CWE-862

High likelihood

Missing Authorization

Parent: CWE-285 - Improper Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

8,368 vulnerabilities with CWE-862
CVE-2024-6799 MEDIUM
YITH Essential Kit for WooCommerce #1 <2.34.0 - Privilege Escalation
CVSS 4.3
CVE-2024-5997 MEDIUM
Duplica - Unauthorized Data Modification
CVSS 4.3
CVE-2024-6455 MEDIUM
ElementsKit Elementor addons <3.2.0 - Info Disclosure
CVSS 5.3
CVE-2024-6599 MEDIUM
Meks Video Importer <1.0.11 - Auth Bypass
CVSS 4.3
CVE-2024-6175 MEDIUM
Booking Ultra Pro Appointments Booking Calendar Plugin <1.1.13 - In...
CVSS 5.4
CVE-2024-5703 MEDIUM
Email Subscribers by Icegram Express < 5.7.26 - Authenticated Missing Authorization in REST API
CVSS 4.3
CVE-2024-6660 HIGH
BookingPress - Privilege Escalation
CVSS 8.8
CVE-2024-6033 MEDIUM
Eventin < 4.0.4 - Authenticated Unauthorized Data Importation via import_file Function
CVSS 4.3
CVE-2024-6621 MEDIUM
RSS Aggregator <4.23.11 - Info Disclosure
CVSS 4.3
CVE-2024-6579 MEDIUM
WPBakery Builder <1.4.5 - Privilege Escalation
CVSS 4.3
CVE-2024-1937 HIGH
Brizy - Page Builder <2.4.44 - Info Disclosure
CVSS 7.1
CVE-2024-6465 MEDIUM
WP Links Page <4.9.5 - Info Disclosure
CVSS 4.3
CVE-2024-37544 MEDIUM
Tobias Conrad Get Better Reviews for WooCommerce <4.0.6 - Info Disc...
CVSS 4.3
CVE-2024-37202 MEDIUM
BinaryCarpenter Ultimate Custom Add To Cart Button - XSS
CVSS 6.5
CVE-2024-6328 CRITICAL
MStore API < 4.14.7 - Unauthenticated Authentication Bypass via Phone Parameter
CVSS 9.8
CVE-2024-6392 MEDIUM
Sirv WordPress <7.2.7 - Privilege Escalation
CVSS 5.4
CVE-2024-39546 HIGH
Juniper Junos OS Evolved Privilege Escalation via Socket Intercept Command File Interface
CVSS 7.3
CVE-2024-0619 MEDIUM
Payflex Payment Gateway <2.5.0 - Info Disclosure
CVSS 5.3
CVE-2024-38353 MEDIUM
CodiMD < 2.5.4 - Unauthenticated Image Data Access via Insecure Filename Generation
CVSS 5.3
CVE-2024-5677 MEDIUM
WordPress Featured Image Generator <1.3.1 - Unauth Img Upload
CVSS 4.3
CVE-2024-21417 HIGH
Windows Text Services Framework - Elevation of Privilege via Missing Authorization
CVSS 8.8
CVE-2024-31332 HIGH
Android - Missing Authorization for Wi-Fi Connection Addition
CVSS 7.8
CVE-2024-31318 HIGH
Android - Local Privilege Escalation via CompanionDeviceManagerService Missing Permission Check
CVSS 7.8
CVE-2024-6167 MEDIUM
Just Custom Fields <3.3.2 - Privilege Escalation
CVSS 4.3
CVE-2024-6069 HIGH
WordPress Registration Forms <3.8.3.4 - Command Injection
CVSS 8.8
Details
Vulnerabilities 8,368
Exploit Likelihood High