CWE-862

Missing Authorization

ClassIncompleteLikelihood: High

Description

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

Hierarchy (View 1000)

Parents

CWE-285

Children

Related attack patterns (CAPEC)

CAPEC-665

CVEs mapped to this weakness (4,593)

page 90 of 230

CVE	Vendor / Product	Sev	Risk	CVSS	Published	Description
CVE-2025-22696	WordPress Document	Med	0.35	5.4	Feb 4, 2025	Missing Authorization vulnerability in WPDeveloper Document Block – Upload & Embed Docs document.This issue affects Document Block – Upload & Embed Docs: from n/a through <= 1.1.0.
CVE-2025-23849	WordPress Papercite	Med	0.35	5.4	Jan 27, 2025	Missing Authorization vulnerability in bpiwowar PAPERCITE papercite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PAPERCITE: from n/a through <= 0.5.18.
CVE-2025-24750	WordPress Google Analytics Dashboard For Wp	Med	0.35	5.4	Jan 24, 2025	Missing Authorization vulnerability in Syed Balkhi ExactMetrics google-analytics-dashboard-for-wp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ExactMetrics: from n/a through <= 8.1.0.
CVE-2025-24652	WordPress Local Sync	Med	0.35	5.4	Jan 24, 2025	Missing Authorization vulnerability in revmakx WP Duplicate local-sync allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Duplicate: from n/a through <= 1.1.6.
CVE-2025-24604	WordPress V Form	Med	0.35	5.4	Jan 24, 2025	Missing Authorization vulnerability in Vikas Ratudi VPSUForm v-form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects VPSUForm: from n/a through <= 3.0.5.
CVE-2025-24571	WordPress Fulltext Search	Med	0.35	5.4	Jan 24, 2025	Missing Authorization vulnerability in Epsiloncool WP Fast Total Search fulltext-search allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Fast Total Search: from n/a through <= 1.78.258.
CVE-2025-23963	WordPress Mark Posts	Med	0.35	5.4	Jan 16, 2025	Missing Authorization vulnerability in flymke Mark Posts mark-posts allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Mark Posts: from n/a through <= 2.2.4.
CVE-2025-23961	WordPress Graph Lite	Med	0.35	5.4	Jan 16, 2025	Missing Authorization vulnerability in wptasker WordPress Graphs & Charts graph-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WordPress Graphs & Charts: from n/a through <= 2.0.8.
CVE-2025-23917	WordPress Chamber Dashboard Business Directory	Med	0.35	5.4	Jan 16, 2025	Missing Authorization vulnerability in Chandrika Guntur, Morgan Kay Chamber Dashboard Business Directory allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Chamber Dashboard Business Directory: from n/a through 3.3.8.
CVE-2025-23916	WordPress Wp Meetup	Med	0.35	5.4	Jan 16, 2025	Missing Authorization vulnerability in Nuanced Media WP Meetup wp-meetup allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Meetup: from n/a through <= 2.3.0.
CVE-2025-23778	WordPress Registered User Sync Activecampaign	Med	0.35	5.4	Jan 16, 2025	Missing Authorization vulnerability in Pravin Durugkar User Sync ActiveCampaign registered-user-sync-activecampaign allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects User Sync ActiveCampaign: from n/a through <= 1.3.2.
CVE-2025-23761	WordPress Woo Tuner	Med	0.35	5.4	Jan 16, 2025	Missing Authorization vulnerability in Alex Volkov Woo Tuner allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Woo Tuner: from n/a through 0.1.2.
CVE-2024-12204	WordPress Coupon X Discount Pop Up	Med	0.35	5.4	Jan 11, 2025	The Coupon X: Discount Pop Up, Promo Code Pop Ups, Announcement Pop Up, WooCommerce Popups plugin for WordPress is vulnerable to unauthorized access due to missing capability checks on several functions in the class-cx-rest.php file in all versions up to, and including, 1.3.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to create 100% off coupons, delete posts, delete leads, and update coupon statuses.
CVE-2025-22543	WordPress St Gallery Wp	Med	0.35	5.4	Jan 7, 2025	Missing Authorization vulnerability in beautifultemplates ST Gallery WP st-gallery-wp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ST Gallery WP: from n/a through <= 1.0.8.
CVE-2025-22541	WordPress Etruel Del Post Copies	Med	0.35	5.4	Jan 7, 2025	Missing Authorization vulnerability in etruel WP Delete Post Copies etruel-del-post-copies allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Delete Post Copies: from n/a through <= 5.5.
CVE-2025-22534	WordPress Slide	Med	0.35	5.4	Jan 7, 2025	Missing Authorization vulnerability in Ella Van Durpe Slides & Presentations slide allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Slides & Presentations: from n/a through <= 0.0.39.
CVE-2022-45811	WordPress Post Teaser	Med	0.35	5.4	Jan 2, 2025	Missing Authorization vulnerability in WeyHan Ng Post Teaser.This issue affects Post Teaser: from n/a through 4.1.5.
CVE-2023-45272	WordPress Wd Google Maps	Med	0.35	5.4	Jan 2, 2025	Missing Authorization vulnerability in 10Web 10Web Map Builder for Google Maps allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects 10Web Map Builder for Google Maps: from n/a through 1.0.73.
CVE-2023-32240	WordPress Woodmart	Med	0.35	5.4	Jan 2, 2025	Missing Authorization vulnerability in Xtemos WoodMart allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WoodMart: from n/a through 7.2.1.
CVE-2024-56253	WordPress Data Tables Generator By Supsystic	Med	0.35	5.4	Jan 2, 2025	Missing Authorization vulnerability in supsystic Data Tables Generator by Supsystic data-tables-generator-by-supsystic allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Data Tables Generator by Supsystic: from n/a through <= 1.10.36.

