CWE-862

Missing Authorization

ClassIncompleteLikelihood: High

Description

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

Hierarchy (View 1000)

Parents

CWE-285

Children

Related attack patterns (CAPEC)

CAPEC-665

CVEs mapped to this weakness (4,588)

page 86 of 230

CVE	Vendor / Product	Sev	Risk	CVSS	Published	Description
CVE-2025-53318	WordPress Wp Db Booster	Med	0.35	5.4	Jun 27, 2025	Missing Authorization vulnerability in WPManiax WP DB Booster wp-db-booster allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP DB Booster: from n/a through <= 1.0.1.
CVE-2025-50010	WordPress Zapier	Med	0.35	5.4	Jun 20, 2025	Missing Authorization vulnerability in Zapier Zapier for WordPress zapier allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Zapier for WordPress: from n/a through <= 1.5.2.
CVE-2025-50009	WordPress Kata Plus	Med	0.35	5.4	Jun 20, 2025	Missing Authorization vulnerability in Climax Themes Kata Plus kata-plus allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Kata Plus: from n/a through <= 1.5.3.
CVE-2025-50008	—	Med	0.35	5.4	Jun 20, 2025	Missing Authorization vulnerability in cscode WooCommerce Manager – Customize and Control Cart page, Add to Cart button, Checkout fields easily innovs-woo-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WooCommerce Manager – Customize and Control Cart page, Add to Cart button, Checkout fields easily: from n/a through <= 1.2.4.5.
CVE-2025-49998	WordPress Woocommerce Fortnox Integration	Med	0.35	5.4	Jun 20, 2025	Missing Authorization vulnerability in Wetail WooCommerce Fortnox Integration woocommerce-fortnox-integration allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WooCommerce Fortnox Integration: from n/a through <= 4.5.5.
CVE-2025-42984	—	Med	0.35	5.4	Jun 10, 2025	SAP S/4HANA Manage Central Purchase Contract does not perform necessary authorization checks for an authenticated user. Due to this, an attacker could execute the function import on the entity making it inaccessible for unrestricted user. This has low impact on confidentiality and availability of the application.
CVE-2025-30958	—	Med	0.35	5.4	Jun 6, 2025	Missing Authorization vulnerability in onOffice GmbH onOffice for WP-Websites onoffice-for-wp-websites allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects onOffice for WP-Websites: from n/a through <= 6.5.1.
CVE-2025-30957	WordPress Bp Activity Plus Reloaded	Med	0.35	5.4	Jun 6, 2025	Missing Authorization vulnerability in BuddyDev Activity Plus Reloaded for BuddyPress bp-activity-plus-reloaded allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Activity Plus Reloaded for BuddyPress: from n/a through <= 1.1.2.
CVE-2025-30932	WordPress Wp Compress Mainwp	Med	0.35	5.4	Jun 6, 2025	Missing Authorization vulnerability in WP Compress WP Compress for MainWP wp-compress-mainwp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Compress for MainWP: from n/a through <= 6.30.32.
CVE-2025-30636	WordPress Online Accessibility	Med	0.35	5.4	Jun 6, 2025	Missing Authorization vulnerability in Ability, Inc Accessibility Suite online-accessibility allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Accessibility Suite: from n/a through <= 4.19.
CVE-2025-29013	—	Med	0.35	5.4	Jun 6, 2025	Missing Authorization vulnerability in faaiq Custom Category/Post Type Post order custom-post-order-category allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Custom Category/Post Type Post order: from n/a through <= 1.6.0.
CVE-2025-28985	—	Med	0.35	5.4	Jun 6, 2025	Missing Authorization vulnerability in Elastic Email Elastic Email Subscribe Form elastic-email-subscribe-form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Elastic Email Subscribe Form: from n/a through <= 1.2.2.
CVE-2025-24778	WordPress No Spam At All	Med	0.35	5.4	Jun 6, 2025	Missing Authorization vulnerability in De paragon No Spam At All no-spam-at-all allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects No Spam At All: from n/a through <= 1.3.
CVE-2025-24776	WordPress Responsive Flipbooks	Med	0.35	5.4	Jun 6, 2025	Missing Authorization vulnerability in codelobster Responsive Flipbooks responsive-flipbooks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Responsive Flipbooks: from n/a through <= 1.0.
CVE-2025-24762	WordPress Wp Ticketbai	Med	0.35	5.4	Jun 6, 2025	Missing Authorization vulnerability in facturaone TicketBAI Facturas para WooCommerce wp-ticketbai allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects TicketBAI Facturas para WooCommerce: from n/a through <= 3.45.
CVE-2025-48335	WordPress Responsive Add Ons	Med	0.35	5.4	Jun 6, 2025	Missing Authorization vulnerability in CyberChimps Responsive Plus responsive-add-ons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Responsive Plus: from n/a through <= 3.2.0.
CVE-2025-46258	WordPress Bdthemes Element Pack	Med	0.35	5.4	Jun 5, 2025	Missing Authorization vulnerability in BdThemes Element Pack Pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Element Pack Pro: from n/a before 8.0.0.
CVE-2025-4105	WordPress Splitit Installment Payments	Med	0.35	5.4	May 21, 2025	The Splitit plugin for WordPress is vulnerable to unauthorized modification of data due to missing capability checks on several functions in the 'splitIt-flexfields-payment-gateway.php' file in all versions up to, and including, 4.2.8. This makes it possible for authenticated attackers, with Subscriber-level access and above, to change plugin settings, including changing the environment from sandbox to production and vice versa.
CVE-2025-22287	WordPress Ltl Freight Quotes Freightquote Edition	Med	0.35	5.4	May 19, 2025	Missing Authorization vulnerability in enituretechnology LTL Freight Quotes – FreightQuote Edition ltl-freight-quotes-freightquote-edition allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LTL Freight Quotes – FreightQuote Edition: from n/a through <= 2.3.11.
CVE-2025-26920	—	Med	0.35	5.4	May 19, 2025	Missing Authorization vulnerability in pressmaximum Customify customify-theme allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Customify: from n/a through <= 0.4.8.

