CWE-862

High likelihood

Missing Authorization

Parent: CWE-285 - Improper Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

8,394 vulnerabilities with CWE-862
CVE-2024-0596 MEDIUM
Awesome Support WordPress Plugin <= 6.1.7 - Authenticated Data Access via editor_html()
CVSS 5.3
CVE-2024-0595 MEDIUM
Awesome Support WordPress Plugin <= 6.1.7 - Unauthorized Data Access
CVSS 4.3
CVE-2024-1122 MEDIUM
Eventin < 3.3.51 - Unauthenticated Data Export via export_data() Function
CVSS 5.3
CVE-2024-24822 MEDIUM
Pimcore <1.3.3 - Privilege Escalation
CVSS 6.5
CVE-2024-1110 MEDIUM
Podlove Podcast Publisher <4.0.11 - Info Disclosure
CVSS 5.3
CVE-2024-1109 MEDIUM
Podlove Podcast Publisher <4.0.11 - Info Disclosure
CVSS 5.3
CVE-2024-1079 MEDIUM
Quiz Maker <= 6.5.2.4 - Unauthenticated Arbitrary Quiz Results Access via ays_show_results()
CVSS 5.3
CVE-2024-1078 MEDIUM
Quiz Maker <= 6.5.2.4 - Authenticated Arbitrary Quiz Creation via Missing Capability Check
CVSS 4.3
CVE-2024-1177 MEDIUM
WP Club Manager < 2.2.10 - Unauthenticated Permalink Structure Modification via Missing Capability Check
CVSS 5.3
CVE-2024-1121 MEDIUM
Advanced Forms for ACF <1.9.3.2 - Info Disclosure
CVSS 5.3
CVE-2024-1092 MEDIUM
RSS Aggregator by Feedzy < 4.4.1 - Authenticated Unauthorized Data Modification via Missing Capability Check
CVSS 4.3
CVE-2024-1072 HIGH
Website Builder by SeedProd < 6.15.21 - Unauthenticated Data Modification via seedprod_lite_new_lpage Function
CVSS 8.2
CVE-2024-0869 HIGH
Instant Images - One Click Image Uploads from Unsplash, Openverse, ...
CVSS 8.8
CVE-2024-0835 MEDIUM
Royal Elementor Kit <1.0.116 - Privilege Escalation
CVSS 4.3
CVE-2024-0797 MEDIUM
WooCommerce <1.0.6.1 - Privilege Escalation
CVSS 4.3
CVE-2024-0791 MEDIUM
Pluginus Wolf - Wordpress Posts Bulk Editor And Products Manager Professional < 1.0.8.1 - Missing Authorization
CVSS 4.3
CVE-2024-0372 MEDIUM
Views for WPForms <= 3.2.2 - Authenticated Unauthorized Data Access via get_form_fields
CVSS 4.3
CVE-2024-0371 MEDIUM
Views for WPForms < 3.2.2 - Authenticated Unauthorized Data Modification via create_view Function
CVSS 4.3
CVE-2024-0370 MEDIUM
Views for WPForms < 3.2.2 - Authenticated Unauthorized Data Modification via Missing Capability Check
CVSS 4.3
CVE-2024-0324 HIGH
User Profile Builder < 3.10.8 - Unauthenticated Two-Factor Authentication Settings Modification
CVSS 8.2
CVE-2024-1047 MEDIUM
ThemeIsle SDK - Unauthenticated Data Modification via register_reference() Missing Capability Check
CVSS 5.3
CVE-2024-0836 MEDIUM
WordPress Review & Structure Data Schema Plugin - Info Disclosure
CVSS 4.3
CVE-2024-23388 MEDIUM
Mercari < 5.78.0 - Missing Authorization in Custom URL Scheme Handler
CVSS 6.1
CVE-2024-21630 MEDIUM
Zulip Server 1.9.0-6.2 - Missing Authorization for Multi-Use Invitation Stream Access
CVSS 4.3
CVE-2024-0617 MEDIUM
Category Discount Woocommerce <4.12 - Info Disclosure
CVSS 5.3
Details
Vulnerabilities 8,394
Exploit Likelihood High