CWE-862

Missing Authorization

ClassIncompleteLikelihood: High

Description

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

Hierarchy (View 1000)

Parents

CWE-285

Children

Related attack patterns (CAPEC)

CAPEC-665

CVEs mapped to this weakness (4,593)

page 92 of 230

CVE	Vendor / Product	Sev	Risk	CVSS	EPSS	Published	Description
CVE-2024-54271	WordPress Wpcargo	Med	0.35	5.4	0.00	Dec 13, 2024	Missing Authorization vulnerability in Arni Cinco WPCargo Track & Trace wpcargo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPCargo Track & Trace: from n/a through <= 8.0.2.
CVE-2023-44142	WordPress Inactive Logout	Med	0.35	5.4	0.00	Dec 13, 2024	Missing Authorization vulnerability in Deepen Bajracharya Inactive Logout inactive-logout allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Inactive Logout: from n/a through <= 3.2.2.
CVE-2023-41857	WordPress Click To Tweet	Med	0.35	5.4	0.00	Dec 13, 2024	Missing Authorization vulnerability in ClickToTweet.com Click To Tweet allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Click To Tweet: from n/a through 2.0.14.
CVE-2023-41688	—	Med	0.35	5.4	0.00	Dec 13, 2024	Missing Authorization vulnerability in Mad Fish Digital Bulk NoIndex & NoFollow Toolkit allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Bulk NoIndex & NoFollow Toolkit: from n/a through 1.5.
CVE-2023-41683	WordPress Telsender	Med	0.35	5.4	0.00	Dec 13, 2024	Missing Authorization vulnerability in Pechenki TelSender allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects TelSender: from n/a through 1.14.11.
CVE-2023-41671	WordPress Woocommerce Abandoned Cart	Med	0.35	5.4	0.00	Dec 13, 2024	Missing Authorization vulnerability in tychesoftwares Abandoned Cart Lite for WooCommerce woocommerce-abandoned-cart allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Abandoned Cart Lite for WooCommerce: from n/a through <= 5.16.1.
CVE-2023-40678	WordPress Simple Urls	Med	0.35	5.4	0.00	Dec 13, 2024	Missing Authorization vulnerability in Andrew Fiebert Simple URLs simple-urls allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simple URLs: from n/a through <= 117.
CVE-2023-40011	WordPress Cost Calculator Builder	Med	0.35	5.4	0.00	Dec 13, 2024	Missing Authorization vulnerability in StylemixThemes Cost Calculator Builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Cost Calculator Builder: from n/a through 3.1.42.
CVE-2023-40005	Awesomemotive Easy Digital Downloads	Med	0.35	5.3	0.01	Dec 13, 2024	Missing Authorization vulnerability in Syed Balkhi Easy Digital Downloads easy-digital-downloads allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Digital Downloads: from n/a through <= 3.1.5.
CVE-2023-38483	—	Med	0.35	5.4	0.00	Dec 13, 2024	Missing Authorization vulnerability in Dylan Blokhuis Instant CSS allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Instant CSS: from n/a through 1.1.4.
CVE-2023-38383	—	Med	0.35	5.4	0.00	Dec 13, 2024	Missing Authorization vulnerability in OnTheGoSystems Language allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Language: from n/a through 1.2.1.
CVE-2023-37989	WordPress Easyship Woocommerce Shipping Rates	Med	0.35	5.4	0.00	Dec 13, 2024	Missing Authorization vulnerability in Easyship Easyship WooCommerce Shipping Rates allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easyship WooCommerce Shipping Rates: from n/a through 0.9.0.
CVE-2023-36680	WordPress Image Regenerate Select Crop	Med	0.35	5.4	0.00	Dec 13, 2024	Missing Authorization vulnerability in Iulia Cazan Image Regenerate & Select Crop allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Image Regenerate & Select Crop: from n/a through 7.1.0.
CVE-2023-36526	WordPress Duplicate Post Page Menu Custom Post Type	Med	0.35	5.4	0.00	Dec 13, 2024	Missing Authorization vulnerability in Inqsys Technology Duplicate Post Page Menu & Custom Post Type allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Duplicate Post Page Menu & Custom Post Type: from n/a through 2.4.1.
CVE-2023-36519	WordPress Sw Product Bundles	Med	0.35	5.4	0.00	Dec 13, 2024	Missing Authorization vulnerability in wpthemego SW Product Bundles allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SW Product Bundles: from n/a through 2.0.15.
CVE-2023-36509	WordPress Chp Ads Block Detector	Med	0.35	5.4	0.00	Dec 13, 2024	Missing Authorization vulnerability in Suresh Chand CHP Ads Block Detector allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CHP Ads Block Detector: from n/a through 3.9.5.
CVE-2023-35051	Cimatti Wordpress Contact Forms	Med	0.35	5.4	0.00	Dec 13, 2024	Missing Authorization vulnerability in Cimatti Consulting Contact Forms by Cimatti allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Contact Forms by Cimatti: from n/a through 1.5.7.
CVE-2023-35046	WordPress Dynamic Visibility For Elementor	Med	0.35	5.4	0.00	Dec 13, 2024	Missing Authorization vulnerability in Dynamic.ooo Dynamic Visibility for Elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Dynamic Visibility for Elementor: from n/a through 5.0.5.
CVE-2023-34376	WordPress Change Woocommerce Add To Cart Button Text	Med	0.35	5.4	0.00	Dec 13, 2024	Missing Authorization vulnerability in Rextheme Change WooCommerce Add To Cart Button Text allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Change WooCommerce Add To Cart Button Text: from n/a through 1.3.
CVE-2023-34014	WordPress Grid Plus	Med	0.35	5.4	0.00	Dec 13, 2024	Missing Authorization vulnerability in G5Theme Grid Plus allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Grid Plus: from n/a through 1.3.2.

