CWE-862
Missing Authorization
Description
The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-665
CVEs mapped to this weakness (5,549)
page 74 of 278| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-53813 | Med | 0.42 | 6.5 | 0.00 | Dec 6, 2024 | Missing Authorization vulnerability in WP Travel WP Travel wp-travel allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Travel: from n/a through <= 9.6.0. | ||
| CVE-2024-53803 | Med | 0.42 | 6.5 | 0.01 | Dec 6, 2024 | Missing Authorization vulnerability in brandtoss WP Mailster wp-mailster allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Mailster: from n/a through <= 1.8.16.0. | ||
| CVE-2024-10567 | Hig | 0.42 | 7.5 | 0.00 | Dec 4, 2024 | The TI WooCommerce Wishlist plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wizard' function in all versions up to, and including, 2.9.1. This makes it possible for unauthenticated attackers to create new pages,… | ||
| CVE-2024-49581 | Med | 0.42 | 6.5 | 0.00 | Dec 2, 2024 | Restricted Views backed objects (OSV1) could be bypassed under specific circumstances due to a software bug, this could have allowed users that didn't have permission to see such objects to view them via Object Explorer directly. This software bug did not impact or otherwise… | ||
| CVE-2024-10390 | Med | 0.42 | 6.4 | 0.00 | Nov 18, 2024 | The Elfsight Telegram Chat CC plugin for WordPress is vulnerable to unauthorized modification of data to a missing capability check on the 'updatePreferences' function in all versions up to, and including, 1.1.0. This makes it possible for authenticated attackers, with… | ||
| CVE-2024-42372 | Med | 0.42 | 6.5 | 0.00 | Nov 12, 2024 | Due to missing authorization check in SAP NetWeaver AS Java (System Landscape Directory) an unauthorized user can read and modify some restricted global SLD configurations causing low impact on confidentiality and integrity of the application. | ||
| CVE-2024-47361 | Med | 0.42 | 6.5 | 0.00 | Nov 1, 2024 | Missing Authorization vulnerability in WPVibes Elementor Addon Elements addon-elements-for-elementor-page-builder.This issue affects Elementor Addon Elements: from n/a through <= 1.13.6. | ||
| CVE-2024-47321 | Med | 0.42 | 6.5 | 0.00 | Nov 1, 2024 | Missing Authorization vulnerability in Fahad Mahmood WP Datepicker wp-datepicker.This issue affects WP Datepicker: from n/a through <= 2.1.1. | ||
| CVE-2024-47308 | Med | 0.42 | 6.5 | 0.02 | Nov 1, 2024 | Missing Authorization vulnerability in WPDeveloper Templately templately.This issue affects Templately: from n/a through <= 3.1.2. | ||
| CVE-2024-43956 | Med | 0.42 | 6.5 | 0.00 | Nov 1, 2024 | Missing Authorization vulnerability in Caseproof, LLC Memberpress allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Memberpress: from n/a through 1.11.34. | ||
| CVE-2024-43932 | Med | 0.42 | 6.5 | 0.01 | Nov 1, 2024 | Missing Authorization vulnerability in POSIMYTH The Plus Addons for Elementor Page Builder Lite the-plus-addons-for-elementor-page-builder.This issue affects The Plus Addons for Elementor Page Builder Lite: from n/a through <= 5.6.2. | ||
| CVE-2024-43209 | Med | 0.42 | 6.5 | 0.00 | Nov 1, 2024 | Missing Authorization vulnerability in Bitly allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Bitly: from n/a through 2.7.2. | ||
| CVE-2024-43143 | Med | 0.42 | 6.4 | 0.00 | Nov 1, 2024 | Missing Authorization vulnerability in Roundup WP Registrations for the Events Calendar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Registrations for the Events Calendar: from n/a through 2.12.1. | ||
| CVE-2024-43122 | Med | 0.42 | 6.5 | 0.00 | Nov 1, 2024 | Missing Authorization vulnerability in Creative Motion Robin image optimizer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Robin image optimizer: from n/a through 1.6.9. | ||
| CVE-2024-39640 | Med | 0.42 | 6.5 | 0.00 | Nov 1, 2024 | Missing Authorization vulnerability in QuadLayers WP Social Feed Gallery allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Social Feed Gallery: from n/a through 4.3.9. | ||
| CVE-2024-38777 | Med | 0.42 | 6.5 | 0.00 | Nov 1, 2024 | Missing Authorization vulnerability in CreativeMotion Titan Anti-spam & Security allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Titan Anti-spam & Security: from n/a through 7.3.6. | ||
| CVE-2024-38771 | Med | 0.42 | 6.5 | 0.00 | Nov 1, 2024 | Missing Authorization vulnerability in Vito Peleg Atarim atarim-visual-collaboration.This issue affects Atarim: from n/a through <= 4.0. | ||
| CVE-2024-37510 | Med | 0.42 | 6.5 | 0.00 | Nov 1, 2024 | Missing Authorization vulnerability in Charitable Donations & Fundraising Team Charitable allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Charitable: from n/a through 1.8.1.7. | ||
| CVE-2024-37481 | Med | 0.42 | 6.5 | 0.00 | Nov 1, 2024 | Missing Authorization vulnerability in RadiusTheme The Post Grid the-post-grid.This issue affects The Post Grid: from n/a through <= 7.7.4. | ||
| CVE-2024-37477 | Med | 0.42 | 6.5 | 0.00 | Nov 1, 2024 | Missing Authorization vulnerability in Automattic Newspack Content Converter allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Newspack Content Converter: from n/a through 0.1.5. |
- risk 0.42cvss 6.5epss 0.00
Missing Authorization vulnerability in WP Travel WP Travel wp-travel allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Travel: from n/a through <= 9.6.0.
