CWE-862

High likelihood

Missing Authorization

Parent: CWE-285 - Improper Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

8,368 vulnerabilities with CWE-862
CVE-2024-7031 HIGH
File Manager Pro - Filester <= 1.8.2 - Authenticated Arbitrary Setting Modification via njt_fs_saveSettingRestrictions
CVSS 7.5
CVE-2024-5331 MEDIUM
Breakdance <1.7.2 - Info Disclosure
CVSS 4.3
CVE-2024-6698 HIGH
FundEngine <1.7.0 - Privilege Escalation
CVSS 8.8
CVE-2024-41108 HIGH
fogproject 1.5.10-1.5.10.41 - Unauthenticated Information Disclosure via Hostinfo Page
CVSS 7.5
CVE-2024-37901 CRITICAL
XWiki 9.2-14.10.20 - Authenticated Remote Code Execution via SearchSuggestClass Instances
CVSS 9.9
CVE-2024-37898 MEDIUM
XWiki Platform 13.10.4-14.0 and 13.10.4-14.10.21 - Missing Authorization in Page Deletion
CVSS 4.3
CVE-2024-7135 MEDIUM
Tainacan <= 0.21.7 - Authenticated Arbitrary File Read via Missing Authorization in get_file Function
CVSS 6.5
CVE-2024-2508 MEDIUM
WP Mobile Menu <2.8.4.4 - Info Disclosure
CVSS 5.3
CVE-2024-40834 MEDIUM
macOS < 12.7.6, < 13.6.8, < 14.6 - Missing Authorization for Shortcuts App Settings
CVSS 4.4
CVE-2024-41624 MEDIUM
Himalaya Xiaoya nano smart speaker <1.6.96 - Info Disclosure
CVSS 6.3
CVE-2024-6458 MEDIUM
WooCommerce Product Table Lite <3.5.1 - XSS
CVSS 6.4
CVE-2024-6591 MEDIUM
Ultimate WordPress Auction Plugin <4.2.6 - XSS
CVSS 5.8
CVE-2024-4410 MEDIUM
IgnitionDeck Crowdfunding Platform <1.9.8 - Privilege Escalation
CVSS 5.4
CVE-2024-1804 MEDIUM
Tutor LMS - Migration Tool <= 2.2.0 - Authenticated Data Modification via tutor_import_from_xml Function
CVSS 4.3
CVE-2024-1798 MEDIUM
Tutor LMS - Migration Tool <= 2.2.0 - Unauthenticated Data Export via tutor_lp_export_xml Function
CVSS 5.3
CVE-2024-6836 MEDIUM
FunnelKit - WordPress <3.4.6 - Info Disclosure
CVSS 4.3
CVE-2024-5861 MEDIUM
WP EasyPay - Square for WordPress <= 4.2.3 - Unauthenticated Square Disconnection via Missing Capability Check
CVSS 5.3
CVE-2024-6755 MEDIUM
Social Auto Poster <5.3.14 - Info Disclosure
CVSS 6.5
CVE-2024-6754 MEDIUM
Social Auto Poster <5.3.14 - Privilege Escalation
CVSS 5.4
CVE-2024-6750 HIGH
Social Auto Poster <5.3.14 - Auth Bypass
CVSS 7.3
CVE-2024-6806 CRITICAL
NI VeriStand < 2024 Q2 - Missing Authorization Leading to Remote Code Execution
CVSS 9.8
CVE-2024-6805 HIGH
NI VeriStand <2024 Q2 - Info Disclosure/Remote Code Execution
CVSS 7.5
CVE-2024-6636 CRITICAL
WooCommerce - Social Login <2.7.3 - Info Disclosure
CVSS 9.8
CVE-2024-6491 MEDIUM
Getwid - Gutenberg Blocks <2.0.10 - Info Disclosure
CVSS 4.3
CVE-2024-6489 MEDIUM
Getwid - Gutenberg Blocks <2.0.10 - Info Disclosure
CVSS 5.3
Details
Vulnerabilities 8,368
Exploit Likelihood High