CWE-862
Missing Authorization
Description
The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-665
CVEs mapped to this weakness (5,549)
page 77 of 278| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-2782 | Hig | 0.42 | 7.5 | 0.01 | May 18, 2024 | The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the /wp-json/fluentform/v1/global-settings REST API endpoint in all versions up… | ||
| CVE-2024-33938 | Med | 0.42 | 6.5 | 0.00 | May 14, 2024 | Missing Authorization vulnerability in codename065 Sliding Widgets allows Cross-Site Scripting (XSS).This issue affects Sliding Widgets: from n/a through 1.5.0. | ||
| CVE-2024-32776 | Med | 0.42 | 6.5 | 0.00 | May 14, 2024 | Missing Authorization vulnerability in AppPresser Team AppPresser.This issue affects AppPresser: from n/a through 4.3.0. | ||
| CVE-2024-32730 | Med | 0.42 | 6.5 | 0.01 | May 14, 2024 | SAP Enable Now Manager does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. On successful exploitation, the attacker with the role 'Learner' could gain access to other user's data in manager which will lead to a high… | ||
| CVE-2024-32712 | Hig | 0.42 | 7.5 | 0.00 | May 14, 2024 | Missing Authorization vulnerability in Podlove Podlove Podcast Publisher.This issue affects Podlove Podcast Publisher: from n/a through 4.0.14. | ||
| CVE-2023-41651 | Med | 0.42 | 6.5 | 0.00 | May 8, 2024 | Missing Authorization vulnerability in Multi-column Tag Map.This issue affects Multi-column Tag Map: from n/a through 17.0.26. | ||
| CVE-2024-33576 | Med | 0.42 | 6.5 | 0.00 | May 6, 2024 | Missing Authorization vulnerability in Ollybach WPPizza.This issue affects WPPizza: from n/a through 3.18.10. | ||
| CVE-2024-33931 | Med | 0.42 | 6.5 | 0.00 | May 3, 2024 | Missing Authorization vulnerability in ilGhera JW Player for WordPress.This issue affects JW Player for WordPress: from n/a through 2.3.3. | ||
| CVE-2024-33919 | Med | 0.42 | 6.5 | 0.00 | May 3, 2024 | Missing Authorization vulnerability in Rometheme RomethemeKit For Elementor.This issue affects RomethemeKit For Elementor: from n/a through 1.4.1. | ||
| CVE-2024-33944 | Med | 0.42 | 6.5 | 0.00 | May 2, 2024 | Missing Authorization vulnerability in Kestrel WooCommerce AWeber Newsletter Subscription.This issue affects WooCommerce AWeber Newsletter Subscription: from n/a through 4.0.2. | ||
| CVE-2024-1371 | Med | 0.42 | 6.5 | 0.01 | Apr 30, 2024 | The LeadConnector plugin for WordPress is vulnerable to unauthorized modification & loss of data due to a missing capability check on the lc_public_api_proxy() function in all versions up to, and including, 1.7. This makes it possible for unauthenticated attackers to delete… | ||
| CVE-2024-33589 | Med | 0.42 | 6.5 | 0.00 | Apr 29, 2024 | Missing Authorization vulnerability in WPOmnia KB Support.This issue affects KB Support: from n/a through 1.6.0. | ||
| CVE-2024-33684 | Med | 0.42 | 6.5 | 0.00 | Apr 29, 2024 | Missing Authorization vulnerability in Pdfcrowd Save as PDF plugin by Pdfcrowd allows Stored XSS.This issue affects Save as PDF plugin by Pdfcrowd: from n/a through 3.2.0. | ||
| CVE-2024-33558 | Med | 0.42 | 6.5 | 0.00 | Apr 29, 2024 | Missing Authorization vulnerability in 8theme XStore Core.This issue affects XStore Core: from n/a through 5.3.5. | ||
| CVE-2024-32675 | Med | 0.42 | 6.5 | 0.00 | Apr 24, 2024 | Missing Authorization vulnerability in Xfinity Soft Order Limit for WooCommerce.This issue affects Order Limit for WooCommerce: from n/a through 2.0.0. | ||
| CVE-2024-32951 | Med | 0.42 | 6.5 | 0.00 | Apr 24, 2024 | Missing Authorization vulnerability in BloomPixel Max Addons Pro for Bricks.This issue affects Max Addons Pro for Bricks: from n/a through 1.6.1. | ||
| CVE-2024-32688 | Med | 0.42 | 6.5 | 0.00 | Apr 22, 2024 | Missing Authorization vulnerability in Long Watch Studio MyRewards.This issue affects MyRewards: from n/a through 5.3.0. | ||
| CVE-2022-41698 | Med | 0.42 | 6.5 | 0.00 | Apr 17, 2024 | Missing Authorization vulnerability in Layered If Menu.This issue affects If Menu: from n/a through 0.16.3. | ||
| CVE-2024-32509 | Med | 0.42 | 6.5 | 0.00 | Apr 17, 2024 | Missing Authorization vulnerability in Loopus WP Cost Estimation & Payment Forms Builder.This issue affects WP Cost Estimation & Payment Forms Builder: from n/a through 10.1.76. | ||
| CVE-2022-44633 | Med | 0.42 | 6.5 | 0.00 | Apr 11, 2024 | Missing Authorization vulnerability in YITH YITH WooCommerce Gift Cards Premium.This issue affects YITH WooCommerce Gift Cards Premium: from n/a through 3.23.1. |
- risk 0.42cvss 7.5epss 0.01
The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the /wp-json/fluentform/v1/global-settings REST API endpoint in all versions up…
- risk 0.42cvss 6.5epss 0.00
Missing Authorization vulnerability in codename065 Sliding Widgets allows Cross-Site Scripting (XSS).This issue affects Sliding Widgets: from n/a through 1.5.0.
