CWE-862

High likelihood

Missing Authorization

Parent: CWE-285 - Improper Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

8,401 vulnerabilities with CWE-862
CVE-2023-6883 MEDIUM
Easy Social Feed < 6.5.2 - Authenticated Unauthorized Data Modification via AJAX Functions
CVSS 4.3
CVE-2023-6158 MEDIUM
EventON WordPress Plugin <=4.5.4 (Pro) & <=2.2.7 (Lite) - Unauthenticated Post Metadata Manipulation
CVSS 6.5
CVE-2023-48247 MEDIUM
Bosch nexo-os 1000-1500-sp2 - Unauthenticated Arbitrary File Read via Crafted HTTP Request
CVSS 5.3
CVE-2023-48245 MEDIUM
Bosch nexo-os 1000-1500-sp2 - Unauthenticated Arbitrary File Upload
CVSS 6.5
CVE-2023-6383 HIGH
Debug Log Manager <2.3.0 - Info Disclosure
CVSS 7.5
CVE-2023-6798 MEDIUM
RSS Aggregator by Feedzy < 4.3.2 - Authenticated Settings Update via Missing Capability Check
CVSS 5.4
CVE-2023-6733 MEDIUM
WP-Members Membership Plugin <= 3.4.8 - Authenticated Sensitive Information Exposure via wpmem_field Shortcode
CVSS 6.5
CVE-2023-7068 MEDIUM
WooCommerce PDF Invoices & Packing Slips <= 4.3.0 - Authenticated Sensitive Data Exposure
CVSS 4.3
CVE-2023-6600 HIGH
OMGF | GDPR/DSGVO Compliant, Faster Google Fonts. Easy. <5.7.9 - XSS
CVSS 8.6
CVE-2023-42358 HIGH
O-RAN Software Community ric-plt-e2mgr - Denial of Service via E2Manager API
CVSS 7.7
CVE-2023-4164 HIGH
Android - Unauthenticated Local Information Disclosure of Health Data
CVSS 8.4
CVE-2023-47458 CRITICAL
bladex springblade < 3.7.0 - Missing Authorization
CVSS 9.8
CVE-2023-5877 CRITICAL
affiliate-toolkit < 3.4.3 - Unauthenticated Server-Side Request Forgery via atkp_imagereceiver.php Endpoint
CVSS 9.8
CVE-2023-52275 LOW
Tecno Camon X CA7 Gallery3d - Unauthenticated Hidden Image Exposure via Private Album Directory
CVSS 2.1
CVE-2023-4468 MEDIUM
Poly Trio 8800 Firmware - Missing Authorization in Poly Lens Management Cloud Registration
CVSS 4.3
CVE-2023-22676 LOW
Advanced Custom Fields < 1.4.12 - Missing Authorization
CVSS 3.1
CVE-2023-49230 HIGH
Peplink Balance Two <8.4.0 - Auth Bypass
CVSS 8.8
CVE-2023-49229 MEDIUM
Peplink Balance Two <8.4.0 - Info Disclosure
CVSS 4.3
CVE-2023-49003 MEDIUM
Simple Mobile Tools Simple Dialer <5.18.1 - Auth Bypass
CVSS 5.3
CVE-2023-51650 HIGH
Hertzbeat < 1.4.1 - Unauthenticated Sensitive Information Disclosure via Spring Boot Permission Misconfiguration
CVSS 7.5
CVE-2023-22674 MEDIUM
Hal Gatewood Dashicons + Custom Post Types < 1.0.2 - Cross-Site Request Forgery
CVSS 5.4
CVE-2023-25715 MEDIUM
GamiPress < 2.5.6 - Missing Authorization Leading to Points Manipulation
CVSS 5.4
CVE-2023-48751 MEDIUM
Roland Barker, xnau webdesign Participants Database <2.5.5 - CSRF
CVSS 4.3
CVE-2023-47754 MEDIUM
Delete Duplicate Posts < 4.8.9 - Missing Authorization
CVSS 4.3
CVE-2023-46212 MEDIUM
WP EXtra < 6.2 - Missing Authorization and Cross-Site Request Forgery
CVSS 6.3
Details
Vulnerabilities 8,401
Exploit Likelihood High