CWE-862— Missing Authorization
7,611 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-862page 48 of 153
- CVE-2023-38465MEDIUMCVSS 5.5EG 5.52023-09-04
In ims service, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges
- CVE-2023-38466MEDIUMCVSS 5.5EG 5.52023-09-04
In ims service, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges
- CVE-2023-38475MEDIUMCVSS 4.3EG 4.32024-12-13
Missing Authorization vulnerability in RedNao Donations Made Easy – Smart Donations allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Donations Made Easy – Smart Donations: from n/a through 4.0.…
- CVE-2023-38477MEDIUMCVSS 4.3EG 4.32024-12-13
Missing Authorization vulnerability in Stanislav Kuznetsov QR code MeCard/vCard generator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects QR code MeCard/vCard generator: from n/a through 1.6.0.
- CVE-2023-38479MEDIUMCVSS 5.3EG 5.32024-12-13
Missing Authorization vulnerability in Codents Simple Googlebot Visit allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simple Googlebot Visit: from n/a through 1.2.4.
- CVE-2023-38480MEDIUMCVSS 5.3EG 5.32024-12-13
Missing Authorization vulnerability in Certain Dev Booster Elementor Addons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Booster Elementor Addons: from n/a through 1.4.9.
- CVE-2023-38483MEDIUMCVSS 5.4EG 5.42024-12-13
Missing Authorization vulnerability in Dylan Blokhuis Instant CSS allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Instant CSS: from n/a through 1.1.4.
- CVE-2023-38494MEDIUMCVSS 5.9EG 5.92023-08-04
MeterSphere is an open-source continuous testing platform. Prior to version 2.10.4 LTS, some interfaces of the Cloud version of MeterSphere do not have configuration permissions, and are sensitively leaked by attackers. Version 2.10.4 LTS …
- CVE-2023-38508MEDIUMCVSS 6.5EG 6.52023-08-24
Tuleap is an open source suite to improve management of software developments and collaboration. In Tuleap Community Edition prior to version 14.11.99.28 and Tuleap Enterprise Edition prior to versions 14.10-6 and 14.11-3, the preview of a…
- CVE-2023-38510HIGHCVSS 8.1EG 8.12023-07-27
Tolgee is an open-source localization platform. Starting in version 3.14.0 and prior to version 3.23.1, when a request is made using an API key, the backend fails to verify the permission scopes associated with the key, effectively bypassi…
- CVE-2023-38514MEDIUMCVSS 4.3EG 4.32024-12-13
Missing Authorization vulnerability in social share pro Social Share Icons & Social Share Buttons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Social Share Icons & Social Share Buttons: from n/…
- CVE-2023-3869MEDIUMCVSS 5.3EG 5.32023-10-20
The wpDiscuz plugin for WordPress is vulnerable to unauthorized modification of data due to a missing authorization check on the voteOnComment function in versions up to, and including, 7.6.3. This makes it possible for unauthenticated att…
- CVE-2023-38989MEDIUMCVSS 4.3EG 4.32023-07-31
An issue in the delete function in the UserController class of jeesite v1.2.6 allows authenticated attackers to arbitrarily delete the Administrator's role information.
- CVE-2023-39073CRITICALCVSS 9.8EG 9.82023-09-12
An issue in SNMP Web Pro v.1.1 allows a remote attacker to execute arbitrary code and obtain senstive information via a crafted request.
- CVE-2023-39167HIGHCVSS 7.5EG 7.52023-12-07
In SENEC Storage Box V1,V2 and V3 an unauthenticated remote attacker can obtain the devices' logfiles that contain sensitive data.
- CVE-2023-39298HIGHCVSS 7.8EG 7.82024-09-06
A missing authorization vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow local authenticated users to access data or perform actions that they should not be allow…
- CVE-2023-39305MEDIUMCVSS 5.3EG 5.32024-12-13
Missing Authorization vulnerability in Dash Labs Yet Another Stars Rating yet-another-stars-rating allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Yet Another Stars Rating: from n/a through <= 3.4…
- CVE-2023-39310MEDIUMCVSS 5.4EG 5.42024-06-19
Missing Authorization vulnerability in ThemeFusion Fusion Builder.This issue affects Fusion Builder: from n/a through 3.11.1.
