CWE-862

High likelihood

Missing Authorization

Parent: CWE-285 - Improper Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

8,392 vulnerabilities with CWE-862
CVE-2024-1732 MEDIUM
Sharkdropship AliExpress Dropshipping - Info Disclosure
CVSS 5.3
CVE-2024-31099 MEDIUM
Shortcodes and extra features for Phlox theme < 2.15.7 - Missing Authorization
CVSS 6.4
CVE-2024-2086 CRITICAL
WordPress Integrate Google Drive - Info Disclosure
CVSS 10.0
CVE-2024-30463 MEDIUM
BEAR < 1.1.4.3 - Missing Authorization
CVSS 4.3
CVE-2024-30477 MEDIUM
Klarna Payments for WooCommerce < 3.2.4 - Missing Authorization
CVSS 5.3
CVE-2024-30469 MEDIUM
Wholesale For WooCommerce < 2.3.0 - Unauthenticated Exposure of Sensitive Information
CVSS 5.3
CVE-2024-30508 MEDIUM
ThimPress WP Hotel Booking <= 2.0.9.2 - Missing Authorization
CVSS 6.5
CVE-2024-30505 MEDIUM
Church Admin <= 4.1.18 - Missing Authorization
CVSS 6.5
CVE-2024-30487 HIGH
Sonaar MP3 Audio Player for Music, Radio & Podcast < 5.1 - Missing Authorization
CVSS 7.6
CVE-2024-2848 HIGH
Responsive theme <5.0.2 - Info Disclosure
CVSS 7.5
CVE-2024-2476 MEDIUM
OceanWP <= 3.5.4 - Authenticated Sensitive Data Exposure via load_theme_panel_pane Function
CVSS 4.3
CVE-2024-2844 MEDIUM
Easy Appointments <= 3.11.18 - Unauthenticated Data Modification via ajax_cancel_appointment()
CVSS 4.3
CVE-2024-29241 CRITICAL
Synology Surveillance Station < 9.2.0-9289 - Authenticated Missing Authorization in System WebAPI
CVSS 9.9
CVE-2024-29240 MEDIUM
Synology Surveillance Station <9.2.0-11289,9.2.0-9289 - DoS
CVSS 4.3
CVE-2024-29229 HIGH
Synology Surveillance Station < 9.2.0-9289 - Authenticated Information Disclosure via GetLiveViewPath WebAPI
CVSS 7.7
CVE-2024-29228 HIGH
Synology Surveillance Station < 9.2.0-9289 - Authenticated Information Disclosure via GetStmUrlPath WebAPI
CVSS 7.7
CVE-2024-28004 MEDIUM
ExtendThemes Colibri Page Builder <= 1.0.248 - Missing Authorization
CVSS 5.4
CVE-2024-28003 MEDIUM
Max Mega Menu <3.3 - Info Disclosure
CVSS 5.4
CVE-2024-2962 MEDIUM
The Networker - Tech News WordPress Theme <1.1.9 - Info Disclosure
CVSS 5.3
CVE-2024-30235 MEDIUM
Themeisle Multiple Page Generator Plugin - MPG <= 3.4.0 - Missing Authorization
CVSS 4.3
CVE-2024-30234 MEDIUM
WholesaleX <1.3.1 - Info Disclosure
CVSS 6.5
CVE-2024-2906 MEDIUM
SoftLab Radio Player <2.0.73 - Info Disclosure
CVSS 6.5
CVE-2024-22156 MEDIUM
SalesKing <1.6.15 - Info Disclosure
CVSS 6.5
CVE-2024-24799 MEDIUM
WooCommerce Box Office <1.2.2 - Info Disclosure
CVSS 6.5
CVE-2024-24719 MEDIUM
Uriahs Victor Location Picker <1.8.9 - Info Disclosure
CVSS 4.3
Details
Vulnerabilities 8,392
Exploit Likelihood High