CWE-862— Missing Authorization
7,606 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-862page 33 of 153
- CVE-2022-44439MEDIUMCVSS 5.5EG 5.52023-01-04
In messaging service, there is a missing permission check. This could lead to local denial of service in contacts service with no additional execution privileges needed.
- CVE-2022-44549HIGHCVSS 7.5EG 7.52022-11-09
The LBS module has a vulnerability in geofencing API access. Successful exploitation of this vulnerability may cause third-party apps to access the geofencing APIs without authorization, affecting user confidentiality.
- CVE-2022-44578MEDIUMCVSS 5.3EG 5.32024-12-13
Missing Authorization vulnerability in Pierre JEHAN Owl Carousel allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Owl Carousel: from n/a through 0.5.3.
- CVE-2022-44584CRITICALCVSS 9.1EG 9.12022-11-18
Unauth. Arbitrary File Deletion vulnerability in WatchTowerHQ plugin <= 3.6.15 on WordPress.
- CVE-2022-44626MEDIUMCVSS 6.3EG 6.32024-03-25
Missing Authorization vulnerability in Squirrly SEO Plugin by Squirrly SEO.This issue affects SEO Plugin by Squirrly SEO: from n/a through 12.1.20.
- CVE-2022-44633MEDIUMCVSS 6.5EG 6.52024-04-11
Missing Authorization vulnerability in YITH YITH WooCommerce Gift Cards Premium.This issue affects YITH WooCommerce Gift Cards Premium: from n/a through 3.23.1.
- CVE-2022-4501HIGHCVSS 7.1EG 6.52022-12-14
The Mega Addons plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the vc_saving_data function in versions up to, and including, 4.3.0. This makes it possible for authenticated attackers, with s…
- CVE-2022-45070MEDIUMCVSS 5.3EG 5.32024-05-17
Missing Authorization vulnerability in FmeAddons Conditional Checkout Fields for WooCommerce.This issue affects Conditional Checkout Fields for WooCommerce: from n/a through 1.2.3.
- CVE-2022-45349MEDIUMCVSS 4.3EG 4.32024-03-25
Missing Authorization vulnerability in Muffingroup Betheme.This issue affects Betheme: from n/a through 26.6.1.
- CVE-2022-45351MEDIUMCVSS 5.4EG 5.42024-03-25
Missing Authorization vulnerability in Muffingroup Betheme.This issue affects Betheme: from n/a through 26.6.1.
- CVE-2022-45352MEDIUMCVSS 5.4EG 5.42024-03-25
Missing Authorization vulnerability in Muffingroup Betheme.This issue affects Betheme: from n/a through 26.6.1.
- CVE-2022-45356MEDIUMCVSS 5.4EG 5.42024-03-25
Missing Authorization vulnerability in Muffingroup Betheme.This issue affects Betheme: from n/a through 26.6.1.
- CVE-2022-45385HIGHCVSS 7.5EG 7.52022-11-15
A missing permission check in Jenkins CloudBees Docker Hub/Registry Notification Plugin 2.6.2 and earlier allows unauthenticated attackers to trigger builds of jobs corresponding to the attacker-specified repository.
- CVE-2022-45389MEDIUMCVSS 5.3EG 5.32022-11-15
A missing permission check in Jenkins XP-Dev Plugin 1.0 and earlier allows unauthenticated attackers to trigger builds of jobs corresponding to an attacker-specified repository.
- CVE-2022-45390MEDIUMCVSS 4.3EG 4.32022-11-15
A missing permission check in Jenkins loader.io Plugin 1.0.1 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.
- CVE-2022-45394MEDIUMCVSS 4.3EG 4.32022-11-15
A missing permission check in Jenkins Delete log Plugin 1.0 and earlier allows attackers with Item/Read permission to delete build logs.
- CVE-2022-45399MEDIUMCVSS 4.3EG 4.32022-11-15
A missing permission check in Jenkins Cluster Statistics Plugin 0.4.6 and earlier allows attackers to delete recorded Jenkins Cluster Statistics.
