CWE-862
Missing Authorization
Description
The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-665
CVEs mapped to this weakness (5,549)
page 78 of 278| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-31342 | Med | 0.42 | 6.5 | 0.01 | Apr 10, 2024 | Missing Authorization vulnerability in WPcloudgallery WordPress Gallery Exporter.This issue affects WordPress Gallery Exporter: from n/a through 1.3. | ||
| CVE-2024-1042 | Med | 0.42 | 6.4 | 0.00 | Apr 10, 2024 | The WP Radio – Worldwide Online Radio Stations Directory for WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on multiple AJAX functions in all versions up to, and including, 3.1.9. This makes it possible for… | ||
| CVE-2024-1041 | Med | 0.42 | 6.4 | 0.00 | Apr 10, 2024 | The WP Radio – Worldwide Online Radio Stations Directory for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's settings in all versions up to, and including, 3.1.9 due to insufficient input sanitization and output escaping as well as… | ||
| CVE-2024-1352 | Med | 0.42 | 6.5 | 0.01 | Apr 9, 2024 | The Classified Listing – Classified ads & Business Directory Plugin plugin for WordPress is vulnerable to unauthorized access & modification of data due to a missing capability check on the rtcl_import_location() rtcl_import_category() functions in all versions up to, and… | ||
| CVE-2024-31368 | Med | 0.42 | 6.5 | 0.00 | Apr 9, 2024 | Missing Authorization vulnerability in PenciDesign Soledad.This issue affects Soledad: from n/a through 8.4.2. | ||
| CVE-2024-28167 | Med | 0.42 | 6.5 | 0.00 | Apr 9, 2024 | SAP Group Reporting Data Collection does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. On successful exploitation, specific data can be changed via the Enter Package Data app although the user does not have… | ||
| CVE-2024-1807 | Med | 0.42 | 6.5 | 0.01 | Apr 2, 2024 | The Product Sort and Display for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the psad_update_product_cat_custom_meta_ajax function in all versions up to, and including, 2.4.1. This makes it possible for… | ||
| CVE-2024-30508 | Med | 0.42 | 6.5 | 0.01 | Mar 29, 2024 | Missing Authorization vulnerability in ThimPress WP Hotel Booking.This issue affects WP Hotel Booking: from n/a through 2.0.9.2. | ||
| CVE-2024-30505 | Med | 0.42 | 6.5 | 0.00 | Mar 29, 2024 | Missing Authorization vulnerability in andy_moyle Church Admin church-admin.This issue affects Church Admin: from n/a through <= 4.1.18. | ||
| CVE-2024-30234 | Med | 0.42 | 6.5 | 0.00 | Mar 26, 2024 | Missing Authorization vulnerability in Wholesale Team WholesaleX.This issue affects WholesaleX: from n/a through 1.3.1. | ||
| CVE-2024-2906 | Med | 0.42 | 6.5 | 0.00 | Mar 26, 2024 | Missing Authorization vulnerability in SoftLab Radio Player.This issue affects Radio Player: from n/a through 2.0.73. | ||
| CVE-2024-22156 | Med | 0.42 | 6.5 | 0.00 | Mar 26, 2024 | Missing Authorization vulnerability in SNP Digital SalesKing.This issue affects SalesKing: from n/a through 1.6.15. | ||
| CVE-2024-24799 | Med | 0.42 | 6.5 | 0.01 | Mar 26, 2024 | Missing Authorization vulnerability in WooCommerce WooCommerce Box Office.This issue affects WooCommerce Box Office: from n/a through 1.2.2. | ||
| CVE-2023-27608 | Med | 0.42 | 6.5 | 0.00 | Mar 25, 2024 | Missing Authorization vulnerability in WP Swings Points and Rewards for WooCommerce.This issue affects Points and Rewards for WooCommerce: from n/a through 1.5.0. | ||
| CVE-2022-38057 | Med | 0.42 | 6.5 | 0.01 | Mar 25, 2024 | Missing Authorization vulnerability in ThemeHunk Advance WordPress Search Plugin.This issue affects Advance WordPress Search Plugin: from n/a through 1.2.1. | ||
| CVE-2023-52229 | Med | 0.42 | 6.5 | 0.01 | Mar 20, 2024 | Missing Authorization vulnerability in Save as PDF plugin by Pdfcrowd Word Replacer Pro.This issue affects Word Replacer Pro: from n/a through 1.0. | ||
| CVE-2024-1763 | Med | 0.42 | 6.5 | 0.00 | Mar 13, 2024 | The Wp Social Login and Register Social Counter plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the /wp_social/v1/ REST API endpoint in all versions up to, and including, 3.0.0. This makes it possible for… | ||
| CVE-2024-1328 | Med | 0.42 | 6.4 | 0.00 | Mar 12, 2024 | The Newsletter2Go plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘style’ parameter in all versions up to, and including, 4.0.14 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with… | ||
| CVE-2024-1123 | Med | 0.42 | 6.5 | 0.00 | Mar 9, 2024 | The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save_frontend_event_submission() function in all versions up to, and including, 3.4.2. This makes it possible… | ||
| CVE-2024-1169 | Hig | 0.42 | 7.5 | 0.01 | Mar 7, 2024 | The Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC) plugin for WordPress is vulnerable to unauthorized media upload due to a missing capability check on the buddyforms_upload_handle_dropped_media function… |
- risk 0.42cvss 6.5epss 0.01
Missing Authorization vulnerability in WPcloudgallery WordPress Gallery Exporter.This issue affects WordPress Gallery Exporter: from n/a through 1.3.
