CWE-862

High likelihood

Missing Authorization

Parent: CWE-285 - Improper Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

8,365 vulnerabilities with CWE-862
CVE-2024-9297 MEDIUM
SourceCodester Online Railway Reservation System 1.0 - Missing Authorization in Admin Page Parameter
CVSS 6.3
CVE-2024-9189 MEDIUM
EU/UK VAT Manager for WooCommerce <= 2.12.12 - Unauthenticated Data Modification via alg_wc_eu_vat_exempt_vat_from_admin
CVSS 5.3
CVE-2024-9202 MEDIUM
Eclipse Dataspace Components 0.1.3-0.9.0 - Missing Authorization in Dataset Resolver
CVSS 5.3
CVE-2024-8771 MEDIUM
Email Subscribers by Icegram Express - Info Disclosure
CVSS 4.3
CVE-2024-9025 MEDIUM
Sight <= 1.1.2 - Unauthenticated Data Exposure via handler_post_title
CVSS 5.3
CVE-2024-47337 MEDIUM
Stuart Wilson Joy Of Text Lite <2.3.1 - Info Disclosure
CVSS 4.3
CVE-2024-8552 MEDIUM
WordPress Download Monitor <5.0.9 - Info Disclosure
CVSS 4.3
CVE-2024-47330 MEDIUM
Supsystic Slider <1.8.6, Supsystic Social Share Buttons <2.2.9 - In...
CVSS 4.3
CVE-2024-8678 MEDIUM
Revolut Gateway <4.17.3 - Info Disclosure
CVSS 5.3
CVE-2024-8658 MEDIUM
myCred - Loyalty Points and Rewards - Info Disclosure
CVSS 5.3
CVE-2024-6845 MEDIUM
Chatbot with ChatGPT WP <2.4.6 - Info Disclosure
CVSS 5.3
CVE-2024-8434 MEDIUM
Easy Mega Menu Plugin <1.0.9 - Privilege Escalation
CVSS 4.3
CVE-2024-8350 LOW
Uncanny Groups for LearnDash <6.1.0.1 - Privilege Escalation
CVSS 2.7
CVE-2024-8349 HIGH
Uncanny Groups for LearnDash <6.1.0.1 - Privilege Escalation
CVSS 7.2
CVE-2024-7491 MEDIUM
HUSKY Products Filter Professional for WooCommerce <= 1.3.6.1 - IDOR via woof_messenger_remove_subscr
CVSS 5.3
CVE-2024-6590 MEDIUM
Spreadsheet Integration <3.7.9 - Privilege Escalation
CVSS 6.3
CVE-2024-8437 MEDIUM
WP Easy Gallery < 4.8.5 - Authenticated Unauthorized Access via AJAX Functions
CVSS 4.3
CVE-2024-8432 MEDIUM
Webba Booking <5.0.48 - Info Disclosure
CVSS 4.3
CVE-2024-6406 HIGH
Yordam Information Technology Mobile Library App <5.0 - Info Disclo...
CVE-2024-40852 MEDIUM
iPadOS < 18.0 - Unauthenticated Recent Photos Exposure in Assistive Access
CVSS 5.3
CVE-2024-7888 MEDIUM
Classified Listing < 3.1.7 - Authenticated Missing Authorization in FormBuilderAdminAjax Functions
CVSS 6.3
CVE-2024-4660 MEDIUM
GitLab 11.2.0-17.1.6, 17.2.0-17.2.4, 17.3.0-17.3.1 - Private Project Source Code Exposure via Group Templates
CVSS 6.5
CVE-2024-3305 HIGH
SoliClub <4.4.0-5.2.1 - Auth Bypass
CVSS 7.5
CVE-2024-7727 MEDIUM
HTML5 Video Player < 2.5.33 - Unauthenticated Unauthorized Data Access via h5vp_ajax_handler
CVSS 5.3
CVE-2024-7721 MEDIUM
HTML5 Video Player Plugin < 2.5.35 - Authenticated Data Modification via save_password
CVSS 4.3
Details
Vulnerabilities 8,365
Exploit Likelihood High