CWE-862

High likelihood

Missing Authorization

Parent: CWE-285 - Improper Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

8,407 vulnerabilities with CWE-862
CVE-2022-22108 MEDIUM
Daybyday CRM <2.2.0 - Info Disclosure
CVSS 4.3
CVE-2022-22107 MEDIUM
Daybyday CRM <2.2.0 - Info Disclosure
CVSS 4.3
CVE-2021-47932 CRITICAL
WordPress TheCartPress 1.5.3.6 Privilege Escalation Unauthenticated
CVSS 9.8
CVE-2021-47812 CRITICAL
GravCMS 1.10.7 - Unauthenticated Arbitrary YAML Write and PHP Execution via Scheduler Endpoint
CVSS 9.8
CVE-2021-47701 HIGH
OpenBMCS 2.4 - Privilege Escalation via User Permissions Update Script
CVSS 8.8
CVE-2021-47662 HIGH
Franka Emika Robot - Denial of Service via Unauthorized Shutdown
CVSS 7.5
CVE-2021-3987 MEDIUM
calibre-web < 0.6.15 - Improper Access Control in Shelf Creation
CVSS 4.3
CVE-2021-4448 HIGH
Kaswara Modern VC Addons <= 3.0.1 - Unauthenticated Authorization Bypass via AJAX Actions
CVSS 7.3
CVE-2021-4447 HIGH
Essential Addons for Elementor < 4.6.4 - Privilege Escalation via Registration Form Role Manipulation
CVSS 8.8
CVE-2021-4446 MEDIUM
Essential Addons for Elementor <= 4.6.4 - Authenticated Authorization Bypass via Missing Capability Checks
CVSS 6.3
CVE-2021-4445 MEDIUM
Premium Addons for Elementor < 4.5.1 - Authenticated Arbitrary Option Update via pa_dismiss_admin_notice AJAX Action
CVSS 6.5
CVE-2021-4444 HIGH
Product Filter by WooBeWoo <1.4.9 - Auth Bypass
CVSS 7.3
CVE-2021-35001 MEDIUM
BMC Track-It! - Authenticated Information Disclosure via GetData Endpoint
CVSS 6.5
CVE-2021-39810 HIGH
Android - Missing Authorization in CardEmulationManager
CVSS 7.8
CVE-2021-4353 MEDIUM
WooCommerce Dynamic Pricing & Discounts <2.4.1 - Info Disclosure
CVSS 5.3
CVE-2021-4388 MEDIUM
Opal Estate <= 1.6.11 - Unauthenticated Featured Property Modification via Missing Authorization
CVSS 4.3
CVE-2021-4379 MEDIUM
WooCommerce Multi Currency <2.1.17 - Auth Bypass
CVSS 6.5
CVE-2021-4337 HIGH
Sixteen XforWooCommerce Add-On Plugins - Auth Bypass
CVSS 8.8
CVE-2021-4383 HIGH
WP Quick FrontEnd Editor < 5.5 - Authenticated Page Content Injection via Missing Capability Checks
CVSS 8.1
CVE-2021-4381 CRITICAL
uListing < 1.7 - Unauthenticated Authorization Bypass via wp_route
CVSS 9.8
CVE-2021-4376 MEDIUM
WooCommerce Multi Currency <2.1.17 - Auth Bypass
CVSS 4.3
CVE-2021-4375 MEDIUM
Welcart e-Commerce <2.2.7 - Auth Bypass
CVSS 4.3
CVE-2021-4374 CRITICAL
WordPress Automatic <3.53.2 - Info Disclosure
CVSS 9.1
CVE-2021-4371 MEDIUM
WP Quick FrontEnd Editor <5.5 - Privilege Escalation
CVSS 4.3
CVE-2021-4370 CRITICAL
uListing <= 1.6.6 - Unauthenticated Authorization Bypass via Missing Security Nonces
CVSS 9.8
Details
Vulnerabilities 8,407
Exploit Likelihood High