CWE-862

Missing Authorization

ClassIncompleteLikelihood: High

Description

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

Hierarchy (View 1000)

Parents

CWE-285

Children

Related attack patterns (CAPEC)

CAPEC-665

CVEs mapped to this weakness (4,593)

page 89 of 230

CVE	Vendor / Product	Sev	Risk	CVSS	EPSS	Published	Description
CVE-2025-31791	WordPress Pin Generator	Med	0.35	5.4	0.00	Apr 1, 2025	Missing Authorization vulnerability in Oliver Boyers Pin Generator pin-generator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Pin Generator: from n/a through <= 2.0.0.
CVE-2025-31782	WordPress Wpmbytplayer	Med	0.35	5.4	0.00	Apr 1, 2025	Missing Authorization vulnerability in pupunzi mb.YTPlayer wpmbytplayer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects mb.YTPlayer: from n/a through <= 3.3.8.
CVE-2025-31774	WordPress Getastra	Med	0.35	5.3	0.01	Apr 1, 2025	Missing Authorization vulnerability in WebProtect.ai Astra Security Suite getastra allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Astra Security Suite: from n/a through <= 0.2.
CVE-2025-31757	WordPress Free Product Table For Woocommerce	Med	0.35	5.4	0.00	Apr 1, 2025	Missing Authorization vulnerability in BinaryCarpenter Free Woocommerce Product Table View free-product-table-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Free Woocommerce Product Table View: from n/a through <= 1.78.
CVE-2025-31603	WordPress Cf7 Spreadsheets	Med	0.35	5.4	0.00	Mar 31, 2025	Missing Authorization vulnerability in moshensky CF7 Spreadsheets cf7-spreadsheets allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CF7 Spreadsheets: from n/a through <= 2.3.2.
CVE-2025-31584	WordPress Elfsight Testimonials Slider	Med	0.35	5.4	0.00	Mar 31, 2025	Missing Authorization vulnerability in elfsight Elfsight Testimonials Slider elfsight-testimonials-slider allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Elfsight Testimonials Slider: from n/a through <= 1.0.1.
CVE-2025-31555	WordPress Contentmx Content Publisher	Med	0.35	5.4	0.00	Mar 31, 2025	Missing Authorization vulnerability in ContentMX ContentMX Content Publisher contentmx-content-publisher allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ContentMX Content Publisher: from n/a through <= 1.0.6.
CVE-2025-31545	WordPress Safe Ai Malware Protection For Wp	Med	0.35	5.4	0.00	Mar 31, 2025	Missing Authorization vulnerability in WP Messiah Safe Ai Malware Protection for WP safe-ai-malware-protection-for-wp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Safe Ai Malware Protection for WP: from n/a through <= 1.0.20.
CVE-2025-22770	WordPress Envo Multipurpose	Med	0.35	5.4	0.00	Mar 27, 2025	Missing Authorization vulnerability in EnvoThemes Envo Multipurpose allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Envo Multipurpose: from n/a through 1.1.6.
