CWE-862

Missing Authorization

ClassIncompleteLikelihood: High

Description

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

Hierarchy (View 1000)

Parents

CWE-285

Children

Related attack patterns (CAPEC)

CAPEC-665

CVEs mapped to this weakness (4,588)

page 87 of 230

CVE	Vendor / Product	Sev	Risk	CVSS	Published	Description
CVE-2025-48246	WordPress The Events Calendar	Med	0.35	5.4	May 19, 2025	Missing Authorization vulnerability in StellarWP The Events Calendar the-events-calendar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects The Events Calendar: from n/a through <= 6.11.2.1.
CVE-2025-47556	WordPress Css3 Web Pricing Tables Grids	Med	0.35	5.4	May 16, 2025	Missing Authorization vulnerability in QuanticaLabs CSS3 Compare Pricing Tables for WordPress css3_web_pricing_tables_grids allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CSS3 Compare Pricing Tables for WordPress: from n/a through <= 11.6.
CVE-2025-31923	—	Med	0.35	5.4	May 16, 2025	Missing Authorization vulnerability in QuanticaLabs CSS3 Accordions for WordPress css3_accordions allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CSS3 Accordions for WordPress: from n/a through <= 3.0.
CVE-2025-47580	Etoilewebdesign Front End Users	Med	0.35	5.4	May 15, 2025	Missing Authorization vulnerability in Rustaurius Front End Users front-end-only-users allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Front End Users: from n/a through <= 3.2.35.
CVE-2025-47628	Quomodosoft Qs Dark Mode	Med	0.35	5.4	May 7, 2025	Missing Authorization vulnerability in quomodosoft QS Dark Mode qs-dark-mode allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects QS Dark Mode: from n/a through <= 3.0.
CVE-2025-47612	Flowdee Clickwhale	Med	0.35	5.4	May 7, 2025	Missing Authorization vulnerability in ClickWhale ClickWhale clickwhale allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ClickWhale: from n/a through <= 2.4.6.
CVE-2025-47602	WordPress Calculate Prices Based On Distance For Woocommerce	Med	0.35	5.4	May 7, 2025	Missing Authorization vulnerability in ammarahmad786 Calculate Prices based on Distance For WooCommerce calculate-prices-based-on-distance-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Calculate Prices based on Distance For WooCommerce: from n/a through <= 1.3.5.
CVE-2025-47526	—	Med	0.35	5.4	May 7, 2025	Missing Authorization vulnerability in GS Plugins GS Variation Swatches for WooCommerce gs-woo-variation-swatches allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GS Variation Swatches for WooCommerce: from n/a through <= 3.0.4.
CVE-2025-47480	WordPress Graphina Elementor Charts And Graphs	Med	0.35	5.4	May 7, 2025	Missing Authorization vulnerability in Iqonic Design Graphina graphina-elementor-charts-and-graphs allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Graphina: from n/a through <= 3.0.4.
CVE-2025-47472	—	Med	0.35	5.4	May 7, 2025	Missing Authorization vulnerability in codepeople Music Player for WooCommerce music-player-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Music Player for WooCommerce: from n/a through <= 1.5.1.
CVE-2025-47469	WordPress Media Hygiene	Med	0.35	5.4	May 7, 2025	Missing Authorization vulnerability in slui Media Hygiene media-hygiene allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Media Hygiene: from n/a through <= 4.0.0.
CVE-2025-3766	WordPress Login Lockdown	Med	0.35	5.4	May 7, 2025	The Login Lockdown & Protection plugin for WordPress is vulnerable to unauthorized nonce access due to a missing capability check on the ajax_run_tool function in all versions up to, and including, 2.11. This makes it possible for authenticated attackers, with Subscriber-level access and above, to obtain a valid nonce that can be used to generate a global unlock key, which can in turn be used to add arbitrary IP address to the plugin allowlist. This can only by exploited on new installations where the site administrator hasn't visited the loginlockdown page yet.
CVE-2025-3953	WordPress Wp Statistics	Med	0.35	5.4	Apr 30, 2025	The WP Statistics – The Most Popular Privacy-Friendly Analytics Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'optionUpdater' function in all versions up to, and including, 14.13.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update arbitrary plugin settings.
CVE-2025-46535	WordPress Ms Registration	Med	0.35	5.4	Apr 25, 2025	Missing Authorization vulnerability in AlphaEfficiencyTeam Custom Login and Registration allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Custom Login and Registration: from n/a through 1.0.0.
CVE-2025-39456	—	Med	0.35	5.4	Apr 17, 2025	Missing Authorization vulnerability in iTRON WP Logger wp-data-logger allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Logger: from n/a through <= 2.2.
CVE-2025-39591	—	Med	0.35	5.4	Apr 16, 2025	Missing Authorization vulnerability in WP Shuffle WP Subscription Forms wp-subscription-forms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Subscription Forms: from n/a through <= 1.2.3.
CVE-2025-39560	—	Med	0.35	5.4	Apr 16, 2025	Missing Authorization vulnerability in Shahjada Live Forms liveforms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Live Forms: from n/a through <= 4.8.4.
CVE-2025-39552	—	Med	0.35	5.4	Apr 16, 2025	Missing Authorization vulnerability in Dylan James Zephyr Project Manager zephyr-project-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Zephyr Project Manager: from n/a through <= 3.3.200.
CVE-2025-39545	—	Med	0.35	5.4	Apr 16, 2025	Missing Authorization vulnerability in miniOrange WordPress REST API Authentication wp-rest-api-authentication allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WordPress REST API Authentication: from n/a through <= 3.6.3.
CVE-2025-39522	—	Med	0.35	5.4	Apr 16, 2025	Missing Authorization vulnerability in Service2Client LLC Dynamic Post dynamic-post allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Dynamic Post: from n/a through <= 5.03.