CVE-2025-22696MedFeb 4, 2025
WordPress
Document
risk 0.35cvss 5.4epss 0.00
Missing Authorization vulnerability in WPDeveloper Document Block – Upload & Embed Docs document.This issue affects Document Block – Upload & Embed Docs: from n/a through <= 1.1.0.
CVE-2025-23849MedJan 27, 2025
WordPress
Papercite
risk 0.35cvss 5.4epss 0.00
Missing Authorization vulnerability in bpiwowar PAPERCITE papercite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PAPERCITE: from n/a through <= 0.5.18.
CVE-2025-24750MedJan 24, 2025
WordPress
Google Analytics Dashboard For Wp
risk 0.35cvss 5.4epss 0.00
Missing Authorization vulnerability in Syed Balkhi ExactMetrics google-analytics-dashboard-for-wp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ExactMetrics: from n/a through <= 8.1.0.
CVE-2025-24652MedJan 24, 2025
WordPress
Local Sync
risk 0.35cvss 5.4epss 0.00
Missing Authorization vulnerability in revmakx WP Duplicate local-sync allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Duplicate: from n/a through <= 1.1.6.
CVE-2025-24604MedJan 24, 2025
WordPress
V Form
risk 0.35cvss 5.4epss 0.00
Missing Authorization vulnerability in Vikas Ratudi VPSUForm v-form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects VPSUForm: from n/a through <= 3.0.5.
CVE-2025-24571MedJan 24, 2025
WordPress
Fulltext Search
risk 0.35cvss 5.4epss 0.00
Missing Authorization vulnerability in Epsiloncool WP Fast Total Search fulltext-search allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Fast Total Search: from n/a through <= 1.78.258.
CVE-2025-23963MedJan 16, 2025
WordPress
Mark Posts
risk 0.35cvss 5.4epss 0.00
Missing Authorization vulnerability in flymke Mark Posts mark-posts allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Mark Posts: from n/a through <= 2.2.4.
CVE-2025-23961MedJan 16, 2025
WordPress
Graph Lite
risk 0.35cvss 5.4epss 0.00
Missing Authorization vulnerability in wptasker WordPress Graphs & Charts graph-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WordPress Graphs & Charts: from n/a through <= 2.0.8.
CVE-2025-23917MedJan 16, 2025
WordPress
Chamber Dashboard Business Directory
risk 0.35cvss 5.4epss 0.00
Missing Authorization vulnerability in Chandrika Guntur, Morgan Kay Chamber Dashboard Business Directory allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Chamber Dashboard Business Directory: from n/a through 3.3.8.
CVE-2025-23916MedJan 16, 2025
WordPress
Wp Meetup
risk 0.35cvss 5.4epss 0.00
Missing Authorization vulnerability in Nuanced Media WP Meetup wp-meetup allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Meetup: from n/a through <= 2.3.0.
CVE-2025-23778MedJan 16, 2025
WordPress
Registered User Sync Activecampaign
risk 0.35cvss 5.4epss 0.00
