CWE-862

High likelihood

Missing Authorization

Parent: CWE-285 - Improper Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

8,365 vulnerabilities with CWE-862
CVE-2024-7447 MEDIUM
Funnelforms Free <= 3.7.3.2 - Unauthenticated Arbitrary File Upload via fnsf_af2_handel_file_upload
CVSS 5.3
CVE-2024-8199 MEDIUM
Reviews Feed - WordPress <1.1.2 - Info Disclosure
CVSS 4.3
CVE-2024-6688 MEDIUM
Oxygen Builder <4.8.3 - Info Disclosure
CVSS 4.3
CVE-2024-43214 MEDIUM
myCred <= 2.7.2 - Sensitive Data Exposure via Missing Authorization
CVSS 5.3
CVE-2024-6631 MEDIUM
ImageRecycle pdf & image compression plugin <3.1.14 - Info Disclosure
CVSS 5.0
CVE-2024-7258 HIGH
WooCommerce Google Feed Manager <= 2.8.0 - Authenticated Arbitrary File Deletion via wppfm_removeFeedFile
CVSS 8.8
CVE-2024-43331 MEDIUM
VeronaLabs WP SMS <6.9.3 - Info Disclosure
CVSS 5.3
CVE-2024-45168 CRITICAL
uci idol2 < 2.12 - Missing Authorization via Raw Socket Communication
CVSS 9.1
CVE-2024-7390 MEDIUM
WP Testimonial Widget <= 3.1 - Unauthenticated Data Modification via fnSaveTestimonailOrder
CVSS 5.3
CVE-2024-7032 MEDIUM
Smart Online Order for Clover <= 1.5.6 - Unauthenticated Data Deletion via moo_deactivateAndClean Function
CVSS 6.5
CVE-2024-7030 MEDIUM
Smart Online Order for Clover <= 1.5.6 - Authenticated Data Modification via Missing Capability Check
CVSS 4.3
CVE-2024-6883 MEDIUM
Event Espresso <5.0.22.decaf - Privilege Escalation
CVSS 4.3
CVE-2024-38810 MEDIUM
Spring Security 6.3.0-6.3.1 - Missing Authorization via @AuthorizeReturnObject Annotation
CVSS 6.5
CVE-2024-5941 MEDIUM
GiveWP <= 3.14.1 - Authenticated Unauthorized Data Access and Deletion
CVSS 5.4
CVE-2024-5940 MEDIUM
GiveWP - Donation Plugin and Fundraising Platform <= 3.13.0 - Unauthenticated Data Modification via Events Beta Feature
CVSS 6.5
CVE-2024-5939 MEDIUM
GiveWP - Donation Plugin and Fundraising Platform <= 3.13.0 - Unauthenticated Data Access via Setup Wizard
CVSS 5.3
CVE-2024-43326 MEDIUM
Jamie Bergen Plugin Notes Plus <1.2.7 - Info Disclosure
CVSS 5.4
CVE-2024-43256 HIGH
nouthemes Leopard-WordPress offload media <2.0.36 - Info Disclosure
CVSS 7.1
CVE-2024-43247 HIGH
WHMpress < 6.2-revision-5 - Missing Authorization
CVSS 8.8
CVE-2024-43401 CRITICAL
XWiki Platform < 15.10-rc-1 - Unauthenticated Privilege Escalation via WYSIWYG Editor Payload
CVSS 9.0
CVE-2024-44069 HIGH
Pi-hole < 6.0 - Unauthenticated Temperature Unit Change via admin/api.php
CVSS 7.5
CVE-2024-35686 MEDIUM
Automattic Sensei <4.23.1 - Info Disclosure
CVSS 5.3
CVE-2024-6500 CRITICAL
InPost <1.4.0-1.4.4 - Info Disclosure
CVSS 10.0
CVE-2024-42434 MEDIUM
Zoom Workplace Apps - Info Disclosure
CVSS 4.9
CVE-2024-39824 MEDIUM
Zoom Meeting SDK < 6.1.0 - Missing Authorization
CVSS 4.9
Details
Vulnerabilities 8,365
Exploit Likelihood High