CWE-862

High likelihood

Missing Authorization

Parent: CWE-285 - Improper Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

8,391 vulnerabilities with CWE-862
CVE-2024-32828 MEDIUM
Octolize Flexible Shipping <4.24.15 - Info Disclosure
CVSS 4.3
CVE-2024-32826 MEDIUM
Vektor,Inc. VK Block Patterns <1.31.0 - Info Disclosure
CVSS 5.3
CVE-2024-3678 MEDIUM
Blog2Social: Social Media Auto Post & Scheduler - Info Disclosure
CVSS 5.3
CVE-2024-4163 HIGH
Skylab IGX IIoT Gateway - Privilege Escalation
CVSS 8.0
CVE-2024-33667 MEDIUM
Zammad < 6.3.0 - Authenticated Denial of Service via Generic Method Endpoint
CVSS 6.5
CVE-2024-3893 MEDIUM
Classified Listing < 3.0.11 - Authenticated Arbitrary Attachment Deletion via rtcl_fb_gallery_image_delete AJAX Action
CVSS 4.3
CVE-2024-32678 MEDIUM
TrackShip for WooCommerce <1.7.5 - Info Disclosure
CVSS 5.3
CVE-2024-32677 MEDIUM
LoginPress Pro <3.0.0 - Info Disclosure
CVSS 5.3
CVE-2024-32675 MEDIUM
Xfinity Soft Order Limit for WooCommerce <2.0.0 - Info Disclosure
CVSS 6.5
CVE-2024-32432 MEDIUM
Ovic Addon Toolkit <2.6.1 - Info Disclosure
CVSS 4.3
CVE-2024-32951 MEDIUM
BloomPixel Max Addons Pro - Info Disclosure
CVSS 6.5
CVE-2024-32948 CRITICAL
ARMember < 4.0.28 - Missing Authorization
CVSS 9.1
CVE-2024-32679 MEDIUM
Shared Files <1.7.16 - Info Disclosure
CVSS 5.3
CVE-2024-0900 MEDIUM
Elespare WordPress <2.1.2 - Privilege Escalation
CVSS 4.3
CVE-2024-3664 MEDIUM
WordPress <13.7.0 - Info Disclosure
CVSS 4.3
CVE-2024-32656 HIGH
Ant Media Server 2.6.0-2.8.2 - Unauthenticated Local Privilege Escalation via JMX MLet Bean
CVSS 7.8
CVE-2024-32691 MEDIUM
realmag777 Active Products Tables for WooCommerce <1.0.6.2 - Info D...
CVSS 5.3
CVE-2024-32688 MEDIUM
Long Watch Studio MyRewards <5.3.0 - Info Disclosure
CVSS 6.5
CVE-2024-32687 MEDIUM
WPClever WPC <7.0.3 - Info Disclosure
CVSS 4.3
CVE-2024-32684 MEDIUM
Wpmet Wp Ultimate Review <= 2.2.5 - Missing Authorization
CVSS 5.3
CVE-2024-32682 HIGH
BdThemes Prime Slider - Addons For Elementor <= 3.13.2 - Missing Authorization
CVSS 7.1
CVE-2024-32681 MEDIUM
Prime Slider - Addons For Elementor < 3.13.2 - Missing Authorization
CVSS 4.3
CVE-2024-3600 HIGH
Poll Maker WordPress Plugin <= 5.1.8 - Unauthenticated Stored XSS via ays_poll_maker_quick_start
CVSS 7.2
CVE-2024-32466 LOW
Tolgee < 3.57.2 - Missing Authorization for Translation Data via API Endpoints
CVSS 2.7
CVE-2024-32689 MEDIUM
GenialSouls WP Social Comments <1.7.3 - Info Disclosure
CVSS 4.3
Details
Vulnerabilities 8,391
Exploit Likelihood High