | Apr 2, 2025 | The Insert Headers and Footers Code – HT Script plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_dismiss function in all versions up to, and including, 1.1.2. This makes it possible for authenticated… | ||
| CVE-2025-31780 | Med | 0.42 | 6.5 | 0.00 | Apr 1, 2025 | Missing Authorization vulnerability in Andy Stratton Append Content append-content allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Append Content: from n/a through <= 2.1.1. | ||
| CVE-2025-31539 | Med | 0.42 | 6.5 | 0.00 | Mar 31, 2025 | Missing Authorization vulnerability in Blocksera Cryptocurrency Widgets Pack cryptocurrency-widgets-pack allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Cryptocurrency Widgets Pack: from n/a through <= 2.0.1. | ||
| CVE-2025-22670 | Med | 0.42 | 6.5 | 0.00 | Mar 27, 2025 | Missing Authorization vulnerability in e4jvikwp VikBooking Hotel Booking Engine & PMS vikbooking allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects VikBooking Hotel Booking Engine & PMS: from n/a through <= 1.7.2. | ||
| CVE-2025-22668 | Med | 0.42 | 6.5 | 0.00 | Mar 27, 2025 | Missing Authorization vulnerability in AwesomeTOGI Awesome Event Booking awesome-event-booking allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Awesome Event Booking: from n/a through <= 2.7.2. | ||
| CVE-2025-2267 | Med | 0.42 | 6.5 | 0.00 | Mar 15, 2025 | The WP01 plugin for WordPress is vulnerable to Arbitrary File Download in all versions up to, and including, 2.6.2 due to a missing capability check and insufficient restrictions on the make_archive() function. This makes it possible for authenticated attackers, with… | ||
| CVE-2025-0954 | Med | 0.42 | 6.5 | 0.00 | Mar 5, 2025 | The WP Online Contract plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the json_import() and json_export() functions in all versions up to, and including, 5.1.4. This makes it possible for unauthenticated attackers to import and… | ||
| CVE-2024-13780 | Med | 0.42 | 6.5 | 0.00 | Mar 5, 2025 | The Hero Mega Menu - Responsive WordPress Menu Plugin plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the hmenu_delete_menu() function in all versions up to, and including, 1.16.5. This makes it possible for… | ||
| CVE-2025-23763 | Med | 0.42 | 6.5 | 0.01 | Mar 3, 2025 | Missing Authorization vulnerability in Alex Volkov WAH Forms allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WAH Forms: from n/a through 1.0. | ||
| CVE-2025-23615 | Med | 0.42 | 6.5 | 0.01 | Mar 3, 2025 | Missing Authorization vulnerability in gtekelis Interactive Page Hierarchy interactive-page-hierarchy allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Interactive Page Hierarchy: from n/a through <= 1.0.1. | ||
| CVE-2025-23613 | Med | 0.42 | 6.5 | 0.01 | Mar 3, 2025 | Missing Authorization vulnerability in mediabeta WP Journal wpjournal allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Journal: from n/a through <= 1.1. | ||
| CVE-2025-23515 | Med | 0.42 | 6.5 | 0.00 | Mar 3, 2025 | Missing Authorization vulnerability in tsecher ts-tree ts-tree allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ts-tree: from n/a through <= 0.1.1. | ||
| CVE-2024-13746 | Med | 0.42 | 6.5 | 0.00 | Mar 1, 2025 | The Booking Calendar and Notification plugin for WordPress is vulnerable to unauthorized access, modification, and loss of data due to missing capability checks on the wpcb_all_bookings(), wpcb_update_booking_post(), and wpcb_delete_posts() functions in all versions up to, and… | ||
| CVE-2025-26883 | Med | 0.42 | 6.5 | 0.00 | Feb 24, 2025 | Missing Authorization vulnerability in bPlugins Animated Text Block animated-text-block allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Animated Text Block: from n/a through <= 1.0.7. | ||
| CVE-2025-26764 | Med | 0.42 | 6.5 | 0.00 | Feb 22, 2025 | Missing Authorization vulnerability in enituretechnology Distance Based Shipping Calculator distance-based-shipping-calculator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Distance Based Shipping Calculator: from n/a through <=… | ||
| CVE-2025-26750 | Med | 0.42 | 6.5 | 0.00 | Feb 22, 2025 | Missing Authorization vulnerability in appsbd Vitepos vitepos-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Vitepos: from n/a through <= 3.1.3. | ||
| CVE-2024-37363 | Med | 0.42 | 6.5 | 0.00 | Feb 20, 2025 | The product does not perform an authorization check when an actor attempts to access a resource or perform an action. (CWE-862) Hitachi Vantara Pentaho Business Analytics Server versions before 10.2.0.0 and 9.3.0.8, including 8.3.x, do not correctly perform an… | ||
| CVE-2025-22289 | Med | 0.42 | 6.5 | 0.00 | Feb 16, 2025 | Missing Authorization vulnerability in enituretechnology LTL Freight Quotes – Unishippers Edition ltl-freight-quotes-unishippers-edition allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LTL Freight Quotes – Unishippers Edition: from… | ||
| CVE-2025-23771 | Med | 0.42 | 6.5 | 0.00 | Feb 14, 2025 | Missing Authorization vulnerability in Murali Push Notification for Post and BuddyPress push-notification-for-post-and-buddypress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Push Notification for Post and BuddyPress: from n/a… | ||
| CVE-2025-23766 | Med | 0.42 | 6.5 | 0.00 | Feb 14, 2025 | Missing Authorization vulnerability in ashamil OPSI Israel Domestic Shipments woo-ups-pickup allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects OPSI Israel Domestic Shipments: from n/a through <= 2.8.2. |
- risk 0.42cvss 6.5epss 0.00
The Insert Headers and Footers Code – HT Script plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_dismiss function in all versions up to, and including, 1.1.2. This makes it possible for authenticated…
- risk 0.42cvss 6.5epss 0.00
Missing Authorization vulnerability in Andy Stratton Append Content append-content allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Append Content: from n/a through <= 2.1.1.