CVE-2024-54271MedDec 13, 2024
WordPress
Wpcargo
risk 0.35cvss 5.4epss 0.00
Missing Authorization vulnerability in Arni Cinco WPCargo Track & Trace wpcargo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPCargo Track & Trace: from n/a through <= 8.0.2.
CVE-2023-44142MedDec 13, 2024
WordPress
Inactive Logout
risk 0.35cvss 5.4epss 0.00
Missing Authorization vulnerability in Deepen Bajracharya Inactive Logout inactive-logout allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Inactive Logout: from n/a through <= 3.2.2.
CVE-2023-41857MedDec 13, 2024
WordPress
Click To Tweet
risk 0.35cvss 5.4epss 0.00
Missing Authorization vulnerability in ClickToTweet.com Click To Tweet allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Click To Tweet: from n/a through 2.0.14.
CVE-2023-41688MedDec 13, 2024
risk 0.35cvss 5.4epss 0.00
Missing Authorization vulnerability in Mad Fish Digital Bulk NoIndex & NoFollow Toolkit allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Bulk NoIndex & NoFollow Toolkit: from n/a through 1.5.
CVE-2023-41683MedDec 13, 2024
WordPress
Telsender
risk 0.35cvss 5.4epss 0.00
Missing Authorization vulnerability in Pechenki TelSender allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects TelSender: from n/a through 1.14.11.
CVE-2023-41671MedDec 13, 2024
WordPress
Woocommerce Abandoned Cart
risk 0.35cvss 5.4epss 0.00
Missing Authorization vulnerability in tychesoftwares Abandoned Cart Lite for WooCommerce woocommerce-abandoned-cart allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Abandoned Cart Lite for WooCommerce: from n/a through <= 5.16.1.
CVE-2023-40678MedDec 13, 2024
WordPress
Simple Urls
risk 0.35cvss 5.4epss 0.00
Missing Authorization vulnerability in Andrew Fiebert Simple URLs simple-urls allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simple URLs: from n/a through <= 117.
CVE-2023-40011MedDec 13, 2024
WordPress
Cost Calculator Builder
risk 0.35cvss 5.4epss 0.00
Missing Authorization vulnerability in StylemixThemes Cost Calculator Builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Cost Calculator Builder: from n/a through 3.1.42.
CVE-2023-40005MedDec 13, 2024
Awesomemotive
Easy Digital Downloads
risk 0.35cvss 5.3epss 0.01
Missing Authorization vulnerability in Syed Balkhi Easy Digital Downloads easy-digital-downloads allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Digital Downloads: from n/a through <= 3.1.5.
CVE-2023-38483MedDec 13, 2024
risk 0.35cvss 5.4epss 0.00
Missing Authorization vulnerability in Dylan Blokhuis Instant CSS allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Instant CSS: from n/a through 1.1.4.
CVE-2023-38383MedDec 13, 2024
risk 0.35cvss 5.4epss 0.00
Missing Authorization vulnerability in OnTheGoSystems Language allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Language: from n/a through 1.2.1.
CVE-2023-37989MedDec 13, 2024
WordPress
Easyship Woocommerce Shipping Rates
risk 0.35cvss 5.4epss 0.00
Missing Authorization vulnerability in Easyship Easyship WooCommerce Shipping Rates allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easyship WooCommerce Shipping Rates: from n/a through 0.9.0.
CVE-2023-36680MedDec 13, 2024
WordPress
Image Regenerate Select Crop
risk 0.35cvss 5.4epss 0.00
Missing Authorization vulnerability in Iulia Cazan Image Regenerate & Select Crop allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Image Regenerate & Select Crop: from n/a through 7.1.0.
CVE-2023-36526MedDec 13, 2024
WordPress
Duplicate Post Page Menu Custom Post Type
risk 0.35cvss 5.4epss 0.00
Missing Authorization vulnerability in Inqsys Technology Duplicate Post Page Menu & Custom Post Type allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Duplicate Post Page Menu & Custom Post Type: from n/a through 2.4.1.
CVE-2023-36519MedDec 13, 2024
WordPress
Sw Product Bundles
risk 0.35cvss 5.4epss 0.00
Missing Authorization vulnerability in wpthemego SW Product Bundles allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SW Product Bundles: from n/a through 2.0.15.
CVE-2023-36509MedDec 13, 2024
WordPress
Chp Ads Block Detector
risk 0.35cvss 5.4epss 0.00
Missing Authorization vulnerability in Suresh Chand CHP Ads Block Detector allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CHP Ads Block Detector: from n/a through 3.9.5.
CVE-2023-35051MedDec 13, 2024
Cimatti
Wordpress Contact Forms
risk 0.35cvss 5.4epss 0.00
Missing Authorization vulnerability in Cimatti Consulting Contact Forms by Cimatti allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Contact Forms by Cimatti: from n/a through 1.5.7.
CVE-2023-35046MedDec 13, 2024
WordPress
Dynamic Visibility For Elementor
risk 0.35cvss 5.4epss 0.00
Missing Authorization vulnerability in Dynamic.ooo Dynamic Visibility for Elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Dynamic Visibility for Elementor: from n/a through 5.0.5.
CVE-2023-34376MedDec 13, 2024
WordPress
Change Woocommerce Add To Cart Button Text
risk 0.35cvss 5.4epss 0.00
Missing Authorization vulnerability in Rextheme Change WooCommerce Add To Cart Button Text allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Change WooCommerce Add To Cart Button Text: from n/a through 1.3.
CVE-2023-34014MedDec 13, 2024
WordPress
Grid Plus
risk 0.35cvss 5.4epss 0.00
Missing Authorization vulnerability in G5Theme Grid Plus allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Grid Plus: from n/a through 1.3.2.