CWE-862

High likelihood

Missing Authorization

Parent: CWE-285 - Improper Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

8,391 vulnerabilities with CWE-862
CVE-2024-34372 MEDIUM
AddonMaster Post Grid Master <3.4.7 - Info Disclosure
CVSS 5.3
CVE-2024-34371 MEDIUM
Hamid Alinia - idehweb <1.7.18 - Info Disclosure
CVSS 4.3
CVE-2024-33912 HIGH
Academy LMS <= 1.9.16 - Missing Authorization
CVSS 7.1
CVE-2024-33910 MEDIUM
Supsystic Digital Publications <1.7.7 - Info Disclosure
CVSS 5.3
CVE-2024-1050 MEDIUM
WordPress <1.26.5 - Privilege Escalation
CVSS 4.3
CVE-2024-3237 MEDIUM
WordPress ConvertPlug <3.5.25 - Info Disclosure
CVSS 5.4
CVE-2024-33937 MEDIUM
Nico Martin PWA <2.1.13 - Info Disclosure
CVSS 4.3
CVE-2024-33931 MEDIUM
ilGhera JW Player for WordPress <2.3.3 - Info Disclosure
CVSS 6.5
CVE-2024-33929 MEDIUM
wpWax Directorist <7.8.6 - Info Disclosure
CVSS 5.3
CVE-2024-33925 MEDIUM
Embed Google Fonts <3.1.0 - Info Disclosure
CVSS 4.3
CVE-2024-33923 MEDIUM
Smartypants SP Project & Document Manager <4.69 - Info Disclosure
CVSS 6.3
CVE-2024-33920 MEDIUM
Kama Democracy Poll <6.0.3 - Info Disclosure
CVSS 5.3
CVE-2024-33919 MEDIUM
Rometheme RomethemeKit For Elementor <1.4.1 - Info Disclosure
CVSS 6.5
CVE-2024-33915 MEDIUM
Bowo Debug Log Manager <2.3.1 - Info Disclosure
CVSS 4.3
CVE-2024-33914 MEDIUM
Exclusive Addons Elementor < 2.6.9.1 - Missing Authorization on Post Duplication
CVSS 4.3
CVE-2024-33941 MEDIUM
Avirtum iPanorama 360 <1.8.1 - Info Disclosure
CVSS 5.3
CVE-2024-32810 HIGH
ShortPixel Critical CSS <1.0.2 - Info Disclosure
CVSS 7.6
CVE-2024-24710 MEDIUM
SlickRemix Feed Them Social <4.2.0 - Info Disclosure
CVSS 4.3
CVE-2024-3942 MEDIUM
MasterStudy LMS WordPress Plugin <= 3.3.8 - Authenticated Missing Authorization
CVSS 6.3
CVE-2024-3936 MEDIUM
The Post Grid < 7.6.1 - Authenticated Unauthorized Data Modification via rtTPGSaveSettings Function
CVSS 4.3
CVE-2024-3897 MEDIUM
Popup Box - Best WordPress Popup Plugin <4.3.6 - Info Disclosure
CVSS 5.3
CVE-2024-3895 HIGH
WP Datepicker <= 2.1.0 - Authenticated Arbitrary Option Update via wpdp_add_new_datepicker_ajax
CVSS 8.8
CVE-2024-3607 MEDIUM
PropertyHive <= 2.0.12 - Authenticated Arbitrary Post Deletion via Missing Capability Check
CVSS 4.3
CVE-2024-3606 MEDIUM
ProfileGrid <= 5.8.3 - Authenticated Unauthorized Data Deletion
CVSS 4.3
CVE-2024-3601 MEDIUM
Poll Maker WordPress Plugin <= 5.1.8 - Unauthenticated Sensitive Data Exposure
CVSS 5.3
Details
Vulnerabilities 8,391
Exploit Likelihood High