CWE-862

Missing Authorization

ClassIncompleteLikelihood: High

Description

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

Hierarchy (View 1000)

Parents

CWE-285

Children

Related attack patterns (CAPEC)

CAPEC-665

CVEs mapped to this weakness (4,593)

page 93 of 230

CVE	Vendor / Product	Sev	Risk	CVSS	EPSS	Published	Description
CVE-2023-33215	WordPress Taggbox Widget	Med	0.35	5.4	0.00	Dec 13, 2024	Missing Authorization vulnerability in Taggbox Taggbox taggbox-widget allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Taggbox: from n/a through <= 3.3.
CVE-2023-32601	WordPress Booking Ultra Pro	Med	0.35	5.4	0.00	Dec 13, 2024	Missing Authorization vulnerability in Booking Ultra Pro Booking Ultra Pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Booking Ultra Pro: from n/a through 1.1.12.
CVE-2023-32593	WordPress Gs Pinterest Portfolio	Med	0.35	5.4	0.00	Dec 13, 2024	Missing Authorization vulnerability in GS Plugins GS Pins for Pinterest allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GS Pins for Pinterest: from n/a through 1.6.7.
CVE-2023-32581	WordPress Wp Chatbot	Med	0.35	5.4	0.00	Dec 13, 2024	Missing Authorization vulnerability in MobileMonkey WP-Chatbot for Messenger allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP-Chatbot for Messenger: from n/a through 4.7.
CVE-2022-46840	Joomsky Js Help Desk	Med	0.35	5.4	0.00	Dec 13, 2024	Missing Authorization vulnerability in JS Help Desk JS Help Desk – Best Help Desk & Support Plugin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JS Help Desk – Best Help Desk & Support Plugin: from n/a through 2.7.1.
CVE-2022-45841	WordPress Robo Gallery	Med	0.35	5.4	0.00	Dec 13, 2024	Missing Authorization vulnerability in RoboSoft Robo Gallery allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Robo Gallery: from n/a through 3.2.9.
CVE-2024-54217	Reputeinfosystems Arforms	Med	0.35	5.4	0.00	Dec 9, 2024	Missing Authorization vulnerability in reputeinfosystems ARForms arforms.This issue affects ARForms: from n/a through <= 6.4.1.
CVE-2024-53798	WordPress Bakkbone Florist Companion	Med	0.35	5.4	0.00	Dec 9, 2024	Missing Authorization vulnerability in BAKKBONE Australia FloristPress bakkbone-florist-companion.This issue affects FloristPress: from n/a through <= 7.3.0.
CVE-2023-51359	Wpdeveloper Essential Blocks	Med	0.35	5.4	0.00	Dec 9, 2024	Missing Authorization vulnerability in WPDeveloper Essential Blocks for Gutenberg essential-blocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Essential Blocks for Gutenberg: from n/a through <= 4.2.0.