CVE-2025-48246MedMay 19, 2025
WordPress
The Events Calendar
risk 0.35cvss 5.4epss 0.00
Missing Authorization vulnerability in StellarWP The Events Calendar the-events-calendar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects The Events Calendar: from n/a through <= 6.11.2.1.
CVE-2025-47556MedMay 16, 2025
WordPress
Css3 Web Pricing Tables Grids
risk 0.35cvss 5.4epss 0.00
Missing Authorization vulnerability in QuanticaLabs CSS3 Compare Pricing Tables for WordPress css3_web_pricing_tables_grids allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CSS3 Compare Pricing Tables for WordPress: from n/a through <= 11.6.
CVE-2025-31923MedMay 16, 2025
risk 0.35cvss 5.4epss 0.00
Missing Authorization vulnerability in QuanticaLabs CSS3 Accordions for WordPress css3_accordions allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CSS3 Accordions for WordPress: from n/a through <= 3.0.
CVE-2025-47580MedMay 15, 2025
Etoilewebdesign
Front End Users
risk 0.35cvss 5.4epss 0.00
Missing Authorization vulnerability in Rustaurius Front End Users front-end-only-users allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Front End Users: from n/a through <= 3.2.35.
CVE-2025-47628MedMay 7, 2025
Quomodosoft
Qs Dark Mode
risk 0.35cvss 5.4epss 0.00
Missing Authorization vulnerability in quomodosoft QS Dark Mode qs-dark-mode allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects QS Dark Mode: from n/a through <= 3.0.
CVE-2025-47612MedMay 7, 2025
Flowdee
Clickwhale
risk 0.35cvss 5.4epss 0.00
Missing Authorization vulnerability in ClickWhale ClickWhale clickwhale allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ClickWhale: from n/a through <= 2.4.6.
CVE-2025-47602MedMay 7, 2025
WordPress
Calculate Prices Based On Distance For Woocommerce
risk 0.35cvss 5.4epss 0.00
Missing Authorization vulnerability in ammarahmad786 Calculate Prices based on Distance For WooCommerce calculate-prices-based-on-distance-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Calculate Prices based on Distance For WooCommerce: from n/a through <= 1.3.5.
CVE-2025-47526MedMay 7, 2025
risk 0.35cvss 5.4epss 0.00
Missing Authorization vulnerability in GS Plugins GS Variation Swatches for WooCommerce gs-woo-variation-swatches allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GS Variation Swatches for WooCommerce: from n/a through <= 3.0.4.
CVE-2025-47480MedMay 7, 2025
WordPress
Graphina Elementor Charts And Graphs
risk 0.35cvss 5.4epss 0.00
Missing Authorization vulnerability in Iqonic Design Graphina graphina-elementor-charts-and-graphs allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Graphina: from n/a through <= 3.0.4.
CVE-2025-47472MedMay 7, 2025
risk 0.35cvss 5.4epss 0.00
Missing Authorization vulnerability in codepeople Music Player for WooCommerce music-player-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Music Player for WooCommerce: from n/a through <= 1.5.1.
CVE-2025-47469MedMay 7, 2025
WordPress