CVE-2025-30896	—	Med	0.35	5.4	0.00	Mar 27, 2025	Missing Authorization vulnerability in weDevs WP ERP erp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP ERP: from n/a through <= 1.13.4.
CVE-2025-30824	WordPress Webtexttool	Med	0.35	5.4	0.01	Mar 27, 2025	Missing Authorization vulnerability in Israpil Textmetrics webtexttool allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Textmetrics: from n/a through <= 3.6.1.
CVE-2025-30817	WordPress Z Companion	Med	0.35	5.4	0.00	Mar 27, 2025	Missing Authorization vulnerability in wpzita Z Companion z-companion allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Z Companion: from n/a through <= 1.0.13.
CVE-2025-30809	WordPress Liveforms	Med	0.35	5.4	0.00	Mar 27, 2025	Missing Authorization vulnerability in Shahjada Live Forms liveforms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Live Forms: from n/a through <= 4.8.4.
CVE-2025-30767	WordPress Pdf For Wpforms	Med	0.35	5.4	0.00	Mar 27, 2025	Missing Authorization vulnerability in add-ons.org PDF for WPForms pdf-for-wpforms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PDF for WPForms: from n/a through <= 5.3.0.
CVE-2025-1681	WordPress Cardealer	Med	0.35	5.4	0.00	Feb 28, 2025	The Cardealer theme for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check and missing filename sanitization on the demo theme scheme AJAX functions in versions up to, and including, 1.6.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to change or delete arbitrary css and js files.
CVE-2025-27000	WordPress Simple Photo Feed	Med	0.35	5.4	0.00	Feb 25, 2025	Missing Authorization vulnerability in George Pattichis Simple Photo Feed simple-photo-feed allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simple Photo Feed: from n/a through <= 1.4.0.
CVE-2025-26995	WordPress Market Exporter	Med	0.35	5.4	0.00	Feb 25, 2025	Missing Authorization vulnerability in Anton Vanyukov Market Exporter market-exporter allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Market Exporter: from n/a through <= 2.0.21.
CVE-2025-27356	WordPress Sticky Header On Scroll	Med	0.35	5.4	0.00	Feb 24, 2025	Missing Authorization vulnerability in Hardik Sticky Header On Scroll sticky-header-on-scroll allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sticky Header On Scroll: from n/a through <= 1.0.
CVE-2025-26765	WordPress Distance Based Shipping Calculator	Med	0.35	5.4	0.00	Feb 16, 2025	Missing Authorization vulnerability in enituretechnology Distance Based Shipping Calculator distance-based-shipping-calculator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Distance Based Shipping Calculator: from n/a through <= 2.0.22.
CVE-2025-25241	—	Med	0.35	5.4	0.00	Feb 11, 2025	Due to a missing authorization check, an attacker who is logged in to application can view/ delete �My Overtime Requests� which could allow the attacker to access employee information. This leads to low impact on confidentiality, integrity of the application. There is no impact on availability.

