CWE-862

High likelihood

Missing Authorization

Parent: CWE-285 - Improper Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

8,394 vulnerabilities with CWE-862
CVE-2024-23752 CRITICAL
PandasAI through 1.5.17 - Unauthenticated Remote Code Execution via GenerateSDFPipeline
CVSS 9.8
CVE-2024-0679 MEDIUM
ColorMag <3.1.2 - Privilege Escalation
CVSS 6.5
CVE-2024-0238 MEDIUM
EventON < 2.2.8 - Unauthenticated Arbitrary Post Metadata Update via AJAX Action
CVSS 6.1
CVE-2024-0237 MEDIUM
EventON WordPress Plugin < 2.2.7 - Unauthenticated Missing Authorization in AJAX Actions
CVSS 5.3
CVE-2024-0236 MEDIUM
EventON WordPress Plugin < 2.2.7 - Unauthenticated Information Disclosure via AJAX Action
CVSS 5.3
CVE-2024-0235 MEDIUM
EventON WordPress Plugin < 2.2.7 - Unauthenticated Email Address Disclosure via AJAX Action
CVSS 5.3
CVE-2024-0570 HIGH
Totolink N350RT 9.3.5u.6265 - Improper Access Controls
CVSS 7.3
CVE-2024-0569 MEDIUM
Totolink T8 4.1.5cu.833 - Info Disclosure
CVSS 4.3
CVE-2024-0201 MEDIUM
Product Expiry for WooCommerce <= 2.5 - Authenticated Unauthorized Settings Modification via Missing Capability Check
CVSS 5.4
CVE-2023-32959 MEDIUM
WordPress MetroStore theme <= 1.3.2 - Broken Access Control
CVSS 4.3
CVE-2023-25969 MEDIUM
WordPress Contact Form & Lead Form Elementor Builder plugin <= 1.8.4 - Broken Access Control vulnerability
CVSS 5.4
CVE-2023-54327 CRITICAL
Tinycontrol LAN Controller < 1.58a - Unauthenticated Authentication Bypass via /stm.cgi Endpoint
CVSS 9.8
CVE-2023-41656 MEDIUM
wpdive Better Elementor Addons <1.3.7 - Info Disclosure
CVSS 5.4
CVE-2023-40679 MEDIUM
Jewel Theme Master Addons <2.0.5.3 - Info Disclosure
CVSS 6.5
CVE-2023-28619 MEDIUM
bnayawpguy Resoto <1.0.8 - Info Disclosure
CVSS 4.3
CVE-2023-25446 HIGH
HappyFiles Pro < 1.8.1 - Missing Authorization
CVSS 7.7
CVE-2023-25445 MEDIUM
HappyFiles Pro < 1.8.1 - Missing Authorization
CVSS 5.4
CVE-2023-25068 MEDIUM
Mapro Collins Magazine Edge - Info Disclosure
CVSS 4.3
CVE-2023-53923 CRITICAL
UliCMS 2023.1 - Privilege Escalation
CVSS 9.8
CVE-2023-53740 CRITICAL
Screen SFT DAB Series 1.9.3 - Unauthenticated Authentication Bypass via userManager.cgx Endpoint
CVSS 9.8
CVE-2023-23729 MEDIUM
Brainstorm Force Spectra - Info Disclosure
CVSS 5.4
CVE-2023-7317 HIGH
Nagios XI < 2024R1 - Missing Authorization in Web SSH Terminal
CVSS 8.8
CVE-2023-7306 HIGH
WordPress Frontend File Manager Plugin <21.5 - Info Disclosure
CVSS 7.5
CVE-2023-5600 LOW
GitLab 16.0.0-16.3.5, 16.4.0-16.4.1, 16.5.0 - Missing Authorization for Service-Desk Custom Email Template
CVSS 3.1
CVE-2023-26002 MEDIUM
6Storage Rentals <2.19.5 - Info Disclosure
CVSS 4.3
Details
Vulnerabilities 8,394
Exploit Likelihood High