Media Hygiene
risk 0.35cvss 5.4epss 0.00
Missing Authorization vulnerability in slui Media Hygiene media-hygiene allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Media Hygiene: from n/a through <= 4.0.0.
CVE-2025-3766MedMay 7, 2025
WordPress
Login Lockdown
risk 0.35cvss 5.4epss 0.00
The Login Lockdown & Protection plugin for WordPress is vulnerable to unauthorized nonce access due to a missing capability check on the ajax_run_tool function in all versions up to, and including, 2.11. This makes it possible for authenticated attackers, with Subscriber-level access and above, to obtain a valid nonce that can be used to generate a global unlock key, which can in turn be used to add arbitrary IP address to the plugin allowlist. This can only by exploited on new installations where the site administrator hasn't visited the loginlockdown page yet.
CVE-2025-3953MedApr 30, 2025
WordPress
Wp Statistics
risk 0.35cvss 5.4epss 0.00
The WP Statistics – The Most Popular Privacy-Friendly Analytics Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'optionUpdater' function in all versions up to, and including, 14.13.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update arbitrary plugin settings.
CVE-2025-46535MedApr 25, 2025
WordPress
Ms Registration
risk 0.35cvss 5.4epss 0.00
Missing Authorization vulnerability in AlphaEfficiencyTeam Custom Login and Registration allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Custom Login and Registration: from n/a through 1.0.0.
CVE-2025-39456MedApr 17, 2025
risk 0.35cvss 5.4epss 0.00
Missing Authorization vulnerability in iTRON WP Logger wp-data-logger allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Logger: from n/a through <= 2.2.
CVE-2025-39591MedApr 16, 2025
risk 0.35cvss 5.4epss 0.00
Missing Authorization vulnerability in WP Shuffle WP Subscription Forms wp-subscription-forms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Subscription Forms: from n/a through <= 1.2.3.
CVE-2025-39560MedApr 16, 2025
risk 0.35cvss 5.4epss 0.00
Missing Authorization vulnerability in Shahjada Live Forms liveforms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Live Forms: from n/a through <= 4.8.4.
CVE-2025-39552MedApr 16, 2025
risk 0.35cvss 5.4epss 0.00
Missing Authorization vulnerability in Dylan James Zephyr Project Manager zephyr-project-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Zephyr Project Manager: from n/a through <= 3.3.200.
CVE-2025-39545MedApr 16, 2025
risk 0.35cvss 5.4epss 0.00
Missing Authorization vulnerability in miniOrange WordPress REST API Authentication wp-rest-api-authentication allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WordPress REST API Authentication: from n/a through <= 3.6.3.
CVE-2025-39522MedApr 16, 2025
risk 0.35cvss 5.4epss 0.00
Missing Authorization vulnerability in Service2Client LLC Dynamic Post dynamic-post allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Dynamic Post: from n/a through <= 5.03.