CWE-862

Missing Authorization

ClassIncompleteLikelihood: High

Description

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

Hierarchy (View 1000)

Parents

CWE-285

Children

Related attack patterns (CAPEC)

CAPEC-665

CVEs mapped to this weakness (4,588)

page 81 of 230

CVE	Vendor / Product	Sev	Risk	CVSS	Published	Description
CVE-2025-66156	WordPress Watcher Elementor	Med	0.35	5.4	Dec 31, 2025	Missing Authorization vulnerability in merkulove Watcher for Elementor watcher-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Watcher for Elementor: from n/a through <= 1.0.9.
CVE-2025-66155	WordPress Questionar Elementor	Med	0.35	5.4	Dec 31, 2025	Missing Authorization vulnerability in merkulove Questionar for Elementor questionar-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Questionar for Elementor: from n/a through <= 1.1.7.
CVE-2025-66154	WordPress Couponer Elementor	Med	0.35	5.4	Dec 31, 2025	Missing Authorization vulnerability in merkulove Couponer for Elementor couponer-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Couponer for Elementor: from n/a through <= 1.1.7.
CVE-2025-62888	WordPress Wp Attachments	Med	0.35	5.4	Dec 31, 2025	Missing Authorization vulnerability in Marco Milesi WP Attachments wp-attachments allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Attachments: from n/a through <= 5.2.
CVE-2025-62108	WordPress Add Custom Codes	Med	0.35	5.4	Dec 31, 2025	Missing Authorization vulnerability in SaifuMak Add Custom Codes add-custom-codes allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Add Custom Codes: from n/a through <= 4.80.
CVE-2025-62098	WordPress Gallery Portfolio	Med	0.35	5.4	Dec 31, 2025	Missing Authorization vulnerability in totalsoft Portfolio Gallery gallery-portfolio allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Portfolio Gallery: from n/a through <= 1.4.8.
CVE-2025-62091	WordPress Serial Codes Generator And Validator	Med	0.35	5.4	Dec 31, 2025	Missing Authorization vulnerability in Vollstart Serial Codes Generator and Validator with WooCommerce Support serial-codes-generator-and-validator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Serial Codes Generator and Validator with WooCommerce Support: from n/a through <= 2.8.2.
CVE-2025-62144	WordPress Core Web Vitals Pagespeed Booster	Med	0.35	5.4	Dec 31, 2025	Missing Authorization vulnerability in Mohammed Kaludi Core Web Vitals & PageSpeed Booster core-web-vitals-pagespeed-booster allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Core Web Vitals & PageSpeed Booster: from n/a through <= 1.0.28.
CVE-2025-69022	WordPress Hr Management Lite	Med	0.35	5.4	Dec 30, 2025	Missing Authorization vulnerability in Weblizar - WordPress Themes & Plugin HR Management Lite hr-management-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects HR Management Lite: from n/a through <= 3.6.
CVE-2025-68976	WordPress Eagle Booking	Med	0.35	5.4	Dec 30, 2025	Missing Authorization vulnerability in Eagle-Themes Eagle Booking eagle-booking allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Eagle Booking: from n/a through <= 1.3.4.3.
CVE-2023-41656	Kitforest Better Elementor Addons	Med	0.35	5.4	Dec 30, 2025	Missing Authorization vulnerability in wpdive Better Elementor Addons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Better Elementor Addons: from n/a through 1.3.7.
CVE-2025-68603	Zackgrossbart Editorial Calendar	Med	0.35	5.4	Dec 24, 2025	Missing Authorization vulnerability in Marketing Fire Editorial Calendar editorial-calendar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Editorial Calendar: from n/a through <= 3.8.8.
CVE-2025-68593	Wpadminify Wp Adminify	Med	0.35	5.4	Dec 24, 2025	Missing Authorization vulnerability in Liton Arefin WP Adminify adminify allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Adminify: from n/a through <= 4.0.6.1.
CVE-2025-68591	Simplefilelist Simple File List	Med	0.35	5.4	Dec 24, 2025	Missing Authorization vulnerability in Mitchell Bennis Simple File List simple-file-list allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simple File List: from n/a through <= 6.1.18.
CVE-2025-68581	WordPress Yith Slider For Page Builders	Med	0.35	5.4	Dec 24, 2025	Missing Authorization vulnerability in YITHEMES YITH Slider for page builders yith-slider-for-page-builders allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects YITH Slider for page builders: from n/a through <= 1.0.11.
CVE-2025-68517	WordPress Tablesome	Med	0.35	5.4	Dec 24, 2025	Missing Authorization vulnerability in Essekia Tablesome tablesome allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tablesome: from n/a through <= 1.1.35.1.
CVE-2023-25445	WordPress Happyfiles Pro	Med	0.35	5.4	Dec 21, 2025	Missing Authorization vulnerability in HappyFiles HappyFiles Pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects HappyFiles Pro: from n/a through 1.8.1.
CVE-2025-14455	WordPress Final Tiles Grid Gallery Lite	Med	0.35	5.4	Dec 19, 2025	The Image Photo Gallery Final Tiles Grid plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.6.7. This is due to the plugin not properly verifying that a user is authorized to perform actions on gallery management functions. This makes it possible for authenticated attackers, with Contributor-level access and above, to delete, modify, or clone galleries created by any user, including administrators.
CVE-2025-62961	sparklewpthemes Sparkle FSE	Med	0.35	5.4	Dec 18, 2025	Missing Authorization vulnerability in sparklewpthemes Sparkle FSE sparkle-fse allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sparkle FSE: from n/a through <= 1.0.9.
CVE-2025-62960	sparklewpthemes Construction Light	Med	0.35	5.4	Dec 18, 2025	Missing Authorization vulnerability in sparklewpthemes Construction Light construction-light allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Construction Light: from n/a through <= 1.6.7.