- CVE-2023-39312CRITICALCVSS 9.1EG 9.12024-06-19
Missing Authorization vulnerability in ThemeFusion Avada.This issue affects Avada: from n/a through 7.11.1.
- CVE-2023-3932HIGHCVSS 8.2EG 5.32023-08-03
An issue has been discovered in GitLab EE affecting all versions starting from 13.12 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. It was possible for an attacker to run pipeli…
- CVE-2023-39438HIGHCVSS 8.1EG 8.12023-08-15
A missing authorization check allows an arbitrary authenticated user to perform certain operations through the API of CLA-assistant by executing specific additional steps. This allows an arbitrary authenticated user to read CLA information…
- CVE-2023-39507MEDIUMCVSS 6.1EG 6.12023-08-16
Improper authorization in the custom URL scheme handler in "Rikunabi NEXT" App for Android prior to ver. 11.5.0 allows a malicious intent to lead the vulnerable App to access an arbitrary website.
- CVE-2023-39544HIGHCVSS 8.8EG 8.82023-11-17
CLUSTERPRO X Ver5.1 and earlier and EXPRESSCLUSTER X 5.1 and earlier, CLUSTERPRO X SingleServerSafe 5.1 and earlier, EXPRESSCLUSTER X SingleServerSafe 5.1 and earlier allows a attacker to log in to the product may execute an arbitrary comm…
- CVE-2023-3956CRITICALCVSS 9.8EG 9.82023-07-27
The InstaWP Connect plugin for WordPress is vulnerable to unauthorized access of data, modification of data and loss of data due to a missing capability check on the 'events_receiver' function in versions up to, and including, 0.0.9.18. Th…
- CVE-2023-39920HIGHCVSS 7.5EG 7.52024-12-13
Missing Authorization vulnerability in Themeisle Redirection for Contact Form 7 wpcf7-redirect allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Redirection for Contact Form 7: from n/a through <= 2…
- CVE-2023-39922MEDIUMCVSS 4.3EG 4.32024-06-19
Missing Authorization vulnerability in ThemeFusion Avada.This issue affects Avada: from n/a through 7.11.1.
- CVE-2023-39966HIGHCVSS 7.5EG 7.52023-08-10
1Panel is an open source Linux server operation and maintenance management panel. In version 1.4.3, an arbitrary file write vulnerability could lead to direct control of the server. In the `api/v1/file.go` file, there is a function called …
- CVE-2023-3998MEDIUMCVSS 5.3EG 5.32023-10-20
The wpDiscuz plugin for WordPress is vulnerable to unauthorized modification of data due to a missing authorization check on the userRate function in versions up to, and including, 7.6.3. This makes it possible for unauthenticated attacker…
- CVE-2023-3999MEDIUMCVSS 6.3EG 6.32023-08-31
The Waiting: One-click countdowns plugin for WordPress is vulnerable to authorization bypass due to missing capability checks on its AJAX calls in versions up to, and including, 0.6.2. This makes it possible for authenticated attackers, wi…
- CVE-2023-39990MEDIUMCVSS 5.4EG 5.42024-06-19
Missing Authorization vulnerability in Paid Memberships Pro.This issue affects Paid Memberships Pro: from n/a through 1.2.3.
- CVE-2023-39993MEDIUMCVSS 4.3EG 4.32024-06-19
Missing Authorization vulnerability in Wpmet Elements kit Elementor addons.This issue affects Elements kit Elementor addons: from n/a through 2.9.0.
- CVE-2023-39994MEDIUMCVSS 4.3EG 4.32025-01-02
Missing Authorization vulnerability in Repute InfoSystems ARMember Premium allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ARMember Premium: from n/a through 5.9.2.
- CVE-2023-39995MEDIUMCVSS 4.3EG 4.32024-12-13
Missing Authorization vulnerability in WP OnlineSupport, Essential Plugin Portfolio and Projects allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Portfolio and Projects: from n/a through 1.3.7.
