CWE-862

High likelihood

Missing Authorization

Parent: CWE-285 - Improper Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

8,394 vulnerabilities with CWE-862
CVE-2024-1124 MEDIUM
EventPrime - Events Calendar - Auth Bypass
CVSS 4.3
CVE-2024-1123 MEDIUM
EventPrime - Events Calendar - Info Disclosure
CVSS 6.5
CVE-2024-2298 MEDIUM
WordPress Affiliate Plugin <3.5.4 - Privilege Escalation
CVSS 4.3
CVE-2024-1851 MEDIUM
affiliate-toolkit < 3.5.4 - Authenticated Missing Authorization in atkp_create_list()
CVSS 6.3
CVE-2024-23230 MEDIUM
macOS < 12.7.4, < 13.6.5, < 14.4 - Unprotected User Data Exposure via File Handling Issue
CVSS 5.5
CVE-2024-28230 MEDIUM
JetBrains YouTrack < 2024.1.25893 - Missing Authorization for Workflow Attachment/Detachment
CVSS 6.5
CVE-2024-1170 HIGH
WordPress UGC <2.8.7 - Info Disclosure
CVSS 8.2
CVE-2024-1169 HIGH
WordPress BuddyForms <2.8.7 - Unauth Media Upload
CVSS 7.5
CVE-2024-28216 MEDIUM
nGrinder < 3.5.9 - Missing Authorization for Webhook Request Results
CVSS 5.4
CVE-2024-28215 HIGH
nGrinder < 3.5.9 - Unauthenticated Webhook Configuration Manipulation
CVSS 7.5
CVE-2024-2216 HIGH
Jenkins docker-build-step Plugin <2.11 - Privilege Escalation
CVSS 8.8
CVE-2024-28159 MEDIUM
Jenkins Subversion Partial Release Manager Plugin <= 1.0.1 - Missing Authorization
CVSS 4.3
CVE-2024-28155 MEDIUM
Jenkins AppSpider Plugin <= 1.0.16 - Missing Authorization in HTTP Endpoints
CVSS 4.3
CVE-2024-1771 MEDIUM
Total < 2.1.60 - Authenticated Unauthorized Data Modification via total_order_sections()
CVSS 4.3
CVE-2024-1381 MEDIUM
Page Builder Sandwich - Info Disclosure
CVSS 6.5
CVE-2024-1285 MEDIUM
Page Builder Sandwich <= 5.1.0 - Authenticated Arbitrary Content Insertion
CVSS 6.5
CVE-2024-1178 MEDIUM
SportsPress <= 2.7.17 - Unauthenticated Permalink Modification
CVSS 5.3
CVE-2024-1095 MEDIUM
Build & Control Block Patterns - Boost up Gutenberg Editor <= 1.3.5.4 - Unauthenticated Settings Export
CVSS 5.3
CVE-2024-1093 MEDIUM
Change Memory Limit <= 1.0 - Unauthenticated Data Modification via admin_logic Function
CVSS 5.3
CVE-2024-20032 MEDIUM
Android - Missing Authorization in aee Leading to Local Privilege Escalation
CVSS 6.7
CVE-2024-1120 MEDIUM
WooCommerce <2.17.0 - Info Disclosure
CVSS 5.3
CVE-2024-27950 MEDIUM
Sirv CDN and Image Hosting Sirv <= 7.2.0 - Missing Authorization
CVSS 5.4
CVE-2024-27906 MEDIUM
Apache Airflow <2.8.2 - Info Disclosure
CVSS 5.9
CVE-2024-23493 MEDIUM
Mattermost < 8.1.9 and 9.4.0-9.4.1 - Missing Authorization for AD/LDAP Group Details
CVSS 4.3
CVE-2024-1982 MEDIUM
WPvivid <0.9.68 - Unauth SQL Injection/DoS
CVSS 6.5
Details
Vulnerabilities 8,394
Exploit Likelihood High