CVE-2025-66156MedDec 31, 2025
WordPress
Watcher Elementor
risk 0.35cvss 5.4epss 0.00
Missing Authorization vulnerability in merkulove Watcher for Elementor watcher-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Watcher for Elementor: from n/a through <= 1.0.9.
CVE-2025-66155MedDec 31, 2025
WordPress
Questionar Elementor
risk 0.35cvss 5.4epss 0.00
Missing Authorization vulnerability in merkulove Questionar for Elementor questionar-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Questionar for Elementor: from n/a through <= 1.1.7.
CVE-2025-66154MedDec 31, 2025
WordPress
Couponer Elementor
risk 0.35cvss 5.4epss 0.00
Missing Authorization vulnerability in merkulove Couponer for Elementor couponer-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Couponer for Elementor: from n/a through <= 1.1.7.
CVE-2025-62888MedDec 31, 2025
WordPress
Wp Attachments
risk 0.35cvss 5.4epss 0.00
Missing Authorization vulnerability in Marco Milesi WP Attachments wp-attachments allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Attachments: from n/a through <= 5.2.
CVE-2025-62108MedDec 31, 2025
WordPress
Add Custom Codes
risk 0.35cvss 5.4epss 0.00
Missing Authorization vulnerability in SaifuMak Add Custom Codes add-custom-codes allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Add Custom Codes: from n/a through <= 4.80.
CVE-2025-62098MedDec 31, 2025
WordPress
Gallery Portfolio
risk 0.35cvss 5.4epss 0.00
Missing Authorization vulnerability in totalsoft Portfolio Gallery gallery-portfolio allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Portfolio Gallery: from n/a through <= 1.4.8.
CVE-2025-62091MedDec 31, 2025
WordPress
Serial Codes Generator And Validator
risk 0.35cvss 5.4epss 0.00
Missing Authorization vulnerability in Vollstart Serial Codes Generator and Validator with WooCommerce Support serial-codes-generator-and-validator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Serial Codes Generator and Validator with WooCommerce Support: from n/a through <= 2.8.2.
CVE-2025-62144MedDec 31, 2025
WordPress
Core Web Vitals Pagespeed Booster
risk 0.35cvss 5.4epss 0.00
Missing Authorization vulnerability in Mohammed Kaludi Core Web Vitals & PageSpeed Booster core-web-vitals-pagespeed-booster allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Core Web Vitals & PageSpeed Booster: from n/a through <= 1.0.28.
CVE-2025-69022MedDec 30, 2025
WordPress
Hr Management Lite
risk 0.35cvss 5.4epss 0.00
Missing Authorization vulnerability in Weblizar - WordPress Themes & Plugin HR Management Lite hr-management-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects HR Management Lite: from n/a through <= 3.6.
CVE-2025-68976MedDec 30, 2025
WordPress
Eagle Booking
risk 0.35cvss 5.4epss 0.00
Missing Authorization vulnerability in Eagle-Themes Eagle Booking eagle-booking allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Eagle Booking: from n/a through <= 1.3.4.3.