CVE-2025-31791MedApr 1, 2025
WordPress
Pin Generator
risk 0.35cvss 5.4epss 0.00
Missing Authorization vulnerability in Oliver Boyers Pin Generator pin-generator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Pin Generator: from n/a through <= 2.0.0.
CVE-2025-31782MedApr 1, 2025
WordPress
Wpmbytplayer
risk 0.35cvss 5.4epss 0.00
Missing Authorization vulnerability in pupunzi mb.YTPlayer wpmbytplayer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects mb.YTPlayer: from n/a through <= 3.3.8.
CVE-2025-31774MedApr 1, 2025
WordPress
Getastra
risk 0.35cvss 5.3epss 0.01
Missing Authorization vulnerability in WebProtect.ai Astra Security Suite getastra allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Astra Security Suite: from n/a through <= 0.2.
CVE-2025-31757MedApr 1, 2025
WordPress
Free Product Table For Woocommerce
risk 0.35cvss 5.4epss 0.00
Missing Authorization vulnerability in BinaryCarpenter Free Woocommerce Product Table View free-product-table-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Free Woocommerce Product Table View: from n/a through <= 1.78.
CVE-2025-31603MedMar 31, 2025
WordPress
Cf7 Spreadsheets
risk 0.35cvss 5.4epss 0.00
Missing Authorization vulnerability in moshensky CF7 Spreadsheets cf7-spreadsheets allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CF7 Spreadsheets: from n/a through <= 2.3.2.
CVE-2025-31584MedMar 31, 2025
WordPress
Elfsight Testimonials Slider
risk 0.35cvss 5.4epss 0.00
Missing Authorization vulnerability in elfsight Elfsight Testimonials Slider elfsight-testimonials-slider allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Elfsight Testimonials Slider: from n/a through <= 1.0.1.
CVE-2025-31555MedMar 31, 2025
WordPress
Contentmx Content Publisher
risk 0.35cvss 5.4epss 0.00
Missing Authorization vulnerability in ContentMX ContentMX Content Publisher contentmx-content-publisher allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ContentMX Content Publisher: from n/a through <= 1.0.6.
CVE-2025-31545MedMar 31, 2025
WordPress
Safe Ai Malware Protection For Wp
risk 0.35cvss 5.4epss 0.00
Missing Authorization vulnerability in WP Messiah Safe Ai Malware Protection for WP safe-ai-malware-protection-for-wp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Safe Ai Malware Protection for WP: from n/a through <= 1.0.20.
CVE-2025-22770MedMar 27, 2025
WordPress
Envo Multipurpose
risk 0.35cvss 5.4epss 0.00
Missing Authorization vulnerability in EnvoThemes Envo Multipurpose allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Envo Multipurpose: from n/a through 1.1.6.
CVE-2025-30896MedMar 27, 2025
risk 0.35cvss 5.4epss 0.00
Missing Authorization vulnerability in weDevs WP ERP erp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP ERP: from n/a through <= 1.13.4.
CVE-2025-30824MedMar 27, 2025
WordPress
Webtexttool
risk 0.35cvss 5.4epss 0.01
Missing Authorization vulnerability in Israpil Textmetrics webtexttool allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Textmetrics: from n/a through <= 3.6.1.
CVE-2025-30817MedMar 27, 2025
WordPress
Z Companion
risk 0.35cvss 5.4epss 0.00
Missing Authorization vulnerability in wpzita Z Companion z-companion allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Z Companion: from n/a through <= 1.0.13.
CVE-2025-30809MedMar 27, 2025
WordPress
Liveforms
risk 0.35cvss 5.4epss 0.00
Missing Authorization vulnerability in Shahjada Live Forms liveforms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Live Forms: from n/a through <= 4.8.4.
CVE-2025-30767MedMar 27, 2025
WordPress
Pdf For Wpforms
risk 0.35cvss 5.4epss 0.00
Missing Authorization vulnerability in add-ons.org PDF for WPForms pdf-for-wpforms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PDF for WPForms: from n/a through <= 5.3.0.
CVE-2025-1681MedFeb 28, 2025
WordPress
Cardealer
risk 0.35cvss 5.4epss 0.00
The Cardealer theme for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check and missing filename sanitization on the demo theme scheme AJAX functions in versions up to, and including, 1.6.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to change or delete arbitrary css and js files.
CVE-2025-27000MedFeb 25, 2025
WordPress
Simple Photo Feed
risk 0.35cvss 5.4epss 0.00
Missing Authorization vulnerability in George Pattichis Simple Photo Feed simple-photo-feed allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simple Photo Feed: from n/a through <= 1.4.0.
CVE-2025-26995MedFeb 25, 2025
WordPress
Market Exporter
risk 0.35cvss 5.4epss 0.00
Missing Authorization vulnerability in Anton Vanyukov Market Exporter market-exporter allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Market Exporter: from n/a through <= 2.0.21.
CVE-2025-27356MedFeb 24, 2025
WordPress
Sticky Header On Scroll
risk 0.35cvss 5.4epss 0.00
Missing Authorization vulnerability in Hardik Sticky Header On Scroll sticky-header-on-scroll allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sticky Header On Scroll: from n/a through <= 1.0.
CVE-2025-26765MedFeb 16, 2025
WordPress
Distance Based Shipping Calculator
risk 0.35cvss 5.4epss 0.00
Missing Authorization vulnerability in enituretechnology Distance Based Shipping Calculator distance-based-shipping-calculator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Distance Based Shipping Calculator: from n/a through <= 2.0.22.
CVE-2025-25241MedFeb 11, 2025
risk 0.35cvss 5.4epss 0.00
Due to a missing authorization check, an attacker who is logged in to application can view/ delete �My Overtime Requests� which could allow the attacker to access employee information. This leads to low impact on confidentiality, integrity of the application. There is no impact on availability.