CWE-862

High likelihood

Missing Authorization

Parent: CWE-285 - Improper Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

8,368 vulnerabilities with CWE-862
CVE-2024-5993 MEDIUM
Cliengo - Chatbot <3.0.1 - Info Disclosure
CVSS 5.4
CVE-2024-5992 MEDIUM
Cliengo - Chatbot plugin <3.0.1 - Info Disclosure
CVSS 6.5
CVE-2024-5856 MEDIUM
Comment Images Reloaded <2.2.1 - Info Disclosure
CVSS 4.3
CVE-2024-5704 MEDIUM
WooCommerce Accordion FAQ Plugin <1.6.4 - Info Disclosure
CVSS 4.3
CVE-2024-5669 MEDIUM
WooCommerce Accordion FAQ Plugin <1.6.4 - XSS
CVSS 6.4
CVE-2024-5648 MEDIUM
LearnDash LMS - Reports <1.8.2 - Info Disclosure
CVSS 5.4
CVE-2024-5600 MEDIUM
SCSS Happy Compiler <= 1.3.10 - Authenticated Stored XSS via import_settings()
CVSS 5.4
CVE-2024-4102 MEDIUM
Pricing Table plugin <2.0.1 - Info Disclosure
CVSS 5.4
CVE-2024-3608 MEDIUM
Product Designer <1.0.33 - Info Disclosure
CVSS 5.3
CVE-2024-6180 HIGH
EventON < 2.2.15 - Unauthenticated Arbitrary Setting Modification via eventon_import_settings AJAX Action
CVSS 7.2
CVE-2024-39596 MEDIUM
SAP Enable Now - Missing Authorization
CVSS 4.3
CVE-2024-37175 MEDIUM
SAP CRM WebClient UI - Missing Authorization Check
CVSS 4.3
CVE-2024-37172 MEDIUM
SAP S/4HANA Finance - Authenticated Privilege Escalation via Advanced Payment Management
CVSS 5.4
CVE-2024-39592 HIGH
SAP S4CORE - Missing Authorization Leading to Privilege Escalation
CVSS 7.7
CVE-2024-5855 MEDIUM
Media Hygiene: Remove or Delete Unused Images and More! <3.0.2 - In...
CVSS 4.3
CVE-2024-4341 MEDIUM
Extreme XDS < 3928 - Authorization Bypass via User-Controlled Key
CVSS 6.5
CVE-2024-37542 MEDIUM
WpDevArt Gallery Album < 2.0.3 - Missing Authorization
CVSS 5.4
CVE-2024-37903 HIGH
Mastodon 2.6.0-4.1.18 - Unauthorized Post Audience Extension via Crafted Activities
CVSS 8.2
CVE-2024-5641 MEDIUM
One Click Order Re-Order <1.1.9 - Info Disclosure
CVSS 6.4
CVE-2024-36113 MEDIUM
Discourse <3.2.3-3.3.0.beta4-dev - Privilege Escalation
CVSS 4.9
CVE-2024-6088 MEDIUM
LearnPress < 4.2.6.8.1 - Unauthenticated User Registration via Missing Capability Check
CVSS 5.3
CVE-2024-6012 MEDIUM
Cost Calculator Builder <= 3.2.12 - Authenticated Arbitrary Post Creation and Modification via Missing Capability Check
CVSS 4.3
CVE-2024-5545 MEDIUM
Motors - Car Dealer < 1.4.9 - Unauthenticated Arbitrary Post Unpublishing
CVSS 5.3
CVE-2024-36995 MEDIUM
Splunk Enterprise <9.2.2, <9.1.5, <9.0.10 & Splunk Cloud Platform <9.1.2312.200, <9.1.2308.207 Missing Authorization
CVSS 5.4
CVE-2024-6375 MEDIUM
MongoDB <5.0.22-6.0.11-7.0.3 - Privilege Escalation
CVSS 5.4
Details
Vulnerabilities 8,368
Exploit Likelihood High