CWE-862

High likelihood

Missing Authorization

Parent: CWE-285 - Improper Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

8,411 vulnerabilities with CWE-862
CVE-2020-36840 HIGH
MotoPress plugin <2.3.8 - Auth Bypass
CVSS 7.3
CVE-2020-36837 CRITICAL
ThemeGrill Demo Importer <1.6.1 - Auth Bypass
CVSS 9.9
CVE-2020-36835 MEDIUM
WPvivid Migration, Backup, Staging < 0.9.36 - Authenticated Sensitive Information Disclosure
CVSS 4.9
CVE-2020-36834 MEDIUM
Discount Rules for WooCommerce <2.0.2 - Auth Bypass
CVSS 6.3
CVE-2020-36833 MEDIUM
Indeed Membership Pro <8.6 - Auth Bypass
CVSS 6.3
CVE-2020-36831 MEDIUM
NextScripts: Social Networks Auto-Poster <4.3.17 - Auth Bypass
CVSS 5.0
CVE-2020-36698 HIGH
Security & Malware scan by CleanTalk < 2.51 - Authenticated Unauthorized File Upload and Deletion via AJAX Actions
CVSS 8.8
CVE-2020-23793 HIGH
Redhat VDI <0.14.0-6.el7_6.1.x86_64 - Privilege Escalation
CVSS 8.6
CVE-2020-36730 HIGH
CMP by NiteoThemes <= 3.8.1 - Unauthenticated Authorization Bypass
CVSS 8.3
CVE-2020-36729 MEDIUM
2J-SlideShow Plugin <1.3.31 - Auth Bypass
CVSS 5.4
CVE-2020-36725 HIGH
TI WooCommerce Wishlist/TI WooCommerce Wishlist Pro <1.21.11/1.21.4...
CVSS 8.8
CVE-2020-36721 MEDIUM
WordPress Themes - Plugin Activation/Deactivation
CVSS 6.5
CVE-2020-36720 HIGH
Kali Forms < 2.1.1 - Authenticated Options Change via update_option
CVSS 7.1
CVE-2020-36719 CRITICAL
ListingPro - WordPress Directory & Listing Theme <2.6.1 - Command I...
CVSS 9.8
CVE-2020-36716 HIGH
WP Activity Log <4.0.1 - Auth Bypass
CVSS 7.3
CVE-2020-36715 HIGH
Login/Signup Popup <1.4 - Auth Bypass
CVSS 7.4
CVE-2020-36712 HIGH
Kali Forms <2.1.1 - Unauthenticated RCE
CVSS 8.6
CVE-2020-36702 MEDIUM
Ultimate Addons for Gutenberg <1.14.7 - Auth Bypass
CVSS 5.5
CVE-2020-36699 MEDIUM
Quick Page/Post Redirect Plugin <5.1.9 - Auth Bypass
CVSS 4.3
CVE-2020-36697 HIGH
WP GDPR <= 2.1.1 - Unauthenticated Authorization Bypass via Missing Capability Check
CVSS 7.3
CVE-2020-36696 HIGH
Product Input Fields for WooCommerce <= 1.2.6 - Unauthenticated Authorization Bypass via handle_downloads()
CVSS 7.5
CVE-2020-9009 LOW
ShipStation.com plugin for CS-Cart < 1.1 - Unauthenticated Database Manipulation via shipnotify Endpoint
CVSS 3.7
CVE-2020-36670 MEDIUM
NEX-Forms WordPress <7.7.1 - Info Disclosure
CVSS 6.3
CVE-2020-36667 MEDIUM
JetBackup - WP Backup <1.4.1 - Privilege Escalation
CVSS 5.4
CVE-2020-22007 MEDIUM
OKER G955V1 v1.03.02.20161128 - OS Command Injection via Boot Sequence Interruption
CVSS 6.8
Details
Vulnerabilities 8,411
Exploit Likelihood High