CWE-862

Missing Authorization

ClassIncompleteLikelihood: High

Description

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

Hierarchy (View 1000)

Parents

CWE-285

Children

Related attack patterns (CAPEC)

CAPEC-665

CVEs mapped to this weakness (4,593)

page 95 of 230

CVE	Vendor / Product	Sev	Risk	CVSS	EPSS	Published	Description
CVE-2024-49689	WordPress Hd Quiz Save Results Light	Med	0.35	5.4	0.00	Nov 19, 2024	Missing Authorization vulnerability in Harmonic Design HD Quiz – Save Results Light hd-quiz-save-results-light allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects HD Quiz – Save Results Light: from n/a through <= 0.5.
CVE-2024-10486	WordPress Google Listings And Ads	Med	0.35	5.3	0.05	Nov 18, 2024	The Google for WooCommerce plugin for WordPress is vulnerable to Information Disclosure in all versions up to, and including, 2.8.6. This is due to publicly accessible print_php_information.php file. This makes it possible for unauthenticated attackers to retrieve information about Webserver and PHP configuration, which can be used to aid other attacks.
CVE-2024-11085	WordPress Wp Log Viewer	Med	0.35	5.4	0.00	Nov 16, 2024	The WP Log Viewer plugin for WordPress is vulnerable to unauthorized use of functionality due to a missing capability check on several AJAX actions in all versions up to, and including, 1.2.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to access logs, update plugin-related user settings and general plugin settings.
CVE-2024-48044	Shortpixel Image Optimizer	Med	0.35	5.4	0.00	Nov 1, 2024	Missing Authorization vulnerability in ShortPixel ShortPixel Image Optimizer shortpixel-image-optimiser allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ShortPixel Image Optimizer: from n/a through <= 5.6.3.
CVE-2024-44021	Truepush Truepush	Med	0.35	5.4	0.00	Nov 1, 2024	Missing Authorization vulnerability in truepushplugin Truepush truepush-free-web-push-notifications.This issue affects Truepush: from n/a through <= 1.0.8.
CVE-2024-43273	WordPress Icegram Rainmaker	Med	0.35	5.4	0.00	Nov 1, 2024	Missing Authorization vulnerability in icegram Icegram Collect plugin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Icegram Collect plugin: from n/a through 1.3.14.
CVE-2024-43268	WordPress Wp Backitup	Med	0.35	5.4	0.00	Nov 1, 2024	Access Control vulnerability in WPBackItUp Backup and Restore WordPress allows . This issue affects Backup and Restore WordPress: from n/a through 1.50.
CVE-2024-43260	WordPress Clearfy	Med	0.35	5.4	0.00	Nov 1, 2024	Missing Authorization vulnerability in Creative Motion Clearfy Cache allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Clearfy Cache: from n/a through 2.2.4.
