CWE-862
Missing Authorization
Description
The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-665
CVEs mapped to this weakness (4,593)
page 91 of 230| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-56244 | Med | 0.35 | 5.4 | 0.00 | Jan 2, 2025 | Missing Authorization vulnerability in WP Royal Ashe Extra ashe-extra allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ashe Extra: from n/a through <= 1.2.92. | ||
| CVE-2023-47661 | Med | 0.35 | 5.4 | 0.00 | Jan 2, 2025 | Missing Authorization vulnerability in Dragfy Dragfy Addons for Elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Dragfy Addons for Elementor: from n/a through 1.0.2. | ||
| CVE-2023-47225 | Med | 0.35 | 5.4 | 0.00 | Jan 2, 2025 | Missing Authorization vulnerability in KaizenCoders Short URL shorten-url allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Short URL: from n/a through <= 1.6.8. | ||
| CVE-2023-47187 | Med | 0.35 | 5.4 | 0.00 | Jan 2, 2025 | Missing Authorization vulnerability in Labib Ahmed Animated Rotating Words css3-rotating-words allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Animated Rotating Words: from n/a through <= 5.4. | ||
| CVE-2023-46633 | Med | 0.35 | 5.4 | 0.00 | Jan 2, 2025 | Missing Authorization vulnerability in TCBarrett Glossary allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Glossary: from n/a through 3.1.2. | ||
| CVE-2023-46616 | Med | 0.35 | 5.4 | 0.00 | Jan 2, 2025 | Missing Authorization vulnerability in NSquared Draw Attention allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Draw Attention: from n/a through 2.0.15. | ||
| CVE-2023-46607 | Med | 0.35 | 5.4 | 0.00 | Jan 2, 2025 | Missing Authorization vulnerability in WP iCal Availability WP iCal Availability allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP iCal Availability: from n/a through 1.0.3. | ||
| CVE-2023-46079 | — | Med | 0.35 | 5.4 | 0.00 | Jan 2, 2025 | Missing Authorization vulnerability in WP Royal Ashe Extra allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ashe Extra: from n/a through 1.2.9. | |
| CVE-2023-45828 | Med | 0.35 | 5.4 | 0.05 | Jan 2, 2025 | Missing Authorization vulnerability in RumbleTalk RumbleTalk Live Group Chat rumbletalk-chat-a-chat-with-themes allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects RumbleTalk Live Group Chat: from n/a through <= 6.2.5. | ||
| CVE-2023-45636 | Med | 0.35 | 5.4 | 0.00 | Jan 2, 2025 | Missing Authorization vulnerability in WebToffee WordPress Backup & Migration wp-migration-duplicator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WordPress Backup & Migration: from n/a through <= 1.4.1. | ||
| CVE-2023-45045 | Med | 0.35 | 5.4 | 0.00 | Jan 2, 2025 | Missing Authorization vulnerability in krozero WP Custom Widget area wp-custom-widget-area allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Custom Widget area: from n/a through <= 1.2.5. | ||
| CVE-2024-49686 | — | Med | 0.35 | 5.4 | 0.00 | Dec 31, 2024 | Missing Authorization vulnerability in fatcatapps Landing Page Cat landing-page-cat.This issue affects Landing Page Cat: from n/a through <= 1.7.4. | |
| CVE-2024-56234 | Med | 0.35 | 5.4 | 0.00 | Dec 31, 2024 | Missing Authorization vulnerability in vowelweb VW Automobile Lite vw-automobile-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects VW Automobile Lite: from n/a through <= 2.1. | ||
| CVE-2024-56225 | Med | 0.35 | 5.4 | 0.00 | Dec 31, 2024 | Missing Authorization vulnerability in Leap13 Premium Addons for Elementor premium-addons-for-elementor allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Premium Addons for Elementor: from n/a through <= 4.10.56. | ||
| CVE-2024-12617 | Med | 0.35 | 5.4 | 0.00 | Dec 24, 2024 | The WC Price History for Omnibus plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several AJAX actions in all versions up to, and including, 2.1.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to view and modify history data. | ||
| CVE-2024-56004 | Med | 0.35 | 5.4 | 0.00 | Dec 16, 2024 | Missing Authorization vulnerability in awfowler Easy Site Importer easy-site-importer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Site Importer: from n/a through <= 1.0.1. | ||
| CVE-2024-55998 | Med | 0.35 | 5.4 | 0.00 | Dec 16, 2024 | Missing Authorization vulnerability in Eric Sloan Popup Surveys & Polls for WordPress (Mare.io) popup-surveys allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Popup Surveys & Polls for WordPress (Mare.io): from n/a through <= 1.36. | ||
| CVE-2024-55992 | Med | 0.35 | 5.4 | 0.00 | Dec 16, 2024 | Missing Authorization vulnerability in Open Tools WooCommerce Basic Ordernumbers woocommerce-basic-ordernumbers allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WooCommerce Basic Ordernumbers: from n/a through <= 1.4.4. | ||
| CVE-2024-54323 | Med | 0.35 | 5.4 | 0.00 | Dec 13, 2024 | Missing Authorization vulnerability in Saad Iqbal New User Approve new-user-approve allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects New User Approve: from n/a through <= 2.6.2. | ||
| CVE-2024-54311 | Med | 0.35 | 5.4 | 0.00 | Dec 13, 2024 | Missing Authorization vulnerability in i.lychkov Mark New Posts mark-new-posts allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Mark New Posts: from n/a through <= 7.5.1. |
- risk 0.35cvss 5.4epss 0.00
Missing Authorization vulnerability in WP Royal Ashe Extra ashe-extra allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ashe Extra: from n/a through <= 1.2.92.
- risk 0.35cvss 5.4epss 0.00
Missing Authorization vulnerability in Dragfy Dragfy Addons for Elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Dragfy Addons for Elementor: from n/a through 1.0.2.
- risk 0.35cvss 5.4epss 0.00
Missing Authorization vulnerability in KaizenCoders Short URL shorten-url allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Short URL: from n/a through <= 1.6.8.
- risk 0.35cvss 5.4epss 0.00
Missing Authorization vulnerability in Labib Ahmed Animated Rotating Words css3-rotating-words allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Animated Rotating Words: from n/a through <= 5.4.
- risk 0.35cvss 5.4epss 0.00
Missing Authorization vulnerability in TCBarrett Glossary allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Glossary: from n/a through 3.1.2.
- risk 0.35cvss 5.4epss 0.00
Missing Authorization vulnerability in NSquared Draw Attention allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Draw Attention: from n/a through 2.0.15.
- risk 0.35cvss 5.4epss 0.00
Missing Authorization vulnerability in WP iCal Availability WP iCal Availability allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP iCal Availability: from n/a through 1.0.3.
- risk 0.35cvss 5.4epss 0.00
Missing Authorization vulnerability in WP Royal Ashe Extra allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ashe Extra: from n/a through 1.2.9.
- risk 0.35cvss 5.4epss 0.05
Missing Authorization vulnerability in RumbleTalk RumbleTalk Live Group Chat rumbletalk-chat-a-chat-with-themes allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects RumbleTalk Live Group Chat: from n/a through <= 6.2.5.
- risk 0.35cvss 5.4epss 0.00
Missing Authorization vulnerability in WebToffee WordPress Backup & Migration wp-migration-duplicator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WordPress Backup & Migration: from n/a through <= 1.4.1.
- risk 0.35cvss 5.4epss 0.00
Missing Authorization vulnerability in krozero WP Custom Widget area wp-custom-widget-area allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Custom Widget area: from n/a through <= 1.2.5.
- risk 0.35cvss 5.4epss 0.00
Missing Authorization vulnerability in fatcatapps Landing Page Cat landing-page-cat.This issue affects Landing Page Cat: from n/a through <= 1.7.4.
- risk 0.35cvss 5.4epss 0.00
Missing Authorization vulnerability in vowelweb VW Automobile Lite vw-automobile-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects VW Automobile Lite: from n/a through <= 2.1.
- risk 0.35cvss 5.4epss 0.00
Missing Authorization vulnerability in Leap13 Premium Addons for Elementor premium-addons-for-elementor allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Premium Addons for Elementor: from n/a through <= 4.10.56.
- risk 0.35cvss 5.4epss 0.00
The WC Price History for Omnibus plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several AJAX actions in all versions up to, and including, 2.1.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to view and modify history data.
- risk 0.35cvss 5.4epss 0.00
Missing Authorization vulnerability in awfowler Easy Site Importer easy-site-importer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Site Importer: from n/a through <= 1.0.1.
- risk 0.35cvss 5.4epss 0.00
Missing Authorization vulnerability in Eric Sloan Popup Surveys & Polls for WordPress (Mare.io) popup-surveys allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Popup Surveys & Polls for WordPress (Mare.io): from n/a through <= 1.36.
- risk 0.35cvss 5.4epss 0.00
Missing Authorization vulnerability in Open Tools WooCommerce Basic Ordernumbers woocommerce-basic-ordernumbers allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WooCommerce Basic Ordernumbers: from n/a through <= 1.4.4.
- risk 0.35cvss 5.4epss 0.00
Missing Authorization vulnerability in Saad Iqbal New User Approve new-user-approve allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects New User Approve: from n/a through <= 2.6.2.
- risk 0.35cvss 5.4epss 0.00
Missing Authorization vulnerability in i.lychkov Mark New Posts mark-new-posts allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Mark New Posts: from n/a through <= 7.5.1.