CVE-2023-41656MedDec 30, 2025
Kitforest
Better Elementor Addons
risk 0.35cvss 5.4epss 0.00
Missing Authorization vulnerability in wpdive Better Elementor Addons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Better Elementor Addons: from n/a through 1.3.7.
CVE-2025-68603MedDec 24, 2025
Zackgrossbart
Editorial Calendar
risk 0.35cvss 5.4epss 0.00
Missing Authorization vulnerability in Marketing Fire Editorial Calendar editorial-calendar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Editorial Calendar: from n/a through <= 3.8.8.
CVE-2025-68593MedDec 24, 2025
Wpadminify
Wp Adminify
risk 0.35cvss 5.4epss 0.00
Missing Authorization vulnerability in Liton Arefin WP Adminify adminify allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Adminify: from n/a through <= 4.0.6.1.
CVE-2025-68591MedDec 24, 2025
Simplefilelist
Simple File List
risk 0.35cvss 5.4epss 0.00
Missing Authorization vulnerability in Mitchell Bennis Simple File List simple-file-list allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simple File List: from n/a through <= 6.1.18.
CVE-2025-68581MedDec 24, 2025
WordPress
Yith Slider For Page Builders
risk 0.35cvss 5.4epss 0.00
Missing Authorization vulnerability in YITHEMES YITH Slider for page builders yith-slider-for-page-builders allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects YITH Slider for page builders: from n/a through <= 1.0.11.
CVE-2025-68517MedDec 24, 2025
WordPress
Tablesome
risk 0.35cvss 5.4epss 0.00
Missing Authorization vulnerability in Essekia Tablesome tablesome allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tablesome: from n/a through <= 1.1.35.1.
CVE-2023-25445MedDec 21, 2025
WordPress
Happyfiles Pro
risk 0.35cvss 5.4epss 0.00
Missing Authorization vulnerability in HappyFiles HappyFiles Pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects HappyFiles Pro: from n/a through 1.8.1.
CVE-2025-14455MedDec 19, 2025
WordPress
Final Tiles Grid Gallery Lite
risk 0.35cvss 5.4epss 0.00
The Image Photo Gallery Final Tiles Grid plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.6.7. This is due to the plugin not properly verifying that a user is authorized to perform actions on gallery management functions. This makes it possible for authenticated attackers, with Contributor-level access and above, to delete, modify, or clone galleries created by any user, including administrators.
CVE-2025-62961MedDec 18, 2025
sparklewpthemes
Sparkle FSE
risk 0.35cvss 5.4epss 0.00
Missing Authorization vulnerability in sparklewpthemes Sparkle FSE sparkle-fse allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sparkle FSE: from n/a through <= 1.0.9.
CVE-2025-62960MedDec 18, 2025
sparklewpthemes
Construction Light
risk 0.35cvss 5.4epss 0.00
Missing Authorization vulnerability in sparklewpthemes Construction Light construction-light allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Construction Light: from n/a through <= 1.6.7.