CVE-2024-38774	WordPress Sg Security	Med	0.35	5.4	0.00	Nov 1, 2024	Missing Authorization vulnerability in SiteGround SiteGround Security allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SiteGround Security: from n/a through 1.5.0.
CVE-2024-38740	WordPress Packlink Pro Shipping	Med	0.35	5.4	0.00	Nov 1, 2024	Missing Authorization vulnerability in Packlink Shipping S.L. Packlink PRO shipping module allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Packlink PRO shipping module: from n/a through 3.4.6.
CVE-2024-38737	WordPress Redi Restaurant Reservation	Med	0.35	5.4	0.00	Nov 1, 2024	Missing Authorization vulnerability in Reservation Diary ReDi Restaurant Reservation allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects ReDi Restaurant Reservation: from n/a through 24.0422.
CVE-2024-38733	WordPress Meks Video Importer	Med	0.35	5.4	0.00	Nov 1, 2024	Missing Authorization vulnerability in Meks Meks Video Importer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Meks Video Importer: from n/a through 1.0.12.
CVE-2024-37483	WordPress The Post Grid	Med	0.35	5.4	0.00	Nov 1, 2024	Missing Authorization vulnerability in RadiusTheme The Post Grid the-post-grid.This issue affects The Post Grid: from n/a through <= 7.7.4.
CVE-2024-37439	—	Med	0.35	5.4	0.00	Nov 1, 2024	Missing Authorization vulnerability in Uncanny Owl Uncanny Toolkit Pro for LearnDash allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Uncanny Toolkit Pro for LearnDash: from n/a through 4.1.4.0
CVE-2024-37425	WordPress Newspack Blocks	Med	0.35	5.4	0.00	Nov 1, 2024	Missing Authorization vulnerability in Automattic Newspack Blocks newspack-blocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Newspack Blocks: from n/a through 3.0.8.
CVE-2024-37415	WordPress E2pdf	Med	0.35	5.4	0.00	Nov 1, 2024	Missing Authorization vulnerability in E2Pdf e2pdf e2pdf.This issue affects e2pdf: from n/a through <= 1.20.27.
CVE-2024-37250	WordPress Advanced Custom Fields Pro	Med	0.35	5.4	0.00	Nov 1, 2024	Missing Authorization vulnerability in WPEngine Inc. Advanced Custom Fields PRO allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Advanced Custom Fields PRO: from n/a through 6.3.1.
CVE-2024-37207	WordPress Demo Awesome	Med	0.35	5.4	0.00	Nov 1, 2024	Missing Authorization vulnerability in Theme4Press Demo Awesome allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Demo Awesome: from n/a through 1.0.2.
CVE-2024-50423	WordPress Templately	Med	0.35	5.4	0.00	Oct 29, 2024	Missing Authorization vulnerability in WPDeveloper Templately templately allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Templately: from n/a through <= 3.1.5.
CVE-2024-50456	Seopress Seopress	Med	0.35	5.4	0.00	Oct 29, 2024	Missing Authorization vulnerability in Benjamin Denis SEOPress wp-seopress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SEOPress: from n/a through <= 8.1.1.

