CWE-862

High likelihood

Missing Authorization

Parent: CWE-285 - Improper Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

8,401 vulnerabilities with CWE-862
CVE-2023-23823 MEDIUM
Clever Widgets Enhanced Text Widget <1.5.8 - RCE
CVSS 4.3
CVE-2023-23814 LOW
CodePeople CP Multi View Event Calendar <1.4.13 - Info Disclosure
CVSS 3.8
CVE-2023-23725 MEDIUM
Chris Baldelomar Shortcodes <3.46 - Info Disclosure
CVSS 4.3
CVE-2023-23716 MEDIUM
Zendesk Support <1.8.4 - Info Disclosure
CVSS 4.3
CVE-2023-23715 MEDIUM
JobBoardWP < 1.2.2 - Unauthenticated Job Removal via IDOR
CVSS 5.2
CVE-2023-22708 MEDIUM
Kraken.io Image Optimizer <2.6.7 - Info Disclosure
CVSS 4.3
CVE-2023-22701 HIGH
Shopfiles Ebook Store <= 5.775 - Missing Authorization
CVSS 7.5
CVE-2023-7294 HIGH
Paytium < 4.3.7 - Authenticated Data Modification via create_mollie_profile
CVSS 7.1
CVE-2023-7293 MEDIUM
Paytium <= 4.3.7 - Authenticated Unauthorized Data Access
CVSS 4.3
CVE-2023-7292 MEDIUM
Paytium: Mollie payment forms & donations < 4.3.7 - Authenticated Notification Dismissal via Missing Capability Check
CVSS 4.3
CVE-2023-7291 HIGH
Paytium < 4.3.7 - Authenticated Data Modification via create_mollie_account
CVSS 7.1
CVE-2023-7290 MEDIUM
Paytium <= 4.3.7 - Authenticated Unauthorized Data Access via check_for_verified_profiles
CVSS 4.3
CVE-2023-7289 MEDIUM
Paytium: Mollie payment forms & donations < 4.3.7 - Authenticated API Key Update via Missing Capability Check
CVSS 5.4
CVE-2023-7288 MEDIUM
Paytium < 4.3.7 - Authenticated Data Modification via update_profile_preference
CVSS 5.4
CVE-2023-7287 MEDIUM
Paytium: Mollie payment forms & donations < 4.3.7 - Authenticated Subscription Cancellation via Missing Capability Check
CVSS 5.4
CVE-2023-39298 HIGH
QNAP QTS and QuTS hero - Missing Authorization
CVSS 7.8
CVE-2023-4730 MEDIUM
LadiApp < 4.3 - Unauthenticated Data Modification via init_endpoint()
CVSS 5.3
CVE-2023-4027 MEDIUM
Radio Player <2.0.73 - Info Disclosure
CVSS 5.3
CVE-2023-4025 MEDIUM
Radio Player <2.0.73 - Info Disclosure
CVSS 5.3
CVE-2023-4024 MEDIUM
Radio Player <2.0.73 - Info Disclosure
CVSS 5.3
CVE-2023-7268 MEDIUM
ArtPlacer Widget < 2.21.1 - Authenticated Arbitrary Widget Deletion
CVSS 6.5
CVE-2023-51375 MEDIUM
WPDeveloper EmbedPress <3.8.3 - Info Disclosure
CVSS 4.3
CVE-2023-3352 MEDIUM
Smush Image Optimization < 3.16.4 - Authenticated Unauthorized Deletion of Resmush List via delete_resmush_list()
CVSS 4.3
CVE-2023-3204 MEDIUM
Materialis <= 1.1.24 - Authenticated Arbitrary Options Update via companion_disable_popup AJAX Action
CVSS 6.5
CVE-2023-39312 CRITICAL
ThemeFusion Avada < 7.11.1 - Authenticated Unrestricted Zip Extraction
CVSS 9.1
Details
Vulnerabilities 8,401
Exploit Likelihood High