CWE-862
Missing Authorization
Description
The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-665
CVEs mapped to this weakness (5,549)
page 76 of 278| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-1639 | Med | 0.42 | 6.5 | 0.00 | Jun 21, 2024 | The License Manager for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the showLicenseKey() and showAllLicenseKeys() functions in all versions up to, and including, 3.0.6. This makes it possible for… | ||
| CVE-2023-3204 | Med | 0.42 | 6.5 | 0.00 | Jun 20, 2024 | The Materialis theme for WordPress is vulnerable to limited arbitrary options updates in versions up to, and including, 1.1.24. This is due to missing authorization checks on the companion_disable_popup() function called via an AJAX action. This makes it possible for… | ||
| CVE-2022-45832 | Med | 0.42 | 6.5 | 0.00 | Jun 19, 2024 | Missing Authorization vulnerability in Hennessey Digital Attorney.This issue affects Attorney: from n/a through 3. | ||
| CVE-2023-37872 | Med | 0.42 | 6.5 | 0.00 | Jun 19, 2024 | Missing Authorization vulnerability in Woo WooCommerce Ship to Multiple Addresses.This issue affects WooCommerce Ship to Multiple Addresses: from n/a through 3.8.5. | ||
| CVE-2023-36683 | Med | 0.42 | 6.5 | 0.01 | Jun 19, 2024 | Missing Authorization vulnerability in WP SCHEMA PRO Schema Pro.This issue affects Schema Pro: from n/a through 2.7.8. | ||
| CVE-2023-36512 | Med | 0.42 | 6.5 | 0.00 | Jun 19, 2024 | Missing Authorization vulnerability in Woo AutomateWoo.This issue affects AutomateWoo: from n/a through 5.7.5. | ||
| CVE-2024-5768 | Med | 0.42 | 6.4 | 0.00 | Jun 19, 2024 | The MIMO Woocommerce Order Tracking plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'mimo_update_provider' function in all versions up to, and including, 1.0.2. This makes it possible for authenticated attackers,… | ||
| CVE-2024-1634 | Med | 0.42 | 6.5 | 0.00 | Jun 18, 2024 | The Scheduling Plugin – Online Booking for WordPress plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'cbsb_disconnect_settings' function in all versions up to, and including, 3.5.10. This makes it possible for… | ||
| CVE-2024-5685 | Hig | 0.42 | 7.6 | 0.00 | Jun 14, 2024 | Users with "User:edit" and "Self:api" permissions can promote or demote themselves or other users by performing changes to the group's memberships via API call.This issue affects snipe-it: from v4.6.17 through v6.4.1. | ||
| CVE-2023-29174 | Med | 0.42 | 6.5 | 0.00 | Jun 14, 2024 | Missing Authorization vulnerability in NervyThemes SKU Label Changer For WooCommerce.This issue affects SKU Label Changer For WooCommerce: from n/a through 3.0. | ||
| CVE-2024-5674 | Med | 0.42 | 6.5 | 0.00 | Jun 12, 2024 | The Newsletter - API v1 and v2 addon plugin for WordPress is vulnerable to unauthorized subscribers management due to PHP type juggling issue on the check_api_key function in all versions up to, and including, 2.4.5. This makes it possible for unauthenticated attackers to list,… | ||
| CVE-2023-40209 | Med | 0.42 | 6.5 | 0.00 | Jun 12, 2024 | Missing Authorization vulnerability in Himalaya Saxena Highcompress Image Compressor.This issue affects Highcompress Image Compressor: from n/a through 6.0.0. | ||
| CVE-2024-5468 | Med | 0.42 | 6.5 | 0.00 | Jun 12, 2024 | The WordPress Header Builder Plugin – Pearl plugin for WordPress is vulnerable to unauthorized site option deletion due to a missing validation and capability checks on the stm_hb_delete() function in all versions up to, and including, 1.3.7. This makes it possible for… | ||
| CVE-2024-34820 | Med | 0.42 | 6.5 | 0.00 | Jun 11, 2024 | Missing Authorization vulnerability in If So Plugin If-So Dynamic Content Personalization.This issue affects If-So Dynamic Content Personalization: from n/a through 1.7.1. | ||
| CVE-2024-32805 | Med | 0.42 | 6.5 | 0.00 | Jun 9, 2024 | Missing Authorization vulnerability in Social Snap.This issue affects Social Snap: from n/a through 1.3.5. | ||
| CVE-2024-30534 | Med | 0.42 | 6.5 | 0.00 | Jun 9, 2024 | Missing Authorization vulnerability in typps Calendarista Basic Edition calendarista-basic-edition.This issue affects Calendarista Basic Edition: from n/a through <= 3.0.5. | ||
| CVE-2024-5654 | Med | 0.42 | 6.5 | 0.00 | Jun 8, 2024 | The CF7 Google Sheets Connector plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'execute_post_data_cg7_free' function in all versions up to, and including, 5.0.9. This makes it possible for unauthenticated… | ||
| CVE-2024-5637 | Hig | 0.42 | 7.5 | 0.01 | Jun 7, 2024 | The Market Exporter plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'remove_files' function in all versions up to, and including, 2.0.19. This makes it possible for authenticated attackers, with Subscriber-level access and… | ||
| CVE-2024-4422 | Med | 0.42 | 6.4 | 0.00 | May 30, 2024 | The Comparison Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the slider title parameter in all versions up to, and including, 1.0.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with… | ||
| CVE-2024-35237 | Hig | 0.42 | 7.5 | 0.01 | May 27, 2024 | MIT IdentiBot is an open-source Discord bot written in Node.js that verifies individuals' affiliations with MIT, grants them roles in a Discord server, and stores information about them in a database backend. A vulnerability that exists prior to commit… |
- risk 0.42cvss 6.5epss 0.00
The License Manager for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the showLicenseKey() and showAllLicenseKeys() functions in all versions up to, and including, 3.0.6. This makes it possible for…
- risk 0.42cvss 6.5epss 0.00
The Materialis theme for WordPress is vulnerable to limited arbitrary options updates in versions up to, and including, 1.1.24. This is due to missing authorization checks on the companion_disable_popup() function called via an AJAX action. This makes it possible for…
- risk 0.42cvss 6.5epss 0.00
Missing Authorization vulnerability in Hennessey Digital Attorney.This issue affects Attorney: from n/a through 3.
