CWE-862

High likelihood

Missing Authorization

Parent: CWE-285 - Improper Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

8,403 vulnerabilities with CWE-862
CVE-2022-40673 HIGH
KDiskMark < 3.1.0 - Unauthenticated Missing Authorization via D-Bus Helper Methods
CVSS 7.8
CVE-2022-39119 HIGH
Android - Missing Authorization Leading to Local Privilege Escalation
CVSS 7.8
CVE-2022-36856 MEDIUM
Android Telecom - Unauthenticated Emergency Call Initiation via Improper Access Control
CVSS 4.0
CVE-2022-36091 HIGH
XWiki Platform <14.2 - Info Disclosure
CVSS 7.5
CVE-2022-31167 HIGH
XWiki Platform <12.10.11, 13.4.6 - Info Disclosure
CVSS 7.1
CVE-2022-2461 MEDIUM
Transposh WordPress Translation <= 1.0.9.6 - Unauthenticated Setting Change via tp_translation AJAX Action
CVSS 5.3
CVE-2022-38367 MEDIUM
Netic User Export <2.0.6 - Info Disclosure
CVSS 5.3
CVE-2022-2657 MEDIUM
Multivendor Marketplace Solution <3.8.12 - CSRF
CVSS 4.3
CVE-2022-2543 MEDIUM
Visual Portfolio, Photo Gallery & Post Grid WP <2.18.0 - CSRF
CVSS 6.1
CVE-2022-2376 MEDIUM
Directorist WP <7.3.1 - Info Disclosure
CVSS 5.3
CVE-2022-38370 HIGH
Apache IoTDB grafana-connector <0.13.1 - Info Disclosure
CVSS 7.5
CVE-2022-36642 CRITICAL
Omnia MPX Node Firmware < 1.5.0 - Unauthenticated Local File Disclosure via /appConfig/userDB.json
CVSS 9.8
CVE-2022-2373 MEDIUM
Simply Schedule Appointments WP <1.5.7.7 - Info Disclosure
CVSS 5.3
CVE-2022-36226 HIGH
SiteServerCMS < 5.0.0 - Remote Code Execution via ajaxOtherService.aspx
CVSS 7.2
CVE-2022-32769 MEDIUM
WWBN AVideo 11.6 and dev master commit 3f7c0364 - Authenticated Authentication Bypass via Playlists Plugin ID Handling
CVSS 5.0
CVE-2022-32768 MEDIUM
WWBN AVideo 11.6 and dev master commit 3f7c0364 - Authentication Bypass via Live Schedules Plugin ID Guessing
CVSS 4.2
CVE-2022-2552 MEDIUM
Duplicator < 1.4.7.1 - Information Disclosure
CVSS 5.3
CVE-2022-2389 MEDIUM
funnelkit_automations < 2.1.2 - Authenticated Missing Authorization via AJAX Action
CVSS 4.3
CVE-2022-2382 MEDIUM
WooCommerce Product Slider <2.5.7 - CSRF
CVSS 4.3
CVE-2022-2377 MEDIUM
Directorist < 7.3.0 - Authenticated Arbitrary Email Sending via AJAX Action
CVSS 4.3
CVE-2022-2276 MEDIUM
WP Edit Menu < 1.5.0 - Unauthenticated Arbitrary Post Deletion via AJAX Action
CVSS 4.3
CVE-2022-25810 MEDIUM
Transposh WordPress Translation < 1.0.8 - Missing Authorization in Utilities Tab
CVSS 6.5
CVE-2022-2841 LOW
CrowdStrike Falcon <6.31.14505.0/6.42.15610/6.44.15806 - Auth Bypass
CVSS 2.7
CVE-2022-36024 HIGH
py-cord <2.0.1 - DoS
CVSS 7.5
CVE-2022-2846 MEDIUM
Calendar Event Multi View WP <1.4.07 - XSS
CVSS 4.3
Details
Vulnerabilities 8,403
Exploit Likelihood High