CVE-2023-50899	WordPress Woocommerce Catalog Enquiry	Med	0.35	5.4	0.00	Dec 9, 2024	Missing Authorization vulnerability in MultiVendorX Product Catalog Enquiry for WooCommerce by MultiVendorX allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Product Catalog Enquiry for WooCommerce by MultiVendorX: from n/a through 5.0.2.
CVE-2023-49757	Getawesomesupport Awesome Support	Med	0.35	5.4	0.00	Dec 9, 2024	Missing Authorization vulnerability in awesomesupport Awesome Support awesome-support allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Awesome Support: from n/a through <= 6.1.10.
CVE-2023-49756	Themewinter Eventin	Med	0.35	5.4	0.00	Dec 9, 2024	Missing Authorization vulnerability in Arraytics Eventin wp-event-solution allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Eventin: from n/a through <= 3.3.52.
CVE-2023-49755	—	Med	0.35	5.4	0.00	Dec 9, 2024	Missing Authorization vulnerability in B.M. Rafiul Alam Elementor Timeline Widget allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Elementor Timeline Widget: from n/a through 2.2.
CVE-2023-48776	WordPress Canvasio3d Light	Med	0.35	5.4	0.00	Dec 9, 2024	Missing Authorization vulnerability in virtuellwerk canvasio3D Light canvasio3d-light allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects canvasio3D Light: from n/a through <= 2.5.0.
CVE-2023-48774	Northernbeacheswebsites Ideapush	Med	0.35	5.4	0.00	Dec 9, 2024	Missing Authorization vulnerability in Martin Gibson IdeaPush allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects IdeaPush: from n/a through n/a.
CVE-2023-48324	Getawesomesupport Awesome Support	Med	0.35	5.4	0.00	Dec 9, 2024	Missing Authorization vulnerability in awesomesupport Awesome Support awesome-support allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Awesome Support: from n/a through <= 6.1.4.
CVE-2023-48287	WordPress Textme Sms Integration	Med	0.35	5.4	0.00	Dec 9, 2024	Missing Authorization vulnerability in Matat Technologies TextMe SMS allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects TextMe SMS: from n/a through 1.9.0.
CVE-2023-47836	WordPress Wp Meta And Date Remover	Med	0.35	5.4	0.00	Dec 9, 2024	Missing Authorization vulnerability in prasadkirpekar WP Meta and Date Remover wp-meta-and-date-remover allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Meta and Date Remover: from n/a through <= 2.3.0.
CVE-2023-47830	WordPress Cf7 Live Preview	Med	0.35	5.4	0.00	Dec 9, 2024	Missing Authorization vulnerability in Addons for Contact Form 7 Live Preview for Contact Form 7 allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Live Preview for Contact Form 7: from n/a through 1.2.0.
CVE-2023-47805	Themewinter Wpcafe	Med	0.35	5.3	0.01	Dec 9, 2024	Missing Authorization vulnerability in Arraytics WPCafe wp-cafe allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPCafe: from n/a through <= 2.2.22.