- risk 0.42cvss 6.4epss 0.00
The WP Radio – Worldwide Online Radio Stations Directory for WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on multiple AJAX functions in all versions up to, and including, 3.1.9. This makes it possible for…
- risk 0.42cvss 6.4epss 0.00
The WP Radio – Worldwide Online Radio Stations Directory for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's settings in all versions up to, and including, 3.1.9 due to insufficient input sanitization and output escaping as well as…
- risk 0.42cvss 6.5epss 0.01
The Classified Listing – Classified ads & Business Directory Plugin plugin for WordPress is vulnerable to unauthorized access & modification of data due to a missing capability check on the rtcl_import_location() rtcl_import_category() functions in all versions up to, and…
- risk 0.42cvss 6.5epss 0.00
Missing Authorization vulnerability in PenciDesign Soledad.This issue affects Soledad: from n/a through 8.4.2.
- risk 0.42cvss 6.5epss 0.00
SAP Group Reporting Data Collection does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. On successful exploitation, specific data can be changed via the Enter Package Data app although the user does not have…
- risk 0.42cvss 6.5epss 0.01
The Product Sort and Display for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the psad_update_product_cat_custom_meta_ajax function in all versions up to, and including, 2.4.1. This makes it possible for…
- risk 0.42cvss 6.5epss 0.01
Missing Authorization vulnerability in ThimPress WP Hotel Booking.This issue affects WP Hotel Booking: from n/a through 2.0.9.2.
- risk 0.42cvss 6.5epss 0.00
Missing Authorization vulnerability in andy_moyle Church Admin church-admin.This issue affects Church Admin: from n/a through <= 4.1.18.
- risk 0.42cvss 6.5epss 0.00
Missing Authorization vulnerability in Wholesale Team WholesaleX.This issue affects WholesaleX: from n/a through 1.3.1.
- risk 0.42cvss 6.5epss 0.00
Missing Authorization vulnerability in SoftLab Radio Player.This issue affects Radio Player: from n/a through 2.0.73.
- risk 0.42cvss 6.5epss 0.00
Missing Authorization vulnerability in SNP Digital SalesKing.This issue affects SalesKing: from n/a through 1.6.15.
- risk 0.42cvss 6.5epss 0.01
Missing Authorization vulnerability in WooCommerce WooCommerce Box Office.This issue affects WooCommerce Box Office: from n/a through 1.2.2.
- risk 0.42cvss 6.5epss 0.00
Missing Authorization vulnerability in WP Swings Points and Rewards for WooCommerce.This issue affects Points and Rewards for WooCommerce: from n/a through 1.5.0.
- risk 0.42cvss 6.5epss 0.01
Missing Authorization vulnerability in ThemeHunk Advance WordPress Search Plugin.This issue affects Advance WordPress Search Plugin: from n/a through 1.2.1.
- risk 0.42cvss 6.5epss 0.01
Missing Authorization vulnerability in Save as PDF plugin by Pdfcrowd Word Replacer Pro.This issue affects Word Replacer Pro: from n/a through 1.0.
- risk 0.42cvss 6.5epss 0.00
The Wp Social Login and Register Social Counter plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the /wp_social/v1/ REST API endpoint in all versions up to, and including, 3.0.0. This makes it possible for…
- risk 0.42cvss 6.4epss 0.00
The Newsletter2Go plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘style’ parameter in all versions up to, and including, 4.0.14 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with…
- risk 0.42cvss 6.5epss 0.00
The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save_frontend_event_submission() function in all versions up to, and including, 3.4.2. This makes it possible…
- risk 0.42cvss 7.5epss 0.01
The Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC) plugin for WordPress is vulnerable to unauthorized media upload due to a missing capability check on the buddyforms_upload_handle_dropped_media function…