CWE-862

High likelihood

Missing Authorization

Parent: CWE-285 - Improper Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

8,394 vulnerabilities with CWE-862
CVE-2024-1566 MEDIUM
Redirects <= 1.2.1 - Unauthenticated Arbitrary Redirect Modification via Missing Capability Check
CVSS 6.5
CVE-2024-1516 MEDIUM
WP eCommerce < 3.15.1 - Unauthenticated Arbitrary Post Creation via check_for_saas_push()
CVSS 5.3
CVE-2024-1368 MEDIUM
Page Duplicator < 0.1.1 - Unauthenticated Arbitrary Post and Page Duplication via Missing Capability Check
CVSS 5.3
CVE-2024-1136 MEDIUM
WordPress Coming Soon Page & Maintenance Mode <2.2.1 - Info Disclosure
CVSS 5.3
CVE-2024-0766 MEDIUM
Envo's Elementor Templates & Widgets - Info Disclosure
CVSS 4.3
CVE-2024-1388 MEDIUM
Yuki < 1.3.14 - Authenticated Missing Authorization in reset_customizer_options()
CVSS 4.3
CVE-2024-1653 MEDIUM
Categorify <= 1.0.7.4 - Authenticated Unauthorized Data Modification via categorifyAjaxUpdateFolderPosition
CVSS 4.3
CVE-2024-1652 MEDIUM
Categorify <= 1.0.7.4 - Authenticated Data Modification via categorifyAjaxClearCategory Function
CVSS 4.3
CVE-2024-1650 MEDIUM
Categorify <= 1.0.7.4 - Authenticated Category Renaming via Missing Capability Check
CVSS 4.3
CVE-2024-1649 MEDIUM
Categorify <= 1.0.7.4 - Authenticated Category Deletion via Missing Capability Check
CVSS 4.3
CVE-2024-1687 MEDIUM
Thank You Page Customizer for WooCommerce < 1.1.2 - Authenticated Arbitrary Shortcode Execution
CVSS 5.4
CVE-2024-1686 MEDIUM
Thank You Page Customizer for WooCommerce < 1.1.2 - Authenticated Missing Authorization via apply_layout Function
CVSS 4.3
CVE-2024-1710 HIGH
Addon Library <= 1.3.76 - Authenticated Arbitrary File Upload via Missing Capability Check
CVSS 8.8
CVE-2024-1779 MEDIUM
Admin side data storage for Contact Form 7 <= 1.1.1 - Unauthenticated Data Modification via zt_dcfcf_change_status()
CVSS 5.3
CVE-2024-1778 MEDIUM
Admin side data storage for Contact Form 7 <= 1.1.1 - Unauthenticated Data Modification via zt_dcfcf_change_bookmark()
CVSS 4.3
CVE-2024-1053 MEDIUM
Event Tickets and Registration <= 5.8.1 - Authenticated Unauthorized Data Access via Email Action
CVSS 4.3
CVE-2024-26138 MEDIUM
XWiki Licensor Application < 1.24.2 - Unauthenticated Information Disclosure via LicenseJSON Document
CVSS 5.3
CVE-2024-0593 MEDIUM
Simple Job Board <2.10.8 - Info Disclosure
CVSS 5.3
CVE-2024-1562 MEDIUM
WooCommerce Google Sheet Connector < 1.3.11 - Unauthenticated Plugin Settings Modification
CVSS 5.3
CVE-2024-1108 MEDIUM
WordPress Plugin Groups <2.0.6 - Info Disclosure
CVSS 6.5
CVE-2024-0038 HIGH
Android - Missing Authorization in AccessibilityManagerService Input Event Injection
CVSS 7.8
CVE-2024-0037 LOW
Android - Missing Authorization in SaveUi.java
CVSS 3.3
CVE-2024-25643 MEDIUM
SAP Fiori My Overtime Request 605 - Authenticated Missing Authorization
CVSS 4.3
CVE-2024-24741 MEDIUM
SAP Master Data Governance - Privilege Escalation
CVSS 4.3
CVE-2024-24739 MEDIUM
SAP Bank Account Management - Authenticated Privilege Escalation
CVSS 6.3
Details
Vulnerabilities 8,394
Exploit Likelihood High