- CVE-2022-45410MEDIUMCVSS 6.5EG 6.52022-12-22
When a ServiceWorker intercepted a request with <code>FetchEvent</code>, the origin of the request was lost after the ServiceWorker took ownership of it. This had the effect of negating SameSite cookie protections. This was addressed in th…
- CVE-2022-4555MEDIUMCVSS 6.5EG 5.32022-12-16
The WP Shamsi plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the deactivate() function hooked via init() in versions up to, and including, 4.1.0. This makes it possible for unauthenticated a…
- CVE-2022-45636HIGHCVSS 8.1EG 8.12023-03-21
An issue discovered in MEGAFEIS, BOFEI DBD+ Application for IOS & Android v1.4.4 allows attacker to unlock model(s) without authorization via arbitrary API requests.
- CVE-2022-45803MEDIUMCVSS 6.5EG 6.52024-06-21
Missing Authorization vulnerability in Nikolay Strikhar WordPress Form Builder Plugin – Gutenberg Forms.This issue affects WordPress Form Builder Plugin – Gutenberg Forms: from n/a through 2.2.8.3.
- CVE-2022-45806MEDIUMCVSS 4.3EG 4.32024-12-13
Missing Authorization vulnerability in Strategy11 Form Builder Team Formidable Forms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Formidable Forms: from n/a through 5.5.4.
- CVE-2022-45811MEDIUMCVSS 5.4EG 5.42025-01-02
Missing Authorization vulnerability in WeyHan Ng Post Teaser.This issue affects Post Teaser: from n/a through 4.1.5.
- CVE-2022-45819LOWCVSS 3.5EG 3.52024-12-13
Missing Authorization vulnerability in Popup Maker Popup Maker allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Popup Maker: from n/a through 1.17.1.
- CVE-2022-45826MEDIUMCVSS 5.4EG 5.42024-12-13
Missing Authorization vulnerability in WP Sunshine Sunshine Photo Cart allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sunshine Photo Cart: from n/a through 2.9.13.
- CVE-2022-45830MEDIUMCVSS 6.5EG 6.52025-01-02
Missing Authorization vulnerability in Analytify.This issue affects Analytify: from n/a through 4.2.3.
- CVE-2022-45832MEDIUMCVSS 6.5EG 6.52024-06-19
Missing Authorization vulnerability in Hennessey Digital Attorney.This issue affects Attorney: from n/a through 3.
- CVE-2022-45840MEDIUMCVSS 6.5EG 6.52024-12-13
Missing Authorization vulnerability in Lucian Apostol Auto Affiliate Links allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Auto Affiliate Links: from n/a through 6.2.1.5.
- CVE-2022-45841MEDIUMCVSS 5.4EG 5.42024-12-13
Missing Authorization vulnerability in RoboSoft Robo Gallery allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Robo Gallery: from n/a through 3.2.9.
- CVE-2022-45851MEDIUMCVSS 5.4EG 5.42024-03-25
Missing Authorization vulnerability in ShareThis ShareThis Dashboard for Google Analytics.This issue affects ShareThis Dashboard for Google Analytics: from n/a through 3.1.4.
- CVE-2022-45914MEDIUMCVSS 6.5EG 5.32022-11-27
The ESL (Electronic Shelf Label) protocol, as implemented by (for example) the OV80e934802 RF transceiver on the ETAG-2130-V4.3 20190629 board, does not use authentication, which allows attackers to change label values via 433 MHz RF signa…
- CVE-2022-46158MEDIUMCVSS 5.3EG 5.32022-12-08
PrestaShop is an open-source e-commerce solution. Versions prior to 1.7.8.8 did not properly restrict host filesystem access for users. Users may have been able to view the contents of the upload directory without appropriate permissions. …
- CVE-2022-46505HIGHCVSS 7.5EG 7.52023-01-18
An issue in MatrixSSL 4.5.1-open and earlier leads to failure to securely check the SessionID field, resulting in the misuse of an all-zero MasterSecret that can decrypt secret data.
