CWE-285

High likelihood

Improper Authorization

Parent: CWE-284 - Improper Access Control

The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.

1,318 vulnerabilities with CWE-285
CVE-2025-12814 MEDIUM
SiteSEO - SEO Simplified <1.3.2 - Info Disclosure
CVSS 5.3
CVE-2025-12777 MEDIUM
YITH WooCommerce Wishlist <4.10.0 - Auth Bypass
CVSS 5.3
CVE-2025-12494 MEDIUM
Image Gallery - Photo Grid & Video Gallery <2.12.28 - Privilege Esc...
CVSS 4.3
CVE-2025-13118 MEDIUM
macrozheng mall and mall-swarm < 1.0.3 - Improper Authorization via OrderID Parameter
CVSS 6.3
CVE-2025-13117 MEDIUM
macrozheng mall and mall-swarm < 1.0.3 - Improper Authorization via Order Cancellation
CVSS 5.4
CVE-2025-13116 MEDIUM
macrozheng mall and mall-swarm < 1.0.3 - Improper Authorization via Order Cancellation
CVSS 5.4
CVE-2025-13115 MEDIUM
macrozheng mall and mall-swarm < 1.0.3 - Improper Authorization in Order Details Handler
CVSS 4.3
CVE-2025-13114 MEDIUM
macrozheng mall-swarm < 1.0.3 - Improper Authorization in Cart Update Attribute Function
CVSS 6.3
CVE-2025-64523 HIGH
filebrowser < 2.45.1 - Authenticated Insecure Direct Object Reference in Share Deletion
CVSS 8.8
CVE-2025-11521 HIGH
Astra Security Suite - Firewall & Malware Scan <0.3 - RCE
CVSS 8.1
CVE-2025-12435 MEDIUM
Google Chrome < 142.0.7444.59 - Security UI Spoofing via Omnibox
CVSS 5.4
CVE-2025-63691 CRITICAL
pig4cloud/pig < 3.8.2 - Authenticated Information Disclosure via Token Management Interface
CVSS 9.6
CVE-2025-12854 LOW
newbee-mall-plus <2.4.1 - Auth Bypass
CVSS 3.7
CVE-2025-4519 HIGH
IDonate 2.1.5-2.1.9 Authenticated Privilege Escalation via Missing Capability Check
CVSS 8.8
CVE-2025-12360 MEDIUM
Better Find and Replace - AI-Powered Suggestions <1.7.7 - Open Redi...
CVSS 4.3
CVE-2025-60784 MEDIUM
XiaozhangBang Voluntary Like System V8.8 - Info Disclosure
CVSS 6.5
CVE-2025-62520 MEDIUM
MantisBT < 2.27.2 - Improper Authorization via Copy From Action
CVSS 4.3
CVE-2025-12623 LOW
fushengqian fuint <41e26be8a2c609413a0feaa69bdad33a71ae8032 - Auth ...
CVSS 3.1
CVE-2025-12367 MEDIUM
SiteSEO - SEO Simplified <1.3.1 - Auth Bypass
CVSS 4.3
CVE-2025-11174 MEDIUM
Document Library Lite <1.1.6 - Auth Bypass
CVSS 5.3
CVE-2025-12304 MEDIUM
TIME-SEA-PLUS <fb299162f18498dd9cf17da906886d80a077d53b - Auth Bypass
CVSS 4.3
CVE-2025-12288 MEDIUM
Bdtask Pharmacy Management System < 9.4 - Improper Authorization in User Profile Handler
CVSS 4.3
CVE-2025-12283 MEDIUM
code-projects Client Details System 1.0 - Improper Authorization
CVSS 4.3
CVE-2025-6639 MEDIUM
Tutor LMS Pro - Insecure Direct Object Reference
CVSS 5.4
CVE-2025-12005 MEDIUM
WP VR - 360 Panorama & Free Virtual Tour Builder For WordPress <8.5...
CVSS 4.3
Details
Vulnerabilities 1,318
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits