CWE-862

High likelihood

Missing Authorization

Parent: CWE-285 - Improper Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

8,407 vulnerabilities with CWE-862
CVE-2021-4369 MEDIUM
Frontend File Manager <18.2 - Content Injection
CVSS 5.8
CVE-2021-4368 CRITICAL
Frontend File Manager <18.2 - Auth Bypass
CVSS 9.9
CVE-2021-4366 MEDIUM
PWA for WP & AMP <1.7.32 - Auth Bypass
CVSS 6.3
CVE-2021-4364 MEDIUM
JobSearch WP Job Board <1.8.1 - Auth Bypass
CVSS 4.3
CVE-2021-4362 CRITICAL
Kiwis Social Share <2.1.0 - Auth Bypass
CVSS 9.8
CVE-2021-4361 HIGH
JobSearch WP Job Board <1.8.1 - Auth Bypass
CVSS 8.8
CVE-2021-4359 MEDIUM
Frontend File Manager <18.2 - Unauthenticated RCE
CVSS 6.5
CVE-2021-4357 CRITICAL
uListing plugin <1.6.6 - Auth Bypass
CVSS 9.1
CVE-2021-4356 CRITICAL
Frontend File Manager <18.2 - Unauthenticated RCE
CVSS 9.0
CVE-2021-4355 HIGH
Welcart e-Commerce <2.2.7 - Auth Bypass
CVSS 7.5
CVE-2021-4351 MEDIUM
Frontend File Manager <18.2 - Unauthenticated Post Meta Change
CVSS 5.8
CVE-2021-4350 HIGH
Frontend File Manager <18.2 - Unauthenticated XSS
CVSS 7.2
CVE-2021-4348 HIGH
Ultimate GDPR & CCPA <2.4 - Unauthenticated RCE
CVSS 7.5
CVE-2021-4347 CRITICAL
Zorem Advanced Shipment Tracking For Woocommerce < 3.2.6 - Missing Authorization
CVSS 9.9
CVE-2021-4346 CRITICAL
uListing plugin <1.6.6 - Privilege Escalation
CVSS 9.8
CVE-2021-4345 MEDIUM
uListing plugin <1.6.6 - Auth Bypass
CVSS 6.5
CVE-2021-4343 CRITICAL
WordPress <1.6.6 - Unauthenticated Account Creation
CVSS 9.8
CVE-2021-4341 CRITICAL
uListing plugin <1.6.6 - Auth Bypass
CVSS 9.8
CVE-2021-4339 HIGH
uListing plugin <1.6.6 - Auth Bypass
CVSS 7.5
CVE-2021-4338 MEDIUM
WordPress 404-301 <3.0.7 - Auth Bypass
CVSS 6.4
CVE-2021-4331 HIGH
The Plus Addons for Elementor < 2.0.6 and < 4.1.9 - Privilege Escalation via Registration Form Role Selection
CVSS 8.8
CVE-2021-31577 CRITICAL
MediaTek EN7580/EN7528 < tlm7.3.275.0-64 - Unauthenticated Privilege Escalation via Boa
CVSS 9.8
CVE-2021-31576 HIGH
MediaTek EN7580 and EN7528 Firmware < tlm7.3.275.0-64 - Unauthenticated Information Disclosure in Boa
CVSS 7.5
CVE-2021-36225 HIGH
Western Digital My Cloud <OS5 - Privilege Escalation
CVSS 8.8
CVE-2021-45467 CRITICAL
Control Web Panel < 0.9.8.1107 - Unauthenticated API Key Registration via Null Byte Injection
CVSS 9.8
Details
Vulnerabilities 8,407
Exploit Likelihood High