CVE-2024-49689MedNov 19, 2024
WordPress
Hd Quiz Save Results Light
risk 0.35cvss 5.4epss 0.00
Missing Authorization vulnerability in Harmonic Design HD Quiz – Save Results Light hd-quiz-save-results-light allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects HD Quiz – Save Results Light: from n/a through <= 0.5.
CVE-2024-10486MedNov 18, 2024
WordPress
Google Listings And Ads
risk 0.35cvss 5.3epss 0.05
The Google for WooCommerce plugin for WordPress is vulnerable to Information Disclosure in all versions up to, and including, 2.8.6. This is due to publicly accessible print_php_information.php file. This makes it possible for unauthenticated attackers to retrieve information about Webserver and PHP configuration, which can be used to aid other attacks.
CVE-2024-11085MedNov 16, 2024
WordPress
Wp Log Viewer
risk 0.35cvss 5.4epss 0.00
The WP Log Viewer plugin for WordPress is vulnerable to unauthorized use of functionality due to a missing capability check on several AJAX actions in all versions up to, and including, 1.2.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to access logs, update plugin-related user settings and general plugin settings.
CVE-2024-48044MedNov 1, 2024
Shortpixel
Image Optimizer
risk 0.35cvss 5.4epss 0.00
Missing Authorization vulnerability in ShortPixel ShortPixel Image Optimizer shortpixel-image-optimiser allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ShortPixel Image Optimizer: from n/a through <= 5.6.3.
CVE-2024-44021MedNov 1, 2024
Truepush
Truepush
risk 0.35cvss 5.4epss 0.00
Missing Authorization vulnerability in truepushplugin Truepush truepush-free-web-push-notifications.This issue affects Truepush: from n/a through <= 1.0.8.
CVE-2024-43273MedNov 1, 2024
WordPress
Icegram Rainmaker
risk 0.35cvss 5.4epss 0.00
Missing Authorization vulnerability in icegram Icegram Collect plugin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Icegram Collect plugin: from n/a through 1.3.14.
CVE-2024-43268MedNov 1, 2024
WordPress
Wp Backitup
risk 0.35cvss 5.4epss 0.00
Access Control vulnerability in WPBackItUp Backup and Restore WordPress allows . This issue affects Backup and Restore WordPress: from n/a through 1.50.
CVE-2024-43260MedNov 1, 2024
WordPress
Clearfy
risk 0.35cvss 5.4epss 0.00
Missing Authorization vulnerability in Creative Motion Clearfy Cache allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Clearfy Cache: from n/a through 2.2.4.
CVE-2024-38774MedNov 1, 2024
WordPress
Sg Security
risk 0.35cvss 5.4epss 0.00
Missing Authorization vulnerability in SiteGround SiteGround Security allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SiteGround Security: from n/a through 1.5.0.
CVE-2024-38740MedNov 1, 2024
WordPress
Packlink Pro Shipping
risk 0.35cvss 5.4epss 0.00
Missing Authorization vulnerability in Packlink Shipping S.L. Packlink PRO shipping module allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Packlink PRO shipping module: from n/a through 3.4.6.
CVE-2024-38737MedNov 1, 2024
WordPress
Redi Restaurant Reservation
risk 0.35cvss 5.4epss 0.00
Missing Authorization vulnerability in Reservation Diary ReDi Restaurant Reservation allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects ReDi Restaurant Reservation: from n/a through 24.0422.
CVE-2024-38733MedNov 1, 2024
WordPress
Meks Video Importer
risk 0.35cvss 5.4epss 0.00
Missing Authorization vulnerability in Meks Meks Video Importer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Meks Video Importer: from n/a through 1.0.12.
CVE-2024-37483MedNov 1, 2024
WordPress
The Post Grid
risk 0.35cvss 5.4epss 0.00
Missing Authorization vulnerability in RadiusTheme The Post Grid the-post-grid.This issue affects The Post Grid: from n/a through <= 7.7.4.
CVE-2024-37439MedNov 1, 2024
risk 0.35cvss 5.4epss 0.00
Missing Authorization vulnerability in Uncanny Owl Uncanny Toolkit Pro for LearnDash allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Uncanny Toolkit Pro for LearnDash: from n/a through 4.1.4.0
CVE-2024-37425MedNov 1, 2024
WordPress
Newspack Blocks
risk 0.35cvss 5.4epss 0.00
Missing Authorization vulnerability in Automattic Newspack Blocks newspack-blocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Newspack Blocks: from n/a through 3.0.8.
CVE-2024-37415MedNov 1, 2024
WordPress
E2pdf
risk 0.35cvss 5.4epss 0.00
Missing Authorization vulnerability in E2Pdf e2pdf e2pdf.This issue affects e2pdf: from n/a through <= 1.20.27.
CVE-2024-37250MedNov 1, 2024
WordPress
Advanced Custom Fields Pro
risk 0.35cvss 5.4epss 0.00
Missing Authorization vulnerability in WPEngine Inc. Advanced Custom Fields PRO allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Advanced Custom Fields PRO: from n/a through 6.3.1.
CVE-2024-37207MedNov 1, 2024
WordPress
Demo Awesome
risk 0.35cvss 5.4epss 0.00
Missing Authorization vulnerability in Theme4Press Demo Awesome allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Demo Awesome: from n/a through 1.0.2.
CVE-2024-50423MedOct 29, 2024
WordPress
Templately
risk 0.35cvss 5.4epss 0.00
Missing Authorization vulnerability in WPDeveloper Templately templately allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Templately: from n/a through <= 3.1.5.
CVE-2024-50456MedOct 29, 2024
Seopress
Seopress
risk 0.35cvss 5.4epss 0.00
Missing Authorization vulnerability in Benjamin Denis SEOPress wp-seopress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SEOPress: from n/a through <= 8.1.1.