CWE-862

High likelihood

Missing Authorization

Parent: CWE-285 - Improper Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

8,392 vulnerabilities with CWE-862
CVE-2024-25922 MEDIUM
Peach Payments Gateway <3.1.9 - Info Disclosure
CVSS 5.4
CVE-2024-25912 CRITICAL
Skymoonlabs MoveTo <6.2 - Info Disclosure
CVSS 9.8
CVE-2024-25908 MEDIUM
JoomUnited WP Media <5.7.2 - Info Disclosure
CVSS 4.3
CVE-2024-25907 MEDIUM
JoomUnited WP Media <5.7.2 - Info Disclosure
CVSS 5.4
CVE-2024-24883 MEDIUM
BdThemes Prime Slider - Auth Bypass
CVSS 4.3
CVE-2024-24850 MEDIUM
Quicksand Post Filter jQuery Plugin <3.1.1 - Info Disclosure
CVSS 5.3
CVE-2024-31997 CRITICAL
XWiki Platform <4.10.19, 15.5.4, 15.10-rc-1 - RCE
CVSS 9.9
CVE-2024-31987 CRITICAL
XWiki Platform <6.4-4.10.19, 15.5.4, 15.10-rc-1 - RCE
CVSS 9.9
CVE-2024-31983 CRITICAL
XWiki Platform <4.10.20, 15.5.4, 15.10-rc-1 - RCE
CVSS 9.9
CVE-2024-31981 CRITICAL
XWiki Platform <4.10.20, 15.5.4, 15.10-rc-1 - RCE
CVSS 9.9
CVE-2024-31242 MEDIUM
Bricksforge <2.0.17 - Info Disclosure
CVSS 5.3
CVE-2024-31230 MEDIUM
ShortPixel Adaptive Images <3.8.2 - Info Disclosure
CVSS 5.3
CVE-2024-31343 HIGH
Sonaar MP3 Audio Player for Music, Radio & Podcast < 4.10.1 - Unauthenticated Arbitrary File Download
CVSS 7.5
CVE-2024-31342 MEDIUM
WordPress Gallery Exporter <1.4 - Info Disclosure
CVSS 6.5
CVE-2024-31358 HIGH
Saleswonder.Biz 5 Stars Rating Funnel <1.2.67 - Info Disclosure
CVSS 7.5
CVE-2024-31297 HIGH
Wholesale For WooCommerce < 2.3.0 - Unauthenticated Arbitrary Post/Page Creation
CVSS 7.5
CVE-2024-3235 MEDIUM
Essential Grid Gallery WordPress Plugin <3.1.1 - Info Disclosure
CVSS 5.3
CVE-2024-1042 MEDIUM
WP Radio < 3.1.9 - Authenticated Data Modification via AJAX Functions
CVSS 6.4
CVE-2024-1041 MEDIUM
WP Radio < 3.1.9 - Authenticated Stored Cross-Site Scripting via Plugin Settings
CVSS 6.4
CVE-2024-3213 MEDIUM
Relevanssi < 4.22.2 - Unauthenticated Denial of Service via relevanssi_update_counts()
CVSS 5.3
CVE-2024-3097 MEDIUM
NextGEN Gallery <= 3.59 - Unauthenticated Sensitive Data Exposure via get_item Function
CVSS 5.3
CVE-2024-2543 MEDIUM
Permalink Manager Lite <= 2.4.3.1 - Unauthenticated Data Access via Missing Capability Check
CVSS 4.3
CVE-2024-2222 MEDIUM
Advanced Classifieds & Directory Pro <3.0.0 - Info Disclosure
CVSS 4.3
CVE-2024-2033 MEDIUM
Video Conferencing with Zoom plugin <4.4.5 - Info Disclosure
CVSS 4.3
CVE-2024-1991 HIGH
RegistrationMagic - Privilege Escalation
CVSS 8.8
Details
Vulnerabilities 8,392
Exploit Likelihood High