CVE-2025-53318MedJun 27, 2025
WordPress
Wp Db Booster
risk 0.35cvss 5.4epss 0.00
Missing Authorization vulnerability in WPManiax WP DB Booster wp-db-booster allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP DB Booster: from n/a through <= 1.0.1.
CVE-2025-50010MedJun 20, 2025
WordPress
Zapier
risk 0.35cvss 5.4epss 0.00
Missing Authorization vulnerability in Zapier Zapier for WordPress zapier allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Zapier for WordPress: from n/a through <= 1.5.2.
CVE-2025-50009MedJun 20, 2025
WordPress
Kata Plus
risk 0.35cvss 5.4epss 0.00
Missing Authorization vulnerability in Climax Themes Kata Plus kata-plus allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Kata Plus: from n/a through <= 1.5.3.
CVE-2025-50008MedJun 20, 2025
risk 0.35cvss 5.4epss 0.00
Missing Authorization vulnerability in cscode WooCommerce Manager – Customize and Control Cart page, Add to Cart button, Checkout fields easily innovs-woo-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WooCommerce Manager – Customize and Control Cart page, Add to Cart button, Checkout fields easily: from n/a through <= 1.2.4.5.
CVE-2025-49998MedJun 20, 2025
WordPress
Woocommerce Fortnox Integration
risk 0.35cvss 5.4epss 0.00
Missing Authorization vulnerability in Wetail WooCommerce Fortnox Integration woocommerce-fortnox-integration allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WooCommerce Fortnox Integration: from n/a through <= 4.5.5.
CVE-2025-42984MedJun 10, 2025
risk 0.35cvss 5.4epss 0.00
SAP S/4HANA Manage Central Purchase Contract does not perform necessary authorization checks for an authenticated user. Due to this, an attacker could execute the function import on the entity making it inaccessible for unrestricted user. This has low impact on confidentiality and availability of the application.
CVE-2025-30958MedJun 6, 2025
risk 0.35cvss 5.4epss 0.00
Missing Authorization vulnerability in onOffice GmbH onOffice for WP-Websites onoffice-for-wp-websites allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects onOffice for WP-Websites: from n/a through <= 6.5.1.
CVE-2025-30957MedJun 6, 2025
WordPress
Bp Activity Plus Reloaded
risk 0.35cvss 5.4epss 0.00
Missing Authorization vulnerability in BuddyDev Activity Plus Reloaded for BuddyPress bp-activity-plus-reloaded allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Activity Plus Reloaded for BuddyPress: from n/a through <= 1.1.2.
CVE-2025-30932MedJun 6, 2025
WordPress
Wp Compress Mainwp
risk 0.35cvss 5.4epss 0.00
Missing Authorization vulnerability in WP Compress WP Compress for MainWP wp-compress-mainwp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Compress for MainWP: from n/a through <= 6.30.32.
CVE-2025-30636MedJun 6, 2025
WordPress
Online Accessibility
risk 0.35cvss 5.4epss 0.00
Missing Authorization vulnerability in Ability, Inc Accessibility Suite online-accessibility allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Accessibility Suite: from n/a through <= 4.19.
CVE-2025-29013MedJun 6, 2025
