Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-862

CWE-862

High likelihood

Missing Authorization

Parent: CWE-285 - Improper Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

8,346 vulnerabilities with CWE-862

CVE-2024-13423 MEDIUM

Sparkling < 2.4.9 - Unauthenticated Arbitrary Plugin Activation/Deactivation via Missing Capability Check

CVE-2024-13811 MEDIUM

Lafka - Multi Store Burger - Pizza & Food Delivery WooCommerce Them...

CVE-2024-13810 MEDIUM

Zass - WooCommerce Theme <3.9.9.10 - Privilege Escalation

CVE-2024-13780 MEDIUM

Hero Mega Menu - Responsive WordPress Menu Plugin <1.16.5 - Path Tr...

CVE-2024-13747 MEDIUM

WooMail - WooCommerce Email Customizer <3.0.34 - SQL Injection

CVE-2024-13232 HIGH

WordPress Awesome Import & Export Plugin <4.1.1 - Privilege Escalation

CVE-2024-8682 MEDIUM

JNews - WordPress Newspaper Magazine Blog AMP Theme <11.6.6 - Unaut...

CVE-2024-13686 MEDIUM

VW Storefront <= 0.9.9 - Authenticated Settings Reset via Missing Capability Check

CVE-2024-12544 HIGH

SurveyJS: Drag & Drop WordPress Form Builder <1.12.17 - Privilege E...

CVE-2024-13746 MEDIUM

Booking Calendar & Notification <4.0.3 - Info Disclosure

CVE-2024-13358 MEDIUM

WordPress WC4BP <3.4.24 - Privilege Escalation

CVE-2024-10860 MEDIUM

NextMove Lite - Thank You Page for WooCommerce <= 2.19.0 - Unauthorized Data Submission

CVE-2024-9195 HIGH

WHMPress - WHMCS Client Area < 4.3-revision-3 - Authenticated Privilege Escalation via Missing Capability Check

CVE-2024-13716 MEDIUM

Forex Calculators <= 1.3.7 - Authenticated Settings Modification via ajax_settings_callback

CVE-2024-13693 MEDIUM

Enfold < 6.0.9 - Unauthenticated Sensitive Data Exposure via Missing Capability Check

CVE-2024-13520 MEDIUM

WooCommerce Gift Cards <4.4.6 - Info Disclosure

CVE-2024-37363 MEDIUM

Pentaho Business Analytics Server <10.2.0.0-9.3.0.8 - Auth Bypass

CVE-2024-13364 MEDIUM

Raptive Ads <= 3.6.3 - Unauthenticated Arbitrary File Reset via site_ads_files_reset() and cls_file_reset()

CVE-2024-13231 MEDIUM

WordPress Portfolio Builder - Info Disclosure

CVE-2024-13719 MEDIUM

PeproDev Ultimate Invoice <= 2.0.9 - Unauthenticated Insecure Direct Object Reference via Invoicing Viewer

CVE-2024-13468 HIGH

Trash Duplicate and 301 Redirect <= 1.9 - Unauthenticated Arbitrary Post/Page Deletion via Missing Capability Check

CVE-2024-13783 MEDIUM

FormCraft < 3.9.11 - Authenticated Sensitive Data Exposure via Missing Capability Check

CVE-2024-13316 MEDIUM

Scratch & Win - Unauthenticated RCE

CVE-2024-13556 HIGH

Affiliate Links < 3.0.1 - Unauthenticated PHP Object Injection via File Export Deserialization

CVE-2024-13687 MEDIUM

Team Builder - Meet the Team < 1.3 - Authenticated Unauthorized Data Modification via save_team_builder_options()

Previous Page 159 of 334 Next

Details

Vulnerabilities 8,346

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy