CWE-862

High likelihood

Missing Authorization

Parent: CWE-285 - Improper Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

8,361 vulnerabilities with CWE-862
CVE-2024-49293 MEDIUM
RexTheme WP VR <= 8.5.4 - Missing Authorization
CVSS 4.3
CVE-2024-49273 MEDIUM
ProfileGrid <= 5.9.3 - Missing Authorization
CVSS 4.3
CVE-2024-49325 MEDIUM
wpdiscover Photo Gallery Builder < 3.0 - Missing Authorization to Notice Dismissal
CVSS 4.3
CVE-2024-10078 MEDIUM
WP Easy Post Types <1.4.4 - Privilege Escalation
CVSS 6.3
CVE-2024-9364 MEDIUM
SendGrid for WordPress <= 1.4 - Authenticated Log Deletion via Missing Capability Check
CVSS 4.3
CVE-2024-9361 MEDIUM
Bulk Images Optimizer <= 2.0.1 - Authenticated Arbitrary Plugin Option Modification
CVSS 4.3
CVE-2024-20463 MEDIUM
Cisco ATA 190 Series - Unauthenticated RCE
CVSS 5.4
CVE-2024-45461 MEDIUM
Apache CloudStack <4.18.2.3 & <4.19.1.1 - Privilege Escalation
CVSS 5.7
CVE-2024-9891 MEDIUM
Contact Form 7 <2.8.1 - Privilege Escalation
CVSS 4.3
CVE-2024-38190 HIGH
Power Platform - Unauthenticated Sensitive Information Exposure via Network Attack
CVSS 8.6
CVE-2024-21254 HIGH
Oracle BI Publisher 7.0.0.0.0, 7.6.0.0.0, 12.2.1.4.0 - Missing Authorization via Web Server
CVSS 8.8
CVE-2024-21252 HIGH
Oracle Product Hub 12.2.3-12.2.13 - Missing Authorization in Item Catalog
CVSS 8.1
CVE-2024-21250 HIGH
Oracle Process Manufacturing 12.2.13-12.2.14 Missing Authorization in Quality Manager
CVSS 8.1
CVE-2024-21246 HIGH
Oracle Service Bus 12.2.1.4.0 - Unauthenticated Missing Authorization via HTTP
CVSS 7.5
CVE-2024-21234 HIGH
Oracle WebLogic Server 12.2.1.4.0 and 14.1.1.0.0 - Unauthenticated Missing Authorization via T3, IIOP
CVSS 7.5
CVE-2024-21216 CRITICAL
Oracle WebLogic Server 12.2.1.4.0 and 14.1.1.0.0 - Unauthenticated Remote Code Execution via T3, IIOP
CVSS 9.8
CVE-2024-21215 HIGH
Oracle WebLogic Server 12.2.1.4.0 and 14.1.1.0.0 - Unauthenticated Denial of Service via HTTP
CVSS 7.5
CVE-2024-45732 HIGH
Splunk Enterprise < 9.3.1, 9.2.0-9.2.3 & Splunk Cloud Platform < 9.2.2403.103 - Missing Authorization
CVSS 7.1
CVE-2024-9756 MEDIUM
Order Attachments for WooCommerce 2.0-2.4.1 - Authenticated Arbitrary File Upload via wcoa_add_attachment AJAX Action
CVSS 4.3
CVE-2024-9824 MEDIUM
ImagePress - Image Gallery <1.2.2 - Privilege Escalation
CVSS 4.3
CVE-2024-9187 MEDIUM
Read more By Adam <1.1.8 - Info Disclosure
CVSS 4.3
CVE-2024-9860 MEDIUM
Bridge Core <3.3 - Privilege Escalation
CVSS 5.4
CVE-2024-9707 CRITICAL
Hunk Companion <= 1.8.4 - Unauthenticated Arbitrary Plugin Installation and Activation via REST API
CVSS 9.8
CVE-2024-9587 MEDIUM
Linkz.ai <= 1.1.8 - Authenticated Unauthorized Data Modification via ajax_linkz Function
CVSS 5.4
CVE-2024-9586 MEDIUM
linkz.ai <= 1.1.8 - Unauthenticated Data Modification via Missing Capability Check
CVSS 6.5
Details
Vulnerabilities 8,361
Exploit Likelihood High