- risk 0.42cvss 6.5epss 0.00
Missing Authorization vulnerability in Woo WooCommerce Ship to Multiple Addresses.This issue affects WooCommerce Ship to Multiple Addresses: from n/a through 3.8.5.
- risk 0.42cvss 6.5epss 0.01
Missing Authorization vulnerability in WP SCHEMA PRO Schema Pro.This issue affects Schema Pro: from n/a through 2.7.8.
- risk 0.42cvss 6.5epss 0.00
Missing Authorization vulnerability in Woo AutomateWoo.This issue affects AutomateWoo: from n/a through 5.7.5.
- risk 0.42cvss 6.4epss 0.00
The MIMO Woocommerce Order Tracking plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'mimo_update_provider' function in all versions up to, and including, 1.0.2. This makes it possible for authenticated attackers,…
- risk 0.42cvss 6.5epss 0.00
The Scheduling Plugin – Online Booking for WordPress plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'cbsb_disconnect_settings' function in all versions up to, and including, 3.5.10. This makes it possible for…
- risk 0.42cvss 7.6epss 0.00
Users with "User:edit" and "Self:api" permissions can promote or demote themselves or other users by performing changes to the group's memberships via API call.This issue affects snipe-it: from v4.6.17 through v6.4.1.
- risk 0.42cvss 6.5epss 0.00
Missing Authorization vulnerability in NervyThemes SKU Label Changer For WooCommerce.This issue affects SKU Label Changer For WooCommerce: from n/a through 3.0.
- risk 0.42cvss 6.5epss 0.00
The Newsletter - API v1 and v2 addon plugin for WordPress is vulnerable to unauthorized subscribers management due to PHP type juggling issue on the check_api_key function in all versions up to, and including, 2.4.5. This makes it possible for unauthenticated attackers to list,…
- risk 0.42cvss 6.5epss 0.00
Missing Authorization vulnerability in Himalaya Saxena Highcompress Image Compressor.This issue affects Highcompress Image Compressor: from n/a through 6.0.0.
- risk 0.42cvss 6.5epss 0.00
The WordPress Header Builder Plugin – Pearl plugin for WordPress is vulnerable to unauthorized site option deletion due to a missing validation and capability checks on the stm_hb_delete() function in all versions up to, and including, 1.3.7. This makes it possible for…
- risk 0.42cvss 6.5epss 0.00
Missing Authorization vulnerability in If So Plugin If-So Dynamic Content Personalization.This issue affects If-So Dynamic Content Personalization: from n/a through 1.7.1.
- risk 0.42cvss 6.5epss 0.00
Missing Authorization vulnerability in Social Snap.This issue affects Social Snap: from n/a through 1.3.5.
- risk 0.42cvss 6.5epss 0.00
Missing Authorization vulnerability in typps Calendarista Basic Edition calendarista-basic-edition.This issue affects Calendarista Basic Edition: from n/a through <= 3.0.5.
- risk 0.42cvss 6.5epss 0.00
The CF7 Google Sheets Connector plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'execute_post_data_cg7_free' function in all versions up to, and including, 5.0.9. This makes it possible for unauthenticated…
- risk 0.42cvss 7.5epss 0.01
The Market Exporter plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'remove_files' function in all versions up to, and including, 2.0.19. This makes it possible for authenticated attackers, with Subscriber-level access and…
- risk 0.42cvss 6.4epss 0.00
The Comparison Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the slider title parameter in all versions up to, and including, 1.0.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with…
- risk 0.42cvss 7.5epss 0.01
MIT IdentiBot is an open-source Discord bot written in Node.js that verifies individuals' affiliations with MIT, grants them roles in a Discord server, and stores information about them in a database backend. A vulnerability that exists prior to commit…