CWE-862

High likelihood

Missing Authorization

Parent: CWE-285 - Improper Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

8,365 vulnerabilities with CWE-862
CVE-2024-7605 MEDIUM
HelloAsso < 1.1.10 - Authenticated Data Modification via Missing Capability Check
CVSS 4.3
CVE-2024-7381 MEDIUM
Geo Controller < 8.6.9 - Unauthenticated Arbitrary Shortcode Execution via ajax__shortcode_cache
CVSS 5.3
CVE-2024-7380 MEDIUM
Geo Controller < 8.7.3 - Authenticated Menu Creation and Deletion via Missing Capability Checks
CVSS 4.3
CVE-2024-6332 MEDIUM
Amelia Premium & Lite <7.7-1.2.3 - Info Disclosure
CVSS 6.5
CVE-2024-5309 MEDIUM
Form Vibes - Database Manager for Forms <1.4.12 - Info Disclosure
CVSS 5.4
CVE-2024-45050 HIGH
Ringer Server <1.3.1 - Info Disclosure
CVSS 7.1
CVE-2024-8289 CRITICAL
MultiVendorX <4.2.0 - Privilege Escalation
CVSS 9.8
CVE-2024-8121 MEDIUM
WP Extended <3.0.8 - Privilege Escalation
CVSS 5.4
CVE-2024-8102 HIGH
WP Extended <3.0.8 - Privilege Escalation
CVSS 8.8
CVE-2024-7950 CRITICAL
WP Job Portal < 2.1.6 - Unauthenticated Local File Inclusion and Arbitrary Settings Update via checkFormRequest
CVSS 9.8
CVE-2024-45307 HIGH
SudoBot <9.26.7 - Privilege Escalation
CVSS 8.8
CVE-2024-4259 CRITICAL
SAMPA Holding AKOS < 2024-09-02 - Missing Authorization in AkosCepVatandasService and TahsilatService
CVSS 9.8
CVE-2024-5053 MEDIUM
Fluent Forms < 5.1.18 - Unauthorized Mailchimp API Key Update via Insufficient Capability Check
CVSS 4.2
CVE-2024-7858 MEDIUM
Media Library Folders <= 8.2.3 - Authenticated Missing Authorization in AJAX Functions
CVSS 6.3
CVE-2024-5784 HIGH
Tutor LMS Pro <= 2.7.2 - Authenticated Missing Authorization in Administrative Functions
CVSS 7.1
CVE-2024-43940 MEDIUM
Zynith < 7.4.9 - Missing Authorization
CVSS 6.5
CVE-2024-43939 MEDIUM
Zynith < 7.4.9 - Missing Authorization
CVSS 6.5
CVE-2024-7856 HIGH
MP3 Audio Player by Sonaar <= 5.7.0.1 - Arbitrary File Deletion via removeTempFiles
CVSS 8.1
CVE-2024-5987 MEDIUM
WP Accessibility Helper (WAH) <= 0.6.2.8 - Authenticated Data Modification via Missing Capability Check
CVSS 5.4
CVE-2024-5857 MEDIUM
Funnelforms Free <= 3.7.3.2 - Unauthenticated Arbitrary Media File Deletion via af2_handel_file_remove AJAX Action
CVSS 5.3
CVE-2024-4428 CRITICAL
Menulux Information Technologies Managment Portal <21.05.2024 - Inf...
CVSS 9.8
CVE-2024-41918 MEDIUM
Rakuten Ichiba < 11.7.0 (iOS) and < 12.4.0 (Android) - Missing Authorization in Custom URL Scheme Handler
CVSS 6.1
CVE-2024-45058 HIGH
i-Educar <2.9 - Privilege Escalation
CVSS 8.1
CVE-2024-20413 MEDIUM
Cisco NX-OS Software - Privilege Escalation
CVSS 6.7
CVE-2024-8195 MEDIUM
Permalink Manager Lite <2.4.4 - Info Disclosure
CVSS 5.3
Details
Vulnerabilities 8,365
Exploit Likelihood High