- risk 0.42cvss 6.5epss 0.00
Missing Authorization vulnerability in AppPresser Team AppPresser.This issue affects AppPresser: from n/a through 4.3.0.
- risk 0.42cvss 6.5epss 0.01
SAP Enable Now Manager does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. On successful exploitation, the attacker with the role 'Learner' could gain access to other user's data in manager which will lead to a high…
- risk 0.42cvss 7.5epss 0.00
Missing Authorization vulnerability in Podlove Podlove Podcast Publisher.This issue affects Podlove Podcast Publisher: from n/a through 4.0.14.
- risk 0.42cvss 6.5epss 0.00
Missing Authorization vulnerability in Multi-column Tag Map.This issue affects Multi-column Tag Map: from n/a through 17.0.26.
- risk 0.42cvss 6.5epss 0.00
Missing Authorization vulnerability in Ollybach WPPizza.This issue affects WPPizza: from n/a through 3.18.10.
- risk 0.42cvss 6.5epss 0.00
Missing Authorization vulnerability in ilGhera JW Player for WordPress.This issue affects JW Player for WordPress: from n/a through 2.3.3.
- risk 0.42cvss 6.5epss 0.00
Missing Authorization vulnerability in Rometheme RomethemeKit For Elementor.This issue affects RomethemeKit For Elementor: from n/a through 1.4.1.
- risk 0.42cvss 6.5epss 0.00
Missing Authorization vulnerability in Kestrel WooCommerce AWeber Newsletter Subscription.This issue affects WooCommerce AWeber Newsletter Subscription: from n/a through 4.0.2.
- risk 0.42cvss 6.5epss 0.01
The LeadConnector plugin for WordPress is vulnerable to unauthorized modification & loss of data due to a missing capability check on the lc_public_api_proxy() function in all versions up to, and including, 1.7. This makes it possible for unauthenticated attackers to delete…
- risk 0.42cvss 6.5epss 0.00
Missing Authorization vulnerability in WPOmnia KB Support.This issue affects KB Support: from n/a through 1.6.0.
- risk 0.42cvss 6.5epss 0.00
Missing Authorization vulnerability in Pdfcrowd Save as PDF plugin by Pdfcrowd allows Stored XSS.This issue affects Save as PDF plugin by Pdfcrowd: from n/a through 3.2.0.
- risk 0.42cvss 6.5epss 0.00
Missing Authorization vulnerability in 8theme XStore Core.This issue affects XStore Core: from n/a through 5.3.5.
- risk 0.42cvss 6.5epss 0.00
Missing Authorization vulnerability in Xfinity Soft Order Limit for WooCommerce.This issue affects Order Limit for WooCommerce: from n/a through 2.0.0.
- risk 0.42cvss 6.5epss 0.00
Missing Authorization vulnerability in BloomPixel Max Addons Pro for Bricks.This issue affects Max Addons Pro for Bricks: from n/a through 1.6.1.
- risk 0.42cvss 6.5epss 0.00
Missing Authorization vulnerability in Long Watch Studio MyRewards.This issue affects MyRewards: from n/a through 5.3.0.
- risk 0.42cvss 6.5epss 0.00
Missing Authorization vulnerability in Layered If Menu.This issue affects If Menu: from n/a through 0.16.3.
- risk 0.42cvss 6.5epss 0.00
Missing Authorization vulnerability in Loopus WP Cost Estimation & Payment Forms Builder.This issue affects WP Cost Estimation & Payment Forms Builder: from n/a through 10.1.76.
- risk 0.42cvss 6.5epss 0.00
Missing Authorization vulnerability in YITH YITH WooCommerce Gift Cards Premium.This issue affects YITH WooCommerce Gift Cards Premium: from n/a through 3.23.1.