CWE-862

High likelihood

Missing Authorization

Parent: CWE-285 - Improper Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

8,401 vulnerabilities with CWE-862
CVE-2023-21340 MEDIUM
Android < 14.0 - Unauthenticated Local Information Disclosure via Telecomm Call State
CVSS 5.5
CVE-2023-21329 MEDIUM
Android < 14.0 - Unauthenticated Local Information Disclosure via Activity Manager
CVSS 5.5
CVE-2023-21328 HIGH
Android < 14.0 - Missing Authorization in Package Installer
CVSS 7.8
CVE-2023-21321 MEDIUM
Android < 14.0 - Unauthenticated Cross-User Settings Disclosure via Package Manager
CVSS 5.5
CVE-2023-21313 HIGH
Android < 14.0 - Unauthenticated Local Privilege Escalation via Call Forwarding
CVSS 7.8
CVE-2023-21294 MEDIUM
Android < 14.0 - Unauthenticated Installed Package Information Disclosure via Slice
CVSS 5.5
CVE-2023-5251 MEDIUM
Grid Plus < 1.3.2 - Authenticated Arbitrary Grid Layout Modification via Missing Capability Check
CVSS 5.4
CVE-2023-5426 HIGH
Post Meta Data Manager <1.2.0 - Info Disclosure
CVSS 7.5
CVE-2023-5425 HIGH
Post Meta Data Manager <1.2.0 - Privilege Escalation
CVSS 8.8
CVE-2023-30969 HIGH
Palantir Tiles < 4.326.0 - Unauthenticated Improper Access Control
CVSS 8.2
CVE-2023-5311 HIGH
WP EXtra < 6.3 - Authenticated .htaccess Modification and Remote Code Execution via register() Function
CVSS 8.8
CVE-2023-4606 HIGH
Lenovo ThinkAgile HX Series Firmware - Authenticated Missing Authorization via Crafted API Command
CVSS 8.1
CVE-2023-46652 MEDIUM
Jenkins lambdatest-automation <1.20.9 - Info Disclosure
CVSS 4.3
CVE-2023-43488 HIGH
System Property - Privilege Escalation
CVSS 7.9
CVE-2023-37910 HIGH
XWiki 14.0-14.4.7 - Missing Authorization for Attachment Move
CVSS 8.1
CVE-2023-5132 HIGH
Soisy Pagamento Rateale <6.0.1 - Info Disclosure
CVSS 7.5
CVE-2023-5533 MEDIUM
WPBot AI ChatBot <=4.8.9/4.9.2 - Unauthenticated Authorization Bypass via AJAX
CVSS 5.3
CVE-2023-4941 MEDIUM
BEAR - Bulk Editor and Products Manager Professional for WooCommerce <= 1.1.3.3 - Authenticated Missing Authorization
CVSS 4.3
CVE-2023-4668 MEDIUM
Ad Inserter < 2.7.31 - Unauthenticated Sensitive Information Exposure via ai-debug-processing-fe URL Parameter
CVSS 5.3
CVE-2023-3998 MEDIUM
wpDiscuz <= 7.6.3 - Unauthenticated Data Modification via userRate Function
CVSS 5.3
CVE-2023-3869 MEDIUM
wpDiscuz <= 7.6.3 - Unauthenticated Comment Rating Manipulation via voteOnComment Function
CVSS 5.3
CVE-2023-4947 MEDIUM
WooCommerce EAN Payment Gateway < 6.1.0 - Authenticated Data Modification via refresh_order_ean_data AJAX Action
CVSS 4.3
CVE-2023-4943 MEDIUM
BEAR - Bulk Editor and Products Manager Professional for WooCommerce <= 1.1.3.3 - Missing Authorization
CVSS 4.3
CVE-2023-27792 HIGH
Ixpdata Easyinstall - Missing Authorization
CVSS 7.8
CVE-2023-4645 MEDIUM
Ad Inserter for WordPress <2.7.30 - Info Disclosure
CVSS 5.3
Details
Vulnerabilities 8,401
Exploit Likelihood High