CWE-862

High likelihood

Missing Authorization

Parent: CWE-285 - Improper Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

8,392 vulnerabilities with CWE-862
CVE-2024-24718 MEDIUM
PropertyHive <2.0.6 - Info Disclosure
CVSS 4.3
CVE-2024-24711 MEDIUM
WooCommerce Conversion Tracking <2.0.11 - Info Disclosure
CVSS 4.3
CVE-2024-23520 MEDIUM
AccessAlly PopupAlly <= 2.1.0 - Missing Authorization
CVSS 4.3
CVE-2024-24805 MEDIUM
WP Dummy Content Generator <3.1.2 - Info Disclosure
CVSS 5.3
CVE-2024-24840 MEDIUM
BdThemes Element Pack <5.4.11 - Info Disclosure
CVSS 4.3
CVE-2024-24835 MEDIUM
BEAR < 1.1.4 - Missing Authorization
CVSS 4.3
CVE-2024-24832 HIGH
Metagauss EventPrime <3.3.9 - Info Disclosure
CVSS 8.2
CVE-2024-27190 MEDIUM
Jean-David Daviet Download Media <1.4.2 - Info Disclosure
CVSS 4.3
CVE-2024-1502 MEDIUM
Tutor LMS < 2.6.1 - Authenticated Arbitrary Post Deletion via Missing Capability Check
CVSS 5.4
CVE-2024-2702 HIGH
Olive One Click Demo Import < 1.1.1 - Unauthenticated Missing Authorization leading to XSS
CVSS 8.2
CVE-2024-1844 MEDIUM
RevivePress <= 1.5.6 - Authenticated Unauthorized Data Access/Modification via import_data/copy_data
CVSS 4.3
CVE-2024-1181 MEDIUM
Coming Soon, Under Construction & Maintenance Mode By Dazzler <2.1....
CVSS 5.3
CVE-2024-1119 MEDIUM
Order Tip for WooCommerce <1.3.1 - Info Disclosure
CVSS 5.3
CVE-2024-2538 MEDIUM
Permalink Manager Lite <= 2.4.3.1 - Authenticated Arbitrary Permalink Modification via Missing Capability Check
CVSS 5.4
CVE-2024-1995 MEDIUM
Smart Custom Fields <= 4.2.2 - Authenticated Unauthorized Data Access via relational_posts_search()
CVSS 4.3
CVE-2024-0780 HIGH
WordPress plugin <6.2.2 - Privilege Escalation
CVSS 8.8
CVE-2024-22257 HIGH
Spring Security <5.7.12-<6.1.8 - Privilege Escalation
CVSS 8.2
CVE-2024-1857 MEDIUM
The Ultimate Gift Cards for WooCommerce - Info Disclosure
CVSS 5.3
CVE-2024-1733 MEDIUM
Word Replacer Pro <= 1.0 - Unauthenticated Arbitrary Content Modification via word_replacer_ultra() Function
CVSS 5.3
CVE-2024-23944 MEDIUM
Apache ZooKeeper 3.6.0-3.7.1 and 3.8.0-3.8.3 - Information Disclosure via Persistent Watcher ACL Bypass
CVSS 5.3
CVE-2024-27953 MEDIUM
Cool Plugins Cryptocurrency Widgets - Price Ticker & Coins List < 2.6.8 - Missing Authorization
CVSS 4.7
CVE-2024-1862 HIGH
WooCommerce Add to Cart Custom Redirect <= 1.2.13 - Authenticated Arbitrary Site Option Modification
CVSS 8.1
CVE-2024-1843 MEDIUM
Auto Affiliate Links <= 6.4.3 - Authenticated Arbitrary Link Injection via aalAddLink Function
CVSS 4.3
CVE-2024-1763 MEDIUM
Wp Social Login and Register Social Counter <= 3.0.0 - Unauthenticated Data Modification via REST API Endpoint
CVSS 6.5
CVE-2024-1690 MEDIUM
TeraWallet < 1.4.11 - Authenticated Unauthorized Data Access via terawallet_export_user_search
CVSS 4.3
Details
Vulnerabilities 8,392
Exploit Likelihood High