CVE-2023-33215MedDec 13, 2024
WordPress
Taggbox Widget
risk 0.35cvss 5.4epss 0.00
Missing Authorization vulnerability in Taggbox Taggbox taggbox-widget allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Taggbox: from n/a through <= 3.3.
CVE-2023-32601MedDec 13, 2024
WordPress
Booking Ultra Pro
risk 0.35cvss 5.4epss 0.00
Missing Authorization vulnerability in Booking Ultra Pro Booking Ultra Pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Booking Ultra Pro: from n/a through 1.1.12.
CVE-2023-32593MedDec 13, 2024
WordPress
Gs Pinterest Portfolio
risk 0.35cvss 5.4epss 0.00
Missing Authorization vulnerability in GS Plugins GS Pins for Pinterest allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GS Pins for Pinterest: from n/a through 1.6.7.
CVE-2023-32581MedDec 13, 2024
WordPress
Wp Chatbot
risk 0.35cvss 5.4epss 0.00
Missing Authorization vulnerability in MobileMonkey WP-Chatbot for Messenger allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP-Chatbot for Messenger: from n/a through 4.7.
CVE-2022-46840MedDec 13, 2024
Joomsky
Js Help Desk
risk 0.35cvss 5.4epss 0.00
Missing Authorization vulnerability in JS Help Desk JS Help Desk – Best Help Desk & Support Plugin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JS Help Desk – Best Help Desk & Support Plugin: from n/a through 2.7.1.
CVE-2022-45841MedDec 13, 2024
WordPress
Robo Gallery
risk 0.35cvss 5.4epss 0.00
Missing Authorization vulnerability in RoboSoft Robo Gallery allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Robo Gallery: from n/a through 3.2.9.
CVE-2024-54217MedDec 9, 2024
Reputeinfosystems
Arforms
risk 0.35cvss 5.4epss 0.00
Missing Authorization vulnerability in reputeinfosystems ARForms arforms.This issue affects ARForms: from n/a through <= 6.4.1.
CVE-2024-53798MedDec 9, 2024
WordPress
Bakkbone Florist Companion
risk 0.35cvss 5.4epss 0.00
Missing Authorization vulnerability in BAKKBONE Australia FloristPress bakkbone-florist-companion.This issue affects FloristPress: from n/a through <= 7.3.0.
CVE-2023-51359MedDec 9, 2024
Wpdeveloper
Essential Blocks
risk 0.35cvss 5.4epss 0.00
Missing Authorization vulnerability in WPDeveloper Essential Blocks for Gutenberg essential-blocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Essential Blocks for Gutenberg: from n/a through <= 4.2.0.
CVE-2023-50899MedDec 9, 2024
WordPress
Woocommerce Catalog Enquiry
risk 0.35cvss 5.4epss 0.00
Missing Authorization vulnerability in MultiVendorX Product Catalog Enquiry for WooCommerce by MultiVendorX allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Product Catalog Enquiry for WooCommerce by MultiVendorX: from n/a through 5.0.2.
CVE-2023-49757MedDec 9, 2024
Getawesomesupport
Awesome Support
risk 0.35cvss 5.4epss 0.00
Missing Authorization vulnerability in awesomesupport Awesome Support awesome-support allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Awesome Support: from n/a through <= 6.1.10.
CVE-2023-49756MedDec 9, 2024
Themewinter
Eventin
risk 0.35cvss 5.4epss 0.00
Missing Authorization vulnerability in Arraytics Eventin wp-event-solution allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Eventin: from n/a through <= 3.3.52.
CVE-2023-49755MedDec 9, 2024
risk 0.35cvss 5.4epss 0.00
Missing Authorization vulnerability in B.M. Rafiul Alam Elementor Timeline Widget allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Elementor Timeline Widget: from n/a through 2.2.
CVE-2023-48776MedDec 9, 2024
WordPress
Canvasio3d Light
risk 0.35cvss 5.4epss 0.00
Missing Authorization vulnerability in virtuellwerk canvasio3D Light canvasio3d-light allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects canvasio3D Light: from n/a through <= 2.5.0.
CVE-2023-48774MedDec 9, 2024
Northernbeacheswebsites
Ideapush
risk 0.35cvss 5.4epss 0.00
Missing Authorization vulnerability in Martin Gibson IdeaPush allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects IdeaPush: from n/a through n/a.
CVE-2023-48324MedDec 9, 2024
Getawesomesupport
Awesome Support
risk 0.35cvss 5.4epss 0.00
Missing Authorization vulnerability in awesomesupport Awesome Support awesome-support allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Awesome Support: from n/a through <= 6.1.4.
CVE-2023-48287MedDec 9, 2024
WordPress
Textme Sms Integration
risk 0.35cvss 5.4epss 0.00
Missing Authorization vulnerability in Matat Technologies TextMe SMS allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects TextMe SMS: from n/a through 1.9.0.
CVE-2023-47836MedDec 9, 2024
WordPress
Wp Meta And Date Remover
risk 0.35cvss 5.4epss 0.00
Missing Authorization vulnerability in prasadkirpekar WP Meta and Date Remover wp-meta-and-date-remover allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Meta and Date Remover: from n/a through <= 2.3.0.
CVE-2023-47830MedDec 9, 2024
WordPress
Cf7 Live Preview
risk 0.35cvss 5.4epss 0.00
Missing Authorization vulnerability in Addons for Contact Form 7 Live Preview for Contact Form 7 allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Live Preview for Contact Form 7: from n/a through 1.2.0.
CVE-2023-47805MedDec 9, 2024
Themewinter
Wpcafe
risk 0.35cvss 5.3epss 0.01
Missing Authorization vulnerability in Arraytics WPCafe wp-cafe allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPCafe: from n/a through <= 2.2.22.