CWE-862

High likelihood

Missing Authorization

Parent: CWE-285 - Improper Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

8,354 vulnerabilities with CWE-862
CVE-2024-53258 MEDIUM
Autolab 3.0.0-3.0.2 - Unauthorized Submission Download via download_all_submissions Feature
CVSS 5.3
CVE-2024-8272 HIGH
com.uaudio.bsd.helper - Privilege Escalation
CVSS 7.8
CVE-2024-9941 HIGH
WPGYM - Wordpress Gym Management System <67.1.0 - Privilege Escalation
CVSS 8.8
CVE-2024-10606 MEDIUM
WP Travel Engine < 6.2.1 - Authenticated Data Modification via wpte_onboard_save_function_callback
CVSS 4.3
CVE-2024-9223 MEDIUM
WPDash Notes <1.3.5 - Info Disclosure
CVSS 4.3
CVE-2024-10813 MEDIUM
Product Table for WooCommerce by CodeAstrology <= 3.5.1 - Sensitive Information Exposure via var_dump_table
CVSS 5.3
CVE-2024-10537 MEDIUM
WP User Manager < 2.9.11 - Authenticated User Meta Key Enumeration via validate_user_meta_key()
CVSS 4.3
CVE-2024-10216 MEDIUM
WP User Manager <= 2.9.11 - Authenticated Data Modification via Missing Capability Check
CVSS 4.3
CVE-2024-0138 CRITICAL
NVIDIA Base Command Manager >=10.24.09 <10.24.09 - Unauthenticated Remote Code Execution via CMDaemon
CVSS 9.8
CVE-2024-0122 HIGH
NVIDIA Delegated Licensing - Info Disclosure
CVSS 7.6
CVE-2024-11601 HIGH
Sky Addons for Elementor <2.6.1 - CSRF
CVSS 8.1
CVE-2024-11355 MEDIUM
WordPress Vimeo Plugin <3.3 - Info Disclosure
CVSS 4.3
CVE-2024-11104 HIGH
Sky Addons for Elementor < 2.6.3 - Authenticated Arbitrary Option Update via Missing Capability Check
CVSS 8.1
CVE-2024-11354 MEDIUM
WordPress Vimeo Plugin <3.3 - Info Disclosure
CVSS 4.3
CVE-2024-11334 MEDIUM
My Contador lesr <2.1 - Info Disclosure
CVSS 4.3
CVE-2024-10532 MEDIUM
Bard Extra <1.2.7 - Info Disclosure
CVSS 4.3
CVE-2024-10528 MEDIUM
Ultimate Member < 2.8.9 - Authenticated Arbitrary Profile Picture Update via Missing Capability Check
CVSS 4.3
CVE-2024-10393 MEDIUM
Tutor LMS < 2.7.6 - Unauthenticated User Registration Bypass via Missing users_can_register Check
CVSS 5.3
CVE-2024-11154 MEDIUM
PublishPress Revisions: Duplicate Posts - Info Disclosure
CVSS 4.3
CVE-2024-10520 MEDIUM
WP Project Manager < 2.6.15 - Unauthenticated Data Modification via Missing Capability Check
CVSS 5.3
CVE-2024-45689 MEDIUM
Moodle < 4.1.13 - Missing Authorization in Dynamic Tables
CVSS 6.5
CVE-2024-10665 MEDIUM
Yaad Sarig Payment Gateway For WC <2.2.4 - Info Disclosure
CVSS 5.4
CVE-2024-10900 MEDIUM
ProfileGrid <= 5.9.3.6 - Authenticated Arbitrary User Meta Deletion
CVSS 6.5
CVE-2024-52395 MEDIUM
QunatumCloud Floating Buttons <2.8.9 - RCE
CVSS 5.3
CVE-2024-51817 MEDIUM
CodeZel Combo WP Rewrite Slugs - Info Disclosure
CVSS 5.4
Details
Vulnerabilities 8,354
Exploit Likelihood High