risk 0.35cvss 5.4epss 0.00
Missing Authorization vulnerability in faaiq Custom Category/Post Type Post order custom-post-order-category allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Custom Category/Post Type Post order: from n/a through <= 1.6.0.
CVE-2025-28985MedJun 6, 2025
risk 0.35cvss 5.4epss 0.00
Missing Authorization vulnerability in Elastic Email Elastic Email Subscribe Form elastic-email-subscribe-form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Elastic Email Subscribe Form: from n/a through <= 1.2.2.
CVE-2025-24778MedJun 6, 2025
WordPress
No Spam At All
risk 0.35cvss 5.4epss 0.00
Missing Authorization vulnerability in De paragon No Spam At All no-spam-at-all allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects No Spam At All: from n/a through <= 1.3.
CVE-2025-24776MedJun 6, 2025
WordPress
Responsive Flipbooks
risk 0.35cvss 5.4epss 0.00
Missing Authorization vulnerability in codelobster Responsive Flipbooks responsive-flipbooks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Responsive Flipbooks: from n/a through <= 1.0.
CVE-2025-24762MedJun 6, 2025
WordPress
Wp Ticketbai
risk 0.35cvss 5.4epss 0.00
Missing Authorization vulnerability in facturaone TicketBAI Facturas para WooCommerce wp-ticketbai allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects TicketBAI Facturas para WooCommerce: from n/a through <= 3.45.
CVE-2025-48335MedJun 6, 2025
WordPress
Responsive Add Ons
risk 0.35cvss 5.4epss 0.00
Missing Authorization vulnerability in CyberChimps Responsive Plus responsive-add-ons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Responsive Plus: from n/a through <= 3.2.0.
CVE-2025-46258MedJun 5, 2025
WordPress
Bdthemes Element Pack
risk 0.35cvss 5.4epss 0.00
Missing Authorization vulnerability in BdThemes Element Pack Pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Element Pack Pro: from n/a before 8.0.0.
CVE-2025-4105MedMay 21, 2025
WordPress
Splitit Installment Payments
risk 0.35cvss 5.4epss 0.00
The Splitit plugin for WordPress is vulnerable to unauthorized modification of data due to missing capability checks on several functions in the 'splitIt-flexfields-payment-gateway.php' file in all versions up to, and including, 4.2.8. This makes it possible for authenticated attackers, with Subscriber-level access and above, to change plugin settings, including changing the environment from sandbox to production and vice versa.
CVE-2025-22287MedMay 19, 2025
WordPress
Ltl Freight Quotes Freightquote Edition
risk 0.35cvss 5.4epss 0.00
Missing Authorization vulnerability in enituretechnology LTL Freight Quotes – FreightQuote Edition ltl-freight-quotes-freightquote-edition allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LTL Freight Quotes – FreightQuote Edition: from n/a through <= 2.3.11.
CVE-2025-26920MedMay 19, 2025
risk 0.35cvss 5.4epss 0.00
Missing Authorization vulnerability in pressmaximum Customify customify-theme allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Customify: from n/a through <= 0.4.8.