- CVE-2022-46795MEDIUMCVSS 6.5EG 6.52024-12-13
Missing Authorization vulnerability in Tyche Softwares Print Invoice & Delivery Notes for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Print Invoice & Delivery Notes for WooCommerce…
- CVE-2022-46796MEDIUMCVSS 6.5EG 6.52024-12-13
Missing Authorization vulnerability in VillaTheme CURCY allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CURCY: from n/a through 2.1.25.
- CVE-2022-46807MEDIUMCVSS 4.3EG 4.32024-12-13
Missing Authorization vulnerability in Lauri Karisola / WP Trio Stock Sync for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Stock Sync for WooCommerce: from n/a through 2.3.2.
- CVE-2022-46811MEDIUMCVSS 4.3EG 4.32024-12-13
Missing Authorization vulnerability in VillaTheme(villatheme.com) ALD – Dropshipping and Fulfillment for AliExpress and WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ALD – Dropsh…
- CVE-2022-46838CRITICALCVSS 9.1EG 9.12024-12-13
Missing Authorization vulnerability in JS Help Desk JS Help Desk – Best Help Desk & Support Plugin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JS Help Desk – Best Help Desk & Support Plugi…
- CVE-2022-46840MEDIUMCVSS 5.4EG 5.42024-12-13
Missing Authorization vulnerability in JS Help Desk JS Help Desk – Best Help Desk & Support Plugin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JS Help Desk – Best Help Desk & Support Plugi…
- CVE-2022-46845MEDIUMCVSS 5.3EG 5.32025-12-09
Missing Authorization vulnerability in Essential Plugin Slider a SlidersPack allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Slider a SlidersPack: from n/a before 2.3.
- CVE-2022-46846MEDIUMCVSS 5.3EG 5.32024-12-13
Missing Authorization vulnerability in WP OnlineSupport, Essential Plugin Trending/Popular Post Slider and Widget allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Trending/Popular Post Slider and W…
- CVE-2022-46850HIGHCVSS 8.6EG 8.72023-06-19
Auth. (author+) Broken Access Control vulnerability leading to Arbitrary File Deletion in Nabil Lemsieh Easy Media Replace plugin <= 0.1.3 versions.
- CVE-2022-47168MEDIUMCVSS 4.3EG 4.32024-12-13
Missing Authorization vulnerability in printful Printful Integration for WooCommerce printful-shipping-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Printful Integration for WooC…
- CVE-2022-47176MEDIUMCVSS 4.3EG 4.32024-12-13
Missing Authorization vulnerability in Depicter Slider and Popup by Averta Depicter Slider allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Depicter Slider: from n/a through 1.9.0.
- CVE-2022-47182MEDIUMCVSS 5.3EG 5.32024-12-13
Missing Authorization vulnerability in Wpexpertsio APIExperts Square for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects APIExperts Square for WooCommerce: from n/a through 4.4.1.
- CVE-2022-47324MEDIUMCVSS 5.5EG 5.52023-02-12
In wlan driver, there is a possible missing permission check. This could lead to local information disclosure.
- CVE-2022-47325MEDIUMCVSS 5.5EG 5.52023-02-12
In wlan driver, there is a possible missing permission check. This could lead to local information disclosure.
- CVE-2022-47326MEDIUMCVSS 5.5EG 5.52023-02-12
In wlan driver, there is a possible missing permission check. This could lead to local information disclosure.
- CVE-2022-47327MEDIUMCVSS 5.5EG 5.52023-02-12
In wlan driver, there is a possible missing permission check. This could lead to local information disclosure.
- CVE-2022-47328MEDIUMCVSS 5.5EG 5.52023-02-12
In wlan driver, there is a possible missing permission check. This could lead to local information disclosure.
Map vulnerabilities like CWE-862 to your infrastructure
EchelonGraph correlates every CVE — across CWE-862 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →