CWE-862

High likelihood

Missing Authorization

Parent: CWE-285 - Improper Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

8,388 vulnerabilities with CWE-862
CVE-2024-4355 MEDIUM
Block Bad Bots <= 10.23 - Authenticated Unauthorized Data Access
CVSS 4.3
CVE-2024-3277 MEDIUM
Yumpu ePaper publishing plugin <2.0.24 - Info Disclosure
CVSS 5.0
CVE-2024-36377 MEDIUM
JetBrains TeamCity <2024.03.2 - Privilege Escalation
CVSS 6.5
CVE-2024-36036 MEDIUM
Zoho ManageEngine ADAudit Plus <=7.260 - Info Disclosure
CVSS 4.2
CVE-2024-35237 HIGH
MIT IdentiBot <48e3e5e7ead6777fa75d57c7711c8e55b501c24e - Info Disc...
CVSS 7.5
CVE-2024-4858 MEDIUM
Testimonial Carousel For Elementor <= 10.2.0 - Unauthenticated Data Modification via save_testimonials_option_callback
CVSS 5.3
CVE-2024-5318 MEDIUM
GitLab CE/EE <16.10.6/<16.11.3/<17.0.1 - Info Disclosure
CVSS 4.0
CVE-2024-1376 MEDIUM
Event post < 5.9.5 - Authenticated Unauthorized Bulk Metadata Update via save_bulkdatas Function
CVSS 4.3
CVE-2024-0893 MEDIUM
Schema App Structured Data plugin - Info Disclosure
CVSS 4.3
CVE-2024-3711 MEDIUM
Brizy < 2.4.44 - Authenticated Plugin Setting Update via Missing Capability Check
CVSS 4.3
CVE-2024-3626 MEDIUM
Email Subscribers by Icegram Express - Info Disclosure
CVSS 4.3
CVE-2024-20355 MEDIUM
Cisco ASA/FTD - Privilege Escalation
CVSS 5.0
CVE-2024-2036 MEDIUM
WordPress ApplyOnline <2.6 - Info Disclosure
CVSS 4.3
CVE-2024-3663 MEDIUM
WP Scraper <5.7 - Privilege Escalation
CVSS 4.3
CVE-2024-0453 MEDIUM
WordPress AI ChatBot <5.3.4 - Info Disclosure
CVSS 5.0
CVE-2024-0452 MEDIUM
WordPress AI ChatBot <5.3.4 - Info Disclosure
CVSS 5.0
CVE-2024-0451 MEDIUM
WordPress AI ChatBot <5.3.4 - Info Disclosure
CVSS 5.0
CVE-2024-3268 MEDIUM
YouTube Video Gallery by YouTube Showcase < 3.3.6 - Unauthenticated Arbitrary Post Creation via Missing Capability Check
CVSS 5.3
CVE-2024-4875 MEDIUM
HT Mega < 2.5.3 - Authenticated Data Modification via Missing Capability Check
CVSS 4.3
CVE-2024-4566 HIGH
ShopLentor <= 2.8.8 - Authenticated Arbitrary Option Modification via ajax_dismiss Function
CVSS 7.1
CVE-2024-3761 HIGH
lunary < 1.2.8 - Unauthenticated Dataset Deletion via DELETE Endpoint
CVSS 7.5
CVE-2024-2782 HIGH
WordPress FluentForms <= 5.1.16 - Broken Access Control
CVSS 7.5
CVE-2024-2771 CRITICAL
Contact Form Plugin by Fluent Forms < 5.1.17 - Unauthenticated Limited Privilege Escalation
CVSS 9.8
CVE-2024-35174 MEDIUM
Flothemes Flo Forms <1.0.42 - Info Disclosure
CVSS 5.3
CVE-2024-32802 MEDIUM
WordPlus BP Better Messages <2.4.32 - Info Disclosure
CVSS 5.3
Details
Vulnerabilities 8,388
Exploit Likelihood High