CWE-862

High likelihood

Missing Authorization

Parent: CWE-285 - Improper Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

8,361 vulnerabilities with CWE-862
CVE-2024-9629 MEDIUM
Contact Form 7 + Telegram <0.8.5 - Privilege Escalation
CVSS 5.4
CVE-2024-50573 MEDIUM
JetBrains Hub < 2024.3.47707 - Missing Authorization for Permanent Token Generation
CVSS 4.3
CVE-2024-10402 HIGH
Forminator Forms < 1.35.1 - Authenticated Missing Authorization in Form Management
CVSS 7.5
CVE-2024-10092 MEDIUM
WordPress Download Monitor <5.0.12 - Info Disclosure
CVSS 4.3
CVE-2024-9626 MEDIUM
Sovrn plugin <1.3.3 - Info Disclosure
CVSS 4.3
CVE-2024-9584 MEDIUM
Image Map Pro < 6.0.20 - Authenticated Data Modification and Deletion via AJAX Function
CVSS 5.4
CVE-2024-9630 MEDIUM
WPS Telegram Chat < 4.6.0 - Unauthenticated Authorization Bypass via Telegram Bot API
CVSS 5.4
CVE-2024-9628 MEDIUM
WPS Telegram Chat < 4.6.0 - Authenticated Unauthorized Data Modification via Telegram Bot API
CVSS 6.3
CVE-2024-9109 MEDIUM
WooCommerce UPS Shipping < 2.3.12 - Authenticated Authorization Bypass via delete_oauth_data
CVSS 4.3
CVE-2024-9686 MEDIUM
Order Notification for Telegram <= 1.0.1 - Unauthenticated Test Message Sending via Telegram Bot API
CVSS 5.3
CVE-2024-49357 HIGH
ZimaOS < 1.2.5 - Unauthenticated Sensitive Data Exposure via API Endpoints
CVSS 7.5
CVE-2024-48932 MEDIUM
ZimaOS < 1.5.0 - Unauthenticated Sensitive Information Exposure via User Name API Endpoint
CVSS 5.3
CVE-2024-48538 CRITICAL
Neye3C 4.5.2.0 - Missing Authorization for Firmware Update and Download
CVSS 9.8
CVE-2024-49683 MEDIUM
Schema & Structured Data for WP & AMP <1.3.5 - Info Disclosure
CVSS 5.3
CVE-2024-9531 MEDIUM
MultiVendorX < 4.2.5 - Authenticated Arbitrary Vendor Deactivation Request via mvx_sent_deactivation_request
CVSS 4.3
CVE-2024-8667 MEDIUM
HurryTimer <2.10.0 - Privilege Escalation
CVSS 4.3
CVE-2024-49657 HIGH
ReneeCussack 3D Work In Progress <1.0.4 - Info Disclosure
CVSS 7.7
CVE-2024-43924 MEDIUM
dFactory Responsive Lightbox < 2.4.7 - Missing Authorization
CVSS 5.3
CVE-2024-9583 MEDIUM
RSS Aggregator < 4.23.13 - Authenticated Unauthorized Functionality Use via wprss_ajax_send_premium_support
CVSS 4.3
CVE-2024-9829 MEDIUM
Download Plugin < 2.2.0 - Authenticated Unauthorized Data Access via Missing Capability Checks
CVSS 6.5
CVE-2024-38002 CRITICAL
Liferay Portal/DXP - Authenticated RCE
CVSS 9.0
CVE-2024-10003 MEDIUM
Rover IDX <3.0.0.2903 - Privilege Escalation
CVSS 6.3
CVE-2024-48645 HIGH
Minecraft mod 'Command Block IDE' <0.4.9 - Privilege Escalation
CVSS 7.5
CVE-2024-49367 HIGH
nginxui/nginx_ui < 2.0.0-beta.36 - Unauthenticated Directory Traversal and Arbitrary File Read via Log Path Manipulation
CVSS 7.5
CVE-2024-49321 MEDIUM
Simple Custom Post Order <= 2.5.7 - Missing Authorization
CVSS 4.3
Details
Vulnerabilities 8,361
Exploit Likelihood High