CWE-862

High likelihood

Missing Authorization

Parent: CWE-285 - Improper Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

8,394 vulnerabilities with CWE-862
CVE-2024-1492 MEDIUM
WPify Woo Czech <= 4.0.8 - Unauthenticated Unauthorized Data Access via maybe_send_to_packeta Function
CVSS 5.3
CVE-2024-1390 MEDIUM
Paid Membership Subscriptions < 2.11.1 - Authenticated Data Modification via creating_pricing_table_page
CVSS 4.3
CVE-2024-1389 MEDIUM
Paid Membership Subscriptions < 2.11.1 - Unauthenticated Stripe Payment Key Modification via Missing Capability Check
CVSS 5.3
CVE-2024-1340 MEDIUM
Login Lockdown - Protect Login Form < 2.09 - Authenticated Unauthorized Data Access via generate_export_file Function
CVSS 5.4
CVE-2024-1337 MEDIUM
SKT Page Builder <= 4.1 - Authenticated Arbitrary Content Injection via saveSktbuilderPageData
CVSS 4.3
CVE-2024-1322 MEDIUM
Directorist < 7.8.5 - Unauthenticated Data Modification via Missing Capability Check
CVSS 5.3
CVE-2024-1318 MEDIUM
RSS Aggregator by Feedzy < 4.4.2 - Authenticated Arbitrary Post Creation via Missing Capability Check
CVSS 6.5
CVE-2024-1288 MEDIUM
Schema & Structured Data for WP & AMP <1.27 - Privilege Escalation
CVSS 4.3
CVE-2024-1218 MEDIUM
Kali Forms <2.3.41 - Privilege Escalation
CVSS 4.3
CVE-2024-1217 HIGH
Kali Forms <2.3.41 - Privilege Escalation
CVSS 7.6
CVE-2024-1133 MEDIUM
Tutor LMS - WordPress <2.6.0 - Info Disclosure
CVSS 4.3
CVE-2024-1130 MEDIUM
NEX-Forms < 8.5.6 - Authenticated Missing Authorization in set_read() Function
CVSS 5.3
CVE-2024-1129 MEDIUM
NEX-Forms < 8.5.6 - Authenticated Missing Authorization in set_starred() Function
CVSS 5.3
CVE-2024-1091 MEDIUM
ImageRecycle pdf & image compression <= 3.1.13 - Authenticated Data Modification via Missing Capability Check
CVSS 4.3
CVE-2024-1090 MEDIUM
ImageRecycle pdf & image compression <= 3.1.13 - Authenticated Data Modification via stopOptimizeAll Function
CVSS 4.3
CVE-2024-1089 MEDIUM
ImageRecycle pdf & image compression <= 3.1.13 - Authenticated Unauthorized Data Modification via optimizeAllOn Function
CVSS 4.3
CVE-2024-1044 MEDIUM
Customer Reviews for WooCommerce <= 5.38.12 - Unauthenticated Arbitrary Review Submission via Missing Capability Check
CVSS 5.3
CVE-2024-1043 MEDIUM
Ampforwp Accelerated Mobile Pages < 1.0.93.2 - Missing Authorization
CVSS 6.5
CVE-2024-0984 MEDIUM
ImageRecycle <3.1.13 - Info Disclosure
CVSS 4.3
CVE-2024-0983 MEDIUM
ImageRecycle <3.1.13 - Info Disclosure
CVSS 4.3
CVE-2024-0907 MEDIUM
NEX-Forms < 8.5.6 - Authenticated Unauthorized Record Restoration via restore_records()
CVSS 5.3
CVE-2024-0702 HIGH
Oliver POS - WooCommerce Point of Sale <2.4.1.8 - Privilege Escalation
CVSS 7.3
CVE-2024-0516 MEDIUM
Royal Elementor Addons & Templates <1.3.87 - Info Disclosure
CVSS 5.3
CVE-2024-1861 MEDIUM
Anti Hacker Scan <= 4.52 - Authenticated Data Modification
CVSS 4.3
CVE-2024-1860 MEDIUM
Anti Hacker Scan <= 4.51 - Unauthenticated Data Modification
CVSS 6.5
Details
Vulnerabilities 8,394
Exploit Likelihood High