CWE-862

High likelihood

Missing Authorization

Parent: CWE-285 - Improper Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

8,388 vulnerabilities with CWE-862
CVE-2024-30534 MEDIUM
Calendarista Basic Edition <= 3.0.5 - Missing Authorization
CVSS 6.5
CVE-2024-22151 MEDIUM
Codection <1.24.6 - Info Disclosure
CVSS 5.3
CVE-2024-21748 MEDIUM
Icegram < 3.1.21 - Missing Authorization
CVSS 4.3
CVE-2024-35659 MEDIUM
Iqonic Design KiviCare < 3.6.6 - Missing Authorization
CVSS 5.3
CVE-2024-5654 MEDIUM
CF7 Google Sheets Connector <5.0.9 - Info Disclosure
CVSS 6.5
CVE-2024-4468 MEDIUM
WordPress <9.9 - Privilege Escalation
CVSS 4.3
CVE-2024-5087 MEDIUM
Minimal Coming Soon - Coming Soon Page < 2.38 - Authenticated Unauthorized Data Modification via License Key Update
CVSS 6.3
CVE-2024-4661 MEDIUM
WP Reset <= 2.02 - Authenticated Unauthorized Data Modification via save_ajax Function
CVSS 4.3
CVE-2024-5770 MEDIUM
WP Force SSL & HTTPS SSL Redirect <= 1.66 - Authenticated Unauthorized Data Modification via ajax_save_setting
CVSS 4.2
CVE-2024-5382 MEDIUM
Master Addons < 2.0.6.1 - Unauthenticated Data Modification via 'ma-template' REST API Route
CVSS 6.5
CVE-2024-5637 HIGH
WordPress Market Exporter <2.0.19 - Info Disclosure
CVSS 7.5
CVE-2024-5607 MEDIUM
GDPR CCPA Compliance & Cookie Consent Banner <2.7.0 - Info Disclosure
CVSS 5.4
CVE-2024-1689 MEDIUM
WooCommerce Tools <= 1.2.9 - Authenticated Arbitrary Plugin Module Deactivation via Missing Capability Check
CVSS 4.3
CVE-2024-5248 MEDIUM
lunary 1.2.5-<1.4.9 - Missing Authorization in GET /v1/users/me/org Endpoint
CVSS 6.5
CVE-2024-5130 HIGH
lunary-ai/lunary <1.2.8 - Auth Bypass
CVSS 7.5
CVE-2024-5129 HIGH
lunary-ai/lunary <1.2.2 - Privilege Escalation
CVSS 8.2
CVE-2024-5126 MEDIUM
lunary-ai/lunary <1.2.25 - Info Disclosure
CVSS 6.5
CVE-2024-4888 HIGH
litellm < 1.35.19 - Unauthenticated Arbitrary File Deletion via /audio/transcriptions Endpoint
CVSS 8.1
CVE-2024-2035 MEDIUM
zenml < 0.56.2 - Authenticated Missing Authorization via API PUT /api/v1/users/id Endpoint
CVSS 6.5
CVE-2024-5127 MEDIUM
lunary-ai/lunary <1.2.26 - Privilege Escalation
CVSS 5.4
CVE-2024-5489 MEDIUM
Wbcom Designs - Custom Font Uploader <= 2.3.4 - Authenticated Arbitrary Font Deletion via Missing Capability Check
CVSS 4.3
CVE-2024-5665 MEDIUM
WordPress Login/Signup Popup - Info Disclosure
CVSS 4.3
CVE-2024-5449 MEDIUM
WP Dark Mode < 5.0.4 - Authenticated Unauthorized Data Modification via wpdm_social_share_save_options
CVSS 4.3
CVE-2024-1175 MEDIUM
WP-Recall < 16.26.6 - Unauthenticated Arbitrary Payment Deletion via Missing Capability Check
CVSS 5.3
CVE-2024-0972 MEDIUM
BuddyPress Members Only <3.3.5 - Info Disclosure
CVSS 5.3
Details
Vulnerabilities 8,388
Exploit Likelihood High