CWE-862

High likelihood

Missing Authorization

Parent: CWE-285 - Improper Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

8,401 vulnerabilities with CWE-862
CVE-2023-50944 MEDIUM
Apache Airflow < 2.8.1 - Authenticated Unauthorized DAG Source Code Access
CVSS 6.5
CVE-2023-48339 MEDIUM
Android - Missing Authorization in JPG Driver
CVSS 4.4
CVE-2023-23896 MEDIUM
MyThemeShop URL Shortener <1.0.17 - Info Disclosure
CVSS 5.4
CVE-2023-23882 MEDIUM
Brainstorm Force Ultimate Addons - Lite <1.5.5 - Info Disclosure
CVSS 4.3
CVE-2023-34379 MEDIUM
MagneticOne Cart2Cart: Magento to WooCommerce Migration < 2.0.0 - Missing Authorization
CVSS 5.4
CVE-2023-48926 MEDIUM
PrestaShop <v2.3.4 - Info Disclosure
CVSS 5.3
CVE-2023-34063 CRITICAL
Aria Automation - Privilege Escalation
CVSS 9.9
CVE-2023-6066 MEDIUM
WP Custom Widget area <1.2.5 - Privilege Escalation
CVSS 4.3
CVE-2023-6048 MEDIUM
Estatik Real Estate Plugin WordPress <4.1.1 - Privilege Escalation
CVSS 6.5
CVE-2023-6029 HIGH
EazyDocs < 2.3.6 - Unauthenticated Missing Authorization and CSRF Checks
CVSS 7.5
CVE-2023-5905 HIGH
DeMomentSomTres Export Posts With Images < 20220825 - Missing Authorization for Blog Data Export
CVSS 8.1
CVE-2023-6955 MEDIUM
GitLab < 16.5.6, 16.6 < 16.6.4, 16.7 < 16.7.2 - Missing Authorization in Remote Development Workspace Creation
CVSS 6.6
CVE-2023-40362 MEDIUM
CentralSquare Click2Gov Building Permit - Unauthenticated Arbitrary Contractor Deletion
CVSS 4.3
CVE-2023-6554 MEDIUM
TCExam < 15.1.0 - Unauthenticated Sensitive Information Exposure via Admin Folder
CVSS 6.5
CVE-2023-7019 MEDIUM
LightStart <= 2.6.8 - Authenticated Data Modification via Missing Capability Check
CVSS 4.3
CVE-2023-6875 CRITICAL
Wordpress POST SMTP Account Takeover
CVSS 9.8
CVE-2023-6855 MEDIUM
Paid Memberships Pro < 2.12.5 - Unauthenticated Membership Level Modification via Incorrect Capability Check
CVSS 5.3
CVE-2023-6751 HIGH
Hostinger < 1.9.7 - Unauthenticated Plugin Settings Update via publish_website Function
CVSS 7.3
CVE-2023-6742 MEDIUM
Envira Gallery < 1.8.7.1 - Authenticated Unauthorized Data Modification via Improper Capability Check
CVSS 4.3
CVE-2023-6638 MEDIUM
GTG Product Feed for Shopping <1.2.4 - Info Disclosure
CVSS 6.5
CVE-2023-6637 MEDIUM
CAOS | Host Google Analytics Locally <4.7.14 - Info Disclosure
CVSS 6.5
CVE-2023-6598 MEDIUM
SpeedyCache <1.1.3 - Info Disclosure
CVSS 4.3
CVE-2023-6504 MEDIUM
User Profile Builder <3.10.7 - Info Disclosure
CVSS 4.3
CVE-2023-6496 MEDIUM
Manage Notification E-mails <= 1.8.5 - Unauthenticated Missing Authorization via card_famne_export_settings
CVSS 5.3
CVE-2023-6369 MEDIUM
Export WP Page to Static HTML/CSS <2.1.9 - Info Disclosure
CVSS 5.4
Details
Vulnerabilities 8,401
Exploit Likelihood High