- risk 0.42cvss 6.5epss 0.00
Missing Authorization vulnerability in Blocksera Cryptocurrency Widgets Pack cryptocurrency-widgets-pack allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Cryptocurrency Widgets Pack: from n/a through <= 2.0.1.
- risk 0.42cvss 6.5epss 0.00
Missing Authorization vulnerability in e4jvikwp VikBooking Hotel Booking Engine & PMS vikbooking allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects VikBooking Hotel Booking Engine & PMS: from n/a through <= 1.7.2.
- risk 0.42cvss 6.5epss 0.00
Missing Authorization vulnerability in AwesomeTOGI Awesome Event Booking awesome-event-booking allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Awesome Event Booking: from n/a through <= 2.7.2.
- risk 0.42cvss 6.5epss 0.00
The WP01 plugin for WordPress is vulnerable to Arbitrary File Download in all versions up to, and including, 2.6.2 due to a missing capability check and insufficient restrictions on the make_archive() function. This makes it possible for authenticated attackers, with…
- risk 0.42cvss 6.5epss 0.00
The WP Online Contract plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the json_import() and json_export() functions in all versions up to, and including, 5.1.4. This makes it possible for unauthenticated attackers to import and…
- risk 0.42cvss 6.5epss 0.00
The Hero Mega Menu - Responsive WordPress Menu Plugin plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the hmenu_delete_menu() function in all versions up to, and including, 1.16.5. This makes it possible for…
- risk 0.42cvss 6.5epss 0.01
Missing Authorization vulnerability in Alex Volkov WAH Forms allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WAH Forms: from n/a through 1.0.
- risk 0.42cvss 6.5epss 0.01
Missing Authorization vulnerability in gtekelis Interactive Page Hierarchy interactive-page-hierarchy allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Interactive Page Hierarchy: from n/a through <= 1.0.1.
- risk 0.42cvss 6.5epss 0.01
Missing Authorization vulnerability in mediabeta WP Journal wpjournal allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Journal: from n/a through <= 1.1.
- risk 0.42cvss 6.5epss 0.00
Missing Authorization vulnerability in tsecher ts-tree ts-tree allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ts-tree: from n/a through <= 0.1.1.
- risk 0.42cvss 6.5epss 0.00
The Booking Calendar and Notification plugin for WordPress is vulnerable to unauthorized access, modification, and loss of data due to missing capability checks on the wpcb_all_bookings(), wpcb_update_booking_post(), and wpcb_delete_posts() functions in all versions up to, and…
- risk 0.42cvss 6.5epss 0.00
Missing Authorization vulnerability in bPlugins Animated Text Block animated-text-block allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Animated Text Block: from n/a through <= 1.0.7.
- risk 0.42cvss 6.5epss 0.00
Missing Authorization vulnerability in enituretechnology Distance Based Shipping Calculator distance-based-shipping-calculator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Distance Based Shipping Calculator: from n/a through <=…
- risk 0.42cvss 6.5epss 0.00
Missing Authorization vulnerability in appsbd Vitepos vitepos-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Vitepos: from n/a through <= 3.1.3.
- risk 0.42cvss 6.5epss 0.00
The product does not perform an authorization check when an actor attempts to access a resource or perform an action. (CWE-862) Hitachi Vantara Pentaho Business Analytics Server versions before 10.2.0.0 and 9.3.0.8, including 8.3.x, do not correctly perform an…
- risk 0.42cvss 6.5epss 0.00
Missing Authorization vulnerability in enituretechnology LTL Freight Quotes – Unishippers Edition ltl-freight-quotes-unishippers-edition allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LTL Freight Quotes – Unishippers Edition: from…
- risk 0.42cvss 6.5epss 0.00
Missing Authorization vulnerability in Murali Push Notification for Post and BuddyPress push-notification-for-post-and-buddypress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Push Notification for Post and BuddyPress: from n/a…
- risk 0.42cvss 6.5epss 0.00
Missing Authorization vulnerability in ashamil OPSI Israel Domestic Shipments woo-ups-pickup allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects OPSI Israel Domestic Shipments: from n/a through <= 2.8.2.