CWE-862

High likelihood

Missing Authorization

Parent: CWE-285 - Improper Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

8,401 vulnerabilities with CWE-862
CVE-2023-51519 MEDIUM
Soliloquy Team Slider <2.7.2 - Info Disclosure
CVSS 4.3
CVE-2023-52199 MEDIUM
Matthias Pfefferle & Automattic ActivityPub <1.0.5 - Info Disclosure
CVSS 6.5
CVE-2023-51498 MEDIUM
WooCommerce Canada Post Shipping <2.8.3 - Info Disclosure
CVSS 5.3
CVE-2023-52183 MEDIUM
WebToffee WordPress Backup & Migration <1.4.3 - Info Disclosure
CVSS 5.4
CVE-2023-52179 MEDIUM
WebCodingPlace Product Expiry for WooCommerce - Info Disclosure
CVSS 5.4
CVE-2023-52217 MEDIUM
WooCommerce Conversion Tracking < 2.0.11 - Missing Authorization
CVSS 4.3
CVE-2023-52186 MEDIUM
WooCommerce Product Vendors <= 2.2.2 - Unauthenticated Missing Authorization
CVSS 5.3
CVE-2023-33922 MEDIUM
Elementor Website Builder <3.13.2 - Info Disclosure
CVSS 4.3
CVE-2023-28775 MEDIUM
Yoast SEO Premium - Info Disclosure
CVSS 5.3
CVE-2023-25799 HIGH
Themeum Tutor LMS <= 2.1.8 - Missing Authorization
CVSS 8.3
CVE-2023-6748 MEDIUM
Custom Field Template <2.6.1 - Info Disclosure
CVSS 4.3
CVE-2023-34003 MEDIUM
WooCommerce Box Office <1.1.51 - Info Disclosure
CVSS 6.5
CVE-2023-31080 HIGH
Unlimited Elements For Elementor <1.5.65 - Info Disclosure
CVSS 8.3
CVE-2023-23640 MEDIUM
MainWP UpdraftPlus Extension <= 4.0.6 - Unauthenticated Arbitrary Plugin Activation
CVSS 5.4
CVE-2023-23639 MEDIUM
MainWP Staging Extension <= 4.0.3 - Unauthenticated Arbitrary Plugin Activation
CVSS 5.4
CVE-2023-52232 MEDIUM
Booster Plus for WooCommerce < 7.1.2 - Authenticated Arbitrary Post/Page Deletion
CVSS 6.5
CVE-2023-52230 MEDIUM
Booster Plus for WooCommerce < 7.1.3 - Authenticated Arbitrary WordPress Option Disclosure
CVSS 6.5
CVE-2023-51494 MEDIUM
WooCommerce Product Vendors <2.2.1 - Info Disclosure
CVSS 5.3
CVE-2023-6491 MEDIUM
Strong Testimonials <3.1.12 - Info Disclosure
CVSS 4.3
CVE-2023-6876 MEDIUM
Clever Fox < 25.2.0 - Authenticated Theme Modification via Missing Capability Check
CVSS 5.4
CVE-2023-6966 HIGH
The Moneytizer <= 9.6.3 - Authenticated Improper Access Control in core_ajax.php
CVSS 8.1
CVE-2023-28494 MEDIUM
CodePeople Contact Form Email <1.3.31 - Functionality Misuse
CVSS 4.3
CVE-2023-28492 MEDIUM
CodePeople CP Multi View Event Calendar <1.4.10 - Info Disclosure
CVSS 4.3
CVE-2023-27460 MEDIUM
CP Contact Form with Paypal <= 1.3.34 - Missing Authorization Leading to Feedback Submission
CVSS 4.3
CVE-2023-27437 LOW
Event Espresso <4.10.44 - Auth Bypass
CVSS 3.7
Details
Vulnerabilities 8,401
Exploit Likelihood High