- risk 0.42cvss 6.5epss 0.01
Missing Authorization vulnerability in brandtoss WP Mailster wp-mailster allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Mailster: from n/a through <= 1.8.16.0.
- risk 0.42cvss 7.5epss 0.00
The TI WooCommerce Wishlist plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wizard' function in all versions up to, and including, 2.9.1. This makes it possible for unauthenticated attackers to create new pages,…
- risk 0.42cvss 6.5epss 0.00
Restricted Views backed objects (OSV1) could be bypassed under specific circumstances due to a software bug, this could have allowed users that didn't have permission to see such objects to view them via Object Explorer directly. This software bug did not impact or otherwise…
- risk 0.42cvss 6.4epss 0.00
The Elfsight Telegram Chat CC plugin for WordPress is vulnerable to unauthorized modification of data to a missing capability check on the 'updatePreferences' function in all versions up to, and including, 1.1.0. This makes it possible for authenticated attackers, with…
- risk 0.42cvss 6.5epss 0.00
Due to missing authorization check in SAP NetWeaver AS Java (System Landscape Directory) an unauthorized user can read and modify some restricted global SLD configurations causing low impact on confidentiality and integrity of the application.
- risk 0.42cvss 6.5epss 0.00
Missing Authorization vulnerability in WPVibes Elementor Addon Elements addon-elements-for-elementor-page-builder.This issue affects Elementor Addon Elements: from n/a through <= 1.13.6.
- risk 0.42cvss 6.5epss 0.00
Missing Authorization vulnerability in Fahad Mahmood WP Datepicker wp-datepicker.This issue affects WP Datepicker: from n/a through <= 2.1.1.
- risk 0.42cvss 6.5epss 0.02
Missing Authorization vulnerability in WPDeveloper Templately templately.This issue affects Templately: from n/a through <= 3.1.2.
- risk 0.42cvss 6.5epss 0.00
Missing Authorization vulnerability in Caseproof, LLC Memberpress allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Memberpress: from n/a through 1.11.34.
- risk 0.42cvss 6.5epss 0.01
Missing Authorization vulnerability in POSIMYTH The Plus Addons for Elementor Page Builder Lite the-plus-addons-for-elementor-page-builder.This issue affects The Plus Addons for Elementor Page Builder Lite: from n/a through <= 5.6.2.
- risk 0.42cvss 6.5epss 0.00
Missing Authorization vulnerability in Bitly allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Bitly: from n/a through 2.7.2.
- risk 0.42cvss 6.4epss 0.00
Missing Authorization vulnerability in Roundup WP Registrations for the Events Calendar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Registrations for the Events Calendar: from n/a through 2.12.1.
- risk 0.42cvss 6.5epss 0.00
Missing Authorization vulnerability in Creative Motion Robin image optimizer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Robin image optimizer: from n/a through 1.6.9.
- risk 0.42cvss 6.5epss 0.00
Missing Authorization vulnerability in QuadLayers WP Social Feed Gallery allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Social Feed Gallery: from n/a through 4.3.9.
- risk 0.42cvss 6.5epss 0.00
Missing Authorization vulnerability in CreativeMotion Titan Anti-spam & Security allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Titan Anti-spam & Security: from n/a through 7.3.6.
- risk 0.42cvss 6.5epss 0.00
Missing Authorization vulnerability in Vito Peleg Atarim atarim-visual-collaboration.This issue affects Atarim: from n/a through <= 4.0.
- risk 0.42cvss 6.5epss 0.00
Missing Authorization vulnerability in Charitable Donations & Fundraising Team Charitable allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Charitable: from n/a through 1.8.1.7.
- risk 0.42cvss 6.5epss 0.00
Missing Authorization vulnerability in RadiusTheme The Post Grid the-post-grid.This issue affects The Post Grid: from n/a through <= 7.7.4.
- risk 0.42cvss 6.5epss 0.00
Missing Authorization vulnerability in Automattic Newspack Content Converter allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Newspack Content Converter: from n/a through 0.1.5.