- CVE-2023-39996MEDIUMCVSS 5.3EG 5.32024-12-13
Missing Authorization vulnerability in WP OnlineSupport, Essential Plugin Accordion and Accordion Slider allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Accordion and Accordion Slider: from n/a th…
- CVE-2023-39997MEDIUMCVSS 5.3EG 5.32024-12-13
Missing Authorization vulnerability in supsystic.com Popup by Supsystic allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Popup by Supsystic: from n/a through 1.10.19.
- CVE-2023-39998HIGHCVSS 8.2EG 8.22024-06-19
Missing Authorization vulnerability in Muffingroup Betheme.This issue affects Betheme: from n/a through 27.1.1.
- CVE-2023-40001MEDIUMCVSS 4.3EG 4.32024-12-13
Missing Authorization vulnerability in SolidWP iThemes Sync allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects iThemes Sync: from n/a through 2.1.13.
- CVE-2023-40003MEDIUMCVSS 6.5EG 6.52024-12-13
Missing Authorization vulnerability in weDevs WP Project Manager wedevs-project-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Project Manager: from n/a through <= 2.6.7.
- CVE-2023-40004HIGHCVSS 7.3EG 7.32024-06-19
Missing Authorization vulnerability in ServMask All-in-One WP Migration Box Extension, ServMask All-in-One WP Migration OneDrive Extension, ServMask All-in-One WP Migration Dropbox Extension, ServMask All-in-One WP Migration Google Drive E…
- CVE-2023-40005MEDIUMCVSS 5.3EG 5.32024-12-13
Missing Authorization vulnerability in Syed Balkhi Easy Digital Downloads easy-digital-downloads allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Digital Downloads: from n/a through <= 3.1.5.
- CVE-2023-40011MEDIUMCVSS 5.4EG 5.42024-12-13
Missing Authorization vulnerability in StylemixThemes Cost Calculator Builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Cost Calculator Builder: from n/a through 3.1.42.
- CVE-2023-40027LOWCVSS 3.7EG 3.72023-08-15
Keystone is an open source headless CMS for Node.js — built with GraphQL and React. When `ui.isAccessAllowed` is set as `undefined`, the `adminMeta` GraphQL query is publicly accessible (no session required). This is different to the beh…
- CVE-2023-40040MEDIUMCVSS 5.3EG 5.32023-09-11
An issue was discovered in the MyCrops HiGrade "THC Testing & Cannabi" application 1.0.337 for Android. A remote attacker can start the camera feed via the com.cordovaplugincamerapreview.CameraActivity component in some situations. NOTE: t…
- CVE-2023-40089HIGHCVSS 7.8EG 7.82023-12-04
In getCredentialManagerPolicy of DevicePolicyManagerService.java, there is a possible method for users to select credential managers without permission due to a missing permission check. This could lead to local escalation of privilege wit…
- CVE-2023-40094HIGHCVSS 7.8EG 7.82023-12-04
In keyguardGoingAway of ActivityTaskManagerService.java, there is a possible lock screen bypass due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User intera…
- CVE-2023-40105MEDIUMCVSS 5.5EG 5.52024-02-15
In backupAgentCreated of ActivityManagerService.java, there is a possible way to leak sensitive data due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User in…
- CVE-2023-40108MEDIUMCVSS 5.5EG 5.52025-01-21
In multiple locations, there is a possible way to access media content belonging to another user due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User intera…
- CVE-2023-40113MEDIUMCVSS 5.5EG 5.52024-02-15
In multiple locations, there is a possible way for apps to access cross-user message data due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction i…
- CVE-2023-40203MEDIUMCVSS 4.3EG 4.32024-12-13
Missing Authorization vulnerability in MailMunch MailChimp Forms by MailMunch allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MailChimp Forms by MailMunch: from n/a through 3.1.4.
- CVE-2023-40209MEDIUMCVSS 6.5EG 6.52024-06-12
Missing Authorization vulnerability in Himalaya Saxena Highcompress Image Compressor.This issue affects Highcompress Image Compressor: from n/a through 6.0.0.
Map vulnerabilities like CWE-862 to your infrastructure
EchelonGraph correlates every CVE — across CWE-862 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →