CWE-862
Missing Authorization
Description
The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-665
CVEs mapped to this weakness (5,549)
page 85 of 278| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-43007 | Med | 0.41 | 6.3 | 0.00 | May 13, 2025 | SAP Service Parts Management (SPM) does not perform necessary authorization checks for an authenticated user, allowing an attacker to escalate privileges. This has low impact on confidentiality, integrity and availability of the application. | ||
| CVE-2025-31841 | Med | 0.41 | 6.3 | 0.00 | Apr 3, 2025 | Missing Authorization vulnerability in Frank P. Walentynowicz FPW Category Thumbnails fpw-category-thumbnails allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects FPW Category Thumbnails: from n/a through <= 1.9.5. | ||
| CVE-2025-23440 | Med | 0.41 | 6.3 | 0.00 | Mar 3, 2025 | Missing Authorization vulnerability in radicaldesigns radSLIDE radslide allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects radSLIDE: from n/a through <= 2.1. | ||
| CVE-2025-22702 | Med | 0.41 | 6.3 | 0.00 | Feb 14, 2025 | Missing Authorization vulnerability in ThemeGoods Photography photography allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Photography: from n/a through <= 7.7.2. | ||
| CVE-2025-22698 | Med | 0.41 | 6.3 | 0.00 | Feb 14, 2025 | Missing Authorization vulnerability in Ability, Inc Accessibility Suite online-accessibility allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Accessibility Suite: from n/a through <= 4.18. | ||
| CVE-2025-0067 | Med | 0.41 | 6.3 | 0.00 | Jan 14, 2025 | Due to a missing authorization check on service endpoints in the SAP NetWeaver Application Server Java, an attacker with standard user role can create JCo connection entries, which are used for remote function calls from or to the application server. This could lead to low… | ||
| CVE-2024-56266 | Med | 0.41 | 6.3 | 0.00 | Jan 2, 2025 | Missing Authorization vulnerability in sonaar MP3 Audio Player for Music, Radio & Podcast by Sonaar mp3-music-player-by-sonaar allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects MP3 Audio Player for Music, Radio & Podcast by Sonaar: from n/a… | ||
| CVE-2024-54252 | Med | 0.41 | 6.3 | 0.00 | Dec 13, 2024 | Missing Authorization vulnerability in DOTonPAPER Pinpoint Booking System booking-system allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Pinpoint Booking System: from n/a through <= 2.9.9.5.7. | ||
| CVE-2024-54254 | Med | 0.41 | 6.3 | 0.00 | Dec 9, 2024 | Missing Authorization vulnerability in Kofi Mokome Message Filter for Contact Form 7 cf7-message-filter.This issue affects Message Filter for Contact Form 7: from n/a through <= 1.6.3. | ||
| CVE-2023-29237 | Med | 0.41 | 6.3 | 0.00 | Dec 9, 2024 | Missing Authorization vulnerability in Muhammad Rehman Remove Duplicate Posts allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Remove Duplicate Posts: from n/a through 1.3.5. | ||
| CVE-2023-27449 | Med | 0.41 | 6.3 | 0.00 | Dec 9, 2024 | Missing Authorization vulnerability in TotalSuite Total Poll Lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Total Poll Lite: from n/a through 4.8.6. | ||
| CVE-2024-43285 | Med | 0.41 | 6.3 | 0.00 | Nov 1, 2024 | Missing Authorization vulnerability in Presto Made, Inc Presto Player allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Presto Player: from n/a through 3.0.2. | ||
| CVE-2024-43146 | Med | 0.41 | 6.3 | 0.00 | Nov 1, 2024 | Missing Authorization vulnerability in Ahmed Kaludi, Mohammed Kaludi AMP for WP allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AMP for WP: from n/a through 1.0.96.1. | ||
| CVE-2024-37929 | Med | 0.41 | 6.3 | 0.00 | Nov 1, 2024 | Missing Authorization vulnerability in solwin User Activity Log Pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects User Activity Log Pro: from n/a through 2.3.4. | ||
| CVE-2024-37516 | Med | 0.41 | 6.3 | 0.00 | Nov 1, 2024 | Missing Authorization vulnerability in fifu.App Featured Image from URL allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Featured Image from URL: from n/a through 4.8.2. | ||
| CVE-2024-9628 | Med | 0.41 | 6.3 | 0.00 | Oct 25, 2024 | The WPS Telegram Chat plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the 'Wps_Telegram_Chat_Admin::checkСonnection' function in versions up to, and including, 4.6.0. This makes it possible for… | ||
| CVE-2024-10078 | Med | 0.41 | 6.3 | 0.00 | Oct 18, 2024 | The WP Easy Post Types plugin for WordPress is vulnerable to unauthorized access, modification, and loss of data due to a missing capability check on multiple functions in all versions up to, and including, 1.4.4. This makes it possible for authenticated attackers, with… | ||
| CVE-2022-4974 | Med | 0.41 | 6.3 | 0.00 | Oct 16, 2024 | The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions… | ||
| CVE-2020-36834 | Med | 0.41 | 6.3 | 0.00 | Oct 16, 2024 | The Discount Rules for WooCommerce plugin for WordPress is vulnerable to missing authorization via several AJAX actions in versions up to, and including, 2.0.2 due to missing capability checks on various functions. This makes it possible for subscriber-level attackers to execute… | ||
| CVE-2020-36833 | Med | 0.41 | 6.3 | 0.00 | Oct 16, 2024 | The Indeed Membership Pro plugin for WordPress is vulnerable to authorization bypass due to missing capability checks on various AJAX actions in versions 7.3 - 8.6. This makes it possible for authenticated attacker, with minimal permission, such as a subscriber, to perform a… |
- risk 0.41cvss 6.3epss 0.00
SAP Service Parts Management (SPM) does not perform necessary authorization checks for an authenticated user, allowing an attacker to escalate privileges. This has low impact on confidentiality, integrity and availability of the application.
- risk 0.41cvss 6.3epss 0.00
Missing Authorization vulnerability in Frank P. Walentynowicz FPW Category Thumbnails fpw-category-thumbnails allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects FPW Category Thumbnails: from n/a through <= 1.9.5.
- risk 0.41cvss 6.3epss 0.00
Missing Authorization vulnerability in radicaldesigns radSLIDE radslide allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects radSLIDE: from n/a through <= 2.1.
- risk 0.41cvss 6.3epss 0.00
Missing Authorization vulnerability in ThemeGoods Photography photography allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Photography: from n/a through <= 7.7.2.
- risk 0.41cvss 6.3epss 0.00
Missing Authorization vulnerability in Ability, Inc Accessibility Suite online-accessibility allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Accessibility Suite: from n/a through <= 4.18.
- risk 0.41cvss 6.3epss 0.00
Due to a missing authorization check on service endpoints in the SAP NetWeaver Application Server Java, an attacker with standard user role can create JCo connection entries, which are used for remote function calls from or to the application server. This could lead to low…
- risk 0.41cvss 6.3epss 0.00
Missing Authorization vulnerability in sonaar MP3 Audio Player for Music, Radio & Podcast by Sonaar mp3-music-player-by-sonaar allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects MP3 Audio Player for Music, Radio & Podcast by Sonaar: from n/a…
- risk 0.41cvss 6.3epss 0.00
Missing Authorization vulnerability in DOTonPAPER Pinpoint Booking System booking-system allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Pinpoint Booking System: from n/a through <= 2.9.9.5.7.
- risk 0.41cvss 6.3epss 0.00
Missing Authorization vulnerability in Kofi Mokome Message Filter for Contact Form 7 cf7-message-filter.This issue affects Message Filter for Contact Form 7: from n/a through <= 1.6.3.
- risk 0.41cvss 6.3epss 0.00
Missing Authorization vulnerability in Muhammad Rehman Remove Duplicate Posts allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Remove Duplicate Posts: from n/a through 1.3.5.
- risk 0.41cvss 6.3epss 0.00
Missing Authorization vulnerability in TotalSuite Total Poll Lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Total Poll Lite: from n/a through 4.8.6.
- risk 0.41cvss 6.3epss 0.00
Missing Authorization vulnerability in Presto Made, Inc Presto Player allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Presto Player: from n/a through 3.0.2.
- risk 0.41cvss 6.3epss 0.00
Missing Authorization vulnerability in Ahmed Kaludi, Mohammed Kaludi AMP for WP allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AMP for WP: from n/a through 1.0.96.1.
- risk 0.41cvss 6.3epss 0.00
Missing Authorization vulnerability in solwin User Activity Log Pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects User Activity Log Pro: from n/a through 2.3.4.
- risk 0.41cvss 6.3epss 0.00
Missing Authorization vulnerability in fifu.App Featured Image from URL allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Featured Image from URL: from n/a through 4.8.2.
- risk 0.41cvss 6.3epss 0.00
The WPS Telegram Chat plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the 'Wps_Telegram_Chat_Admin::checkСonnection' function in versions up to, and including, 4.6.0. This makes it possible for…
- risk 0.41cvss 6.3epss 0.00
The WP Easy Post Types plugin for WordPress is vulnerable to unauthorized access, modification, and loss of data due to a missing capability check on multiple functions in all versions up to, and including, 1.4.4. This makes it possible for authenticated attackers, with…
- risk 0.41cvss 6.3epss 0.00
The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions…
- risk 0.41cvss 6.3epss 0.00
The Discount Rules for WooCommerce plugin for WordPress is vulnerable to missing authorization via several AJAX actions in versions up to, and including, 2.0.2 due to missing capability checks on various functions. This makes it possible for subscriber-level attackers to execute…
- risk 0.41cvss 6.3epss 0.00
The Indeed Membership Pro plugin for WordPress is vulnerable to authorization bypass due to missing capability checks on various AJAX actions in versions 7.3 - 8.6. This makes it possible for authenticated attacker, with minimal permission, such as a subscriber, to perform a…