CWE-862

High likelihood

Missing Authorization

Parent: CWE-285 - Improper Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

8,368 vulnerabilities with CWE-862
CVE-2024-5570 MEDIUM
Simple Photoswipe < 0.1 - Authenticated Missing Authorization in Settings Update
CVSS 6.5
CVE-2024-5864 MEDIUM
Easy Affiliate Links <3.7.3 - Info Disclosure
CVSS 4.3
CVE-2024-5863 MEDIUM
Easy Image Collage <1.13.5 - Info Disclosure
CVSS 5.4
CVE-2024-6071 CRITICAL
PTC Creo Elements/Direct - Command Injection
CVSS 10.0
CVE-2024-22272 MEDIUM
VMware Cloud Director 10.4.x-10.5.x - Authenticated Denial of Service via Organization Disablement
CVSS 4.9
CVE-2024-5820 HIGH
stitionai devika - Unauthenticated Command Execution via WebSocket Connection
CVSS 8.8
CVE-2024-5710 MEDIUM
litellm < 1.40.15 - Unauthenticated Improper Access Control in Team Management Endpoints
CVSS 6.5
CVE-2024-2882 CRITICAL
SDG Technologies PnPSCADA - Unauthenticated RCE
CVE-2024-3115 MEDIUM
GitLab EE <16.11.5-17.1.1 - Info Disclosure
CVSS 4.3
CVE-2024-6303 CRITICAL
Conduit <=0.7.0 - Privilege Escalation
CVSS 9.9
CVE-2024-3249 MEDIUM
Zita Elementor Site Library <1.6.2 - Info Disclosure
CVSS 4.3
CVE-2024-37111 HIGH
WishList Member X < 3.26.7 - Unauthenticated Denial of Service
CVSS 7.5
CVE-2024-6120 MEDIUM
Sparkle Demo Importer <= 1.4.7 - Authenticated Database Reset and Demo Data Import via Missing Capability Check
CVSS 6.5
CVE-2024-3961 MEDIUM
ConvertKit <= 2.4.9 - Unauthenticated Data Modification via tag_subscriber
CVSS 5.3
CVE-2024-3610 MEDIUM
WP Child Theme Generator <= 1.1.1 - Unauthenticated Arbitrary Child Theme Creation
CVSS 5.3
CVE-2024-1955 MEDIUM
Hide Dashboard Notifications <1.4 - Info Disclosure
CVSS 4.3
CVE-2024-1639 MEDIUM
License Manager for WooCommerce <= 3.0.6 - Authenticated Arbitrary License Key Exposure via Missing Capability Check
CVSS 6.5
CVE-2024-3627 MEDIUM
Wheel of Life < 1.1.7 - Authenticated Arbitrary Post Deletion & Settings Modification
CVSS 5.4
CVE-2024-3602 MEDIUM
Promolayer Popup Builder <= 1.1.0 - Authenticated Plugin Settings Update via Missing Capability Check
CVSS 4.3
CVE-2024-34444 HIGH
ThemePunch OHG Slider Revolution <6.7.0 - Info Disclosure
CVSS 7.1
CVE-2024-5768 MEDIUM
MIMO Woocommerce Order Tracking <1.0.2 - Info Disclosure
CVSS 6.4
CVE-2024-4450 MEDIUM
AliExpress Dropshipping - Privilege Escalation
CVSS 6.3
CVE-2024-38506 MEDIUM
JetBrains YouTrack <2024.2.34646 - Privilege Escalation
CVSS 6.3
CVE-2024-38504 MEDIUM
JetBrains YouTrack <2024.2.34646 - Info Disclosure
CVSS 4.3
CVE-2024-5899 LOW
Bazel for IntelliJ CLion and Android Studio < 2024.06.04.0.2 - Missing Authorization for Project Import
CVSS 3.3
Details
Vulnerabilities 8,368
Exploit Likelihood High