Missing Authorization vulnerability in Pravin Durugkar User Sync ActiveCampaign registered-user-sync-activecampaign allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects User Sync ActiveCampaign: from n/a through <= 1.3.2.
CVE-2025-23761MedJan 16, 2025
WordPress
Woo Tuner
risk 0.35cvss 5.4epss 0.00
Missing Authorization vulnerability in Alex Volkov Woo Tuner allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Woo Tuner: from n/a through 0.1.2.
CVE-2024-12204MedJan 11, 2025
WordPress
Coupon X Discount Pop Up
risk 0.35cvss 5.4epss 0.00
The Coupon X: Discount Pop Up, Promo Code Pop Ups, Announcement Pop Up, WooCommerce Popups plugin for WordPress is vulnerable to unauthorized access due to missing capability checks on several functions in the class-cx-rest.php file in all versions up to, and including, 1.3.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to create 100% off coupons, delete posts, delete leads, and update coupon statuses.
CVE-2025-22543MedJan 7, 2025
WordPress
St Gallery Wp
risk 0.35cvss 5.4epss 0.00
Missing Authorization vulnerability in beautifultemplates ST Gallery WP st-gallery-wp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ST Gallery WP: from n/a through <= 1.0.8.
CVE-2025-22541MedJan 7, 2025
WordPress
Etruel Del Post Copies
risk 0.35cvss 5.4epss 0.00
Missing Authorization vulnerability in etruel WP Delete Post Copies etruel-del-post-copies allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Delete Post Copies: from n/a through <= 5.5.
CVE-2025-22534MedJan 7, 2025
WordPress
Slide
risk 0.35cvss 5.4epss 0.00
Missing Authorization vulnerability in Ella Van Durpe Slides & Presentations slide allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Slides & Presentations: from n/a through <= 0.0.39.
CVE-2022-45811MedJan 2, 2025
WordPress
Post Teaser
risk 0.35cvss 5.4epss 0.00
Missing Authorization vulnerability in WeyHan Ng Post Teaser.This issue affects Post Teaser: from n/a through 4.1.5.
CVE-2023-45272MedJan 2, 2025
WordPress
Wd Google Maps
risk 0.35cvss 5.4epss 0.00
Missing Authorization vulnerability in 10Web 10Web Map Builder for Google Maps allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects 10Web Map Builder for Google Maps: from n/a through 1.0.73.
CVE-2023-32240MedJan 2, 2025
WordPress
Woodmart
risk 0.35cvss 5.4epss 0.00
Missing Authorization vulnerability in Xtemos WoodMart allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WoodMart: from n/a through 7.2.1.
CVE-2024-56253MedJan 2, 2025
WordPress
Data Tables Generator By Supsystic
risk 0.35cvss 5.4epss 0.00
Missing Authorization vulnerability in supsystic Data Tables Generator by Supsystic data-tables-generator-by-supsystic allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Data Tables Generator by Supsystic: from n/a through <= 1.10.36.