CWE-862— Missing Authorization
7,611 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-862page 43 of 153
- CVE-2023-30926MEDIUMCVSS 5.5EG 5.52023-07-12
In opm service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.
- CVE-2023-30927MEDIUMCVSS 5.5EG 5.52023-07-12
In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.
- CVE-2023-30928HIGHCVSS 7.8EG 7.82023-07-12
In telephony service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges.
- CVE-2023-30929HIGHCVSS 7.8EG 7.82023-07-12
In telephony service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges.
- CVE-2023-30930MEDIUMCVSS 5.5EG 5.52023-07-12
In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.
- CVE-2023-30931MEDIUMCVSS 5.5EG 5.52023-07-12
In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.
- CVE-2023-30932MEDIUMCVSS 5.5EG 5.52023-07-12
In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.
- CVE-2023-30933MEDIUMCVSS 5.5EG 5.52023-07-12
In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.
- CVE-2023-30934MEDIUMCVSS 5.5EG 5.52023-07-12
In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.
- CVE-2023-30935MEDIUMCVSS 5.5EG 5.52023-07-12
In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.
- CVE-2023-30936MEDIUMCVSS 5.5EG 5.52023-07-12
In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.
- CVE-2023-30937MEDIUMCVSS 5.5EG 5.52023-07-12
In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.
- CVE-2023-30938MEDIUMCVSS 5.5EG 5.52023-07-12
In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.
- CVE-2023-30939MEDIUMCVSS 5.5EG 5.52023-07-12
In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.
- CVE-2023-30940MEDIUMCVSS 5.5EG 5.52023-07-12
In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.
- CVE-2023-30941MEDIUMCVSS 5.5EG 5.52023-07-12
In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.
- CVE-2023-30942MEDIUMCVSS 5.5EG 5.52023-07-12
In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.
- CVE-2023-30948MEDIUMCVSS 6.5EG 6.52023-06-06
A security defect in Foundry's Comments functionality resulted in the retrieval of attachments to comments not being gated by additional authorization checks. This could enable an authenticated user to inject a prior discovered attachment …
- CVE-2023-30950MEDIUMCVSS 6.5EG 6.52023-08-03
The foundry campaigns service was found to be vulnerable to an unauthenticated information disclosure in a rest endpoint
- CVE-2023-30969HIGHCVSS 8.2EG 8.22023-10-26
The Palantir Tiles1 service was found to be vulnerable to an API wide issue where the service was not performing authentication/authorization on all the endpoints.
- CVE-2023-31047CRITICALCVSS 9.8EG 9.82023-05-07
In Django 3.2 before 3.2.19, 4.x before 4.1.9, and 4.2 before 4.2.1, it was possible to bypass validation when using one form field to upload multiple files. This multiple upload has never been supported by forms.FileField or forms.ImageFi…
- CVE-2023-31073MEDIUMCVSS 4.3EG 4.32024-12-09
Missing Authorization vulnerability in Jose Vega Display custom fields in the frontend – Post and User Profile Fields allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Display custom fields in the…
- CVE-2023-31080HIGHCVSS 8.3EG 8.32024-06-09
Missing Authorization vulnerability in Unlimited Elements Unlimited Elements For Elementor (Free Widgets, Addons, Templates).This issue affects Unlimited Elements For Elementor (Free Widgets, Addons, Templates): from n/a through 1.5.65.
- CVE-2023-31214MEDIUMCVSS 5.4EG 5.42024-12-09
Missing Authorization vulnerability in Arul Prasad J WP Quick Post Duplicator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Quick Post Duplicator: from n/a through 2.0.
- CVE-2023-31234MEDIUMCVSS 6.3EG 6.32024-05-07
Missing Authorization vulnerability in Tilda Publishing.This issue affects Tilda Publishing: from n/a through 0.3.23.
- CVE-2023-3124HIGHCVSS 8.8EG 8.82023-06-07
The Elementor Pro plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the update_page_option function in versions up to, and including, 3.11.6. This makes it possible for authenticated …
- CVE-2023-3125MEDIUMCVSS 6.5EG 6.52023-06-07
The B2BKing plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'b2bking_save_price_import' function in versions up to, and including, 4.6.00. This makes it possible for Authenti…
- CVE-2023-3126MEDIUMCVSS 4.3EG 4.32023-06-07
The B2BKing plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'b2bkingdownloadpricelist' function in versions up to, and including, 4.6.00. This makes it possible for Authenticated a…
- CVE-2023-3131MEDIUMCVSS 4.3EG 4.32023-07-10
The MStore API WordPress plugin before 3.9.7 does not secure most of its AJAX actions by implementing privilege checks, nonce checks, or a combination of both.
- CVE-2023-31826HIGHCVSS 7.8EG 7.82023-05-23
Skyscreamer Open Source Nevado JMS v1.3.2 does not perform security checks when receiving messages. This allows attackers to execute arbitrary commands via supplying crafted data.
- CVE-2023-3204MEDIUMCVSS 6.5EG 6.52024-06-20
The Materialis theme for WordPress is vulnerable to limited arbitrary options updates in versions up to, and including, 1.1.24. This is due to missing authorization checks on the companion_disable_popup() function called via an AJAX action…
- CVE-2023-32094MEDIUMCVSS 5.4EG 5.42024-12-09
Missing Authorization vulnerability in Felix Welberg Extended Post Status allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Extended Post Status: from n/a through 1.0.19.
- CVE-2023-32112LOWCVSS 2.8EG 2.82023-05-09
Vendor Master Hierarchy - versions SAP_APPL 500, SAP_APPL 600, SAP_APPL 602, SAP_APPL 603, SAP_APPL 604, SAP_APPL 605, SAP_APPL 606, SAP_APPL 616, SAP_APPL 617, SAP_APPL 618, S4CORE 100, does not perform necessary authorization checks for …
- CVE-2023-32117CRITICALCVSS 9.8EG 9.82024-12-09
Missing Authorization vulnerability in SoftLab Integrate Google Drive allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Integrate Google Drive: from n/a through 1.1.99.
- CVE-2023-32126MEDIUMCVSS 4.3EG 4.32024-12-09
Missing Authorization vulnerability in WPoperation SALERT allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SALERT: from n/a through 1.2.1.
- CVE-2023-32127MEDIUMCVSS 5.3EG 5.32024-04-24
Missing Authorization vulnerability in Daniel Powney Multi Rating allows Functionality Misuse.This issue affects Multi Rating: from n/a through 5.0.6.
- CVE-2023-32129MEDIUMCVSS 4.3EG 4.32024-05-17
Missing Authorization vulnerability in Sparkle WP Editorialmag editorialmag.This issue affects Editorialmag: from n/a through 1.1.9.
- CVE-2023-3213MEDIUMCVSS 5.3EG 5.32023-10-04
The WP Mail SMTP Pro plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the is_print_page function in versions up to, and including, 3.8.0. This makes it possible for unauthenticated atta…
- CVE-2023-32240MEDIUMCVSS 5.4EG 5.42025-01-02
Missing Authorization vulnerability in Xtemos WoodMart allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WoodMart: from n/a through 7.2.1.
- CVE-2023-32293MEDIUMCVSS 5.3EG 5.32024-12-09
Missing Authorization vulnerability in Realwebcare WRC Pricing Tables allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WRC Pricing Tables: from n/a through 2.3.7.
- CVE-2023-32295MEDIUMCVSS 6.3EG 6.32024-04-11
Missing Authorization vulnerability in Alex Tselegidis Easy!Appointments.This issue affects Easy!Appointments: from n/a through 1.3.3.
- CVE-2023-32299MEDIUMCVSS 6.5EG 6.52024-12-09
Missing Authorization vulnerability in Anzar Ahmed Ni WooCommerce Sales Report ni-woocommerce-sales-report allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ni WooCommerce Sales Report: from n/a thr…
- CVE-2023-3230HIGHCVSS 7.5EG 4.62023-06-14
Missing Authorization in GitHub repository fossbilling/fossbilling prior to 0.5.0.
- CVE-2023-32311HIGHCVSS 7.1EG 7.12023-05-26
CloudExplorer Lite is an open source cloud management platform. In CloudExplorer Lite prior to version 1.1.0 users organization/workspace permissions are not properly checked. This allows users to add themselves to any organization. This v…
- CVE-2023-32316HIGHCVSS 7.1EG 7.12023-05-26
CloudExplorer Lite is an open source cloud management tool. In affected versions users can add themselves to any organization in CloudExplorer Lite. This is due to a missing permission check on the user profile. It is recommended to upgrad…
- CVE-2023-3244MEDIUMCVSS 4.3EG 5.32023-08-17
The Comments Like Dislike plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the restore_settings function called via an AJAX action in versions up to, and including, 1.2.0. This ma…
- CVE-2023-32506MEDIUMCVSS 6.5EG 6.52024-12-13
Missing Authorization vulnerability in Link Whisper Link Whisper Free allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Link Whisper Free: from n/a through 0.6.3.
- CVE-2023-32507HIGHCVSS 7.3EG 7.32024-12-13
Missing Authorization vulnerability in wp3sixty Woo Custom Emails allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Woo Custom Emails: from n/a through 2.2.
- CVE-2023-32519MEDIUMCVSS 4.3EG 4.32024-12-13
Missing Authorization vulnerability in Webcodin WCP Contact Form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WCP Contact Form: from n/a through 3.1.0.
- CVE-2023-32520HIGHCVSS 7.5EG 7.52024-12-13
Missing Authorization vulnerability in Webcodin WCP Contact Form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WCP Contact Form: from n/a through 3.1.0.
Map vulnerabilities like CWE-862 to your infrastructure
EchelonGraph correlates every CVE — across CWE-862 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →