CWE-862— Missing Authorization
7,611 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-862page 56 of 153
- CVE-2023-48417CRITICALCVSS 9.8EG 9.82023-12-11
Missing Permission checks resulting in unauthorized access and Manipulation in KeyChainActivity Application
- CVE-2023-48676HIGHCVSS 7.1EG 3.32023-12-14
Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 36943.
- CVE-2023-48683HIGHCVSS 7.1EG 7.12024-04-29
Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 37758, Acronis Cyber Protect 16 (Linux, macOS, Wind…
- CVE-2023-48684HIGHCVSS 7.1EG 7.12024-04-29
Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 37758, Acronis Cyber Protect 17 (Linux, macOS, Wind…
- CVE-2023-48739MEDIUMCVSS 5.3EG 5.32025-01-02
Missing Authorization vulnerability in Porto Theme Porto Theme - Functionality porto-functionality allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Porto Theme - Functionality: from n/a through < 2…
- CVE-2023-48740MEDIUMCVSS 4.3EG 4.32024-12-09
Missing Authorization vulnerability in Sajid Javed Easy Social Feed easy-facebook-likebox allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Social Feed: from n/a through <= 6.5.1.
- CVE-2023-48750MEDIUMCVSS 5.3EG 5.32024-12-09
Missing Authorization vulnerability in voidthemes Void Elementor Post Grid Addon for Elementor Page builder void-elementor-post-grid-addon-for-elementor-page-builder allows Exploiting Incorrectly Configured Access Control Security Levels.T…
- CVE-2023-48751MEDIUMCVSS 4.3EG 4.32023-12-19
Missing Authorization, Cross-Site Request Forgery (CSRF) vulnerability in Roland Barker, xnau webdesign Participants Database allows Accessing Functionality Not Properly Constrained by ACLs, Cross Site Request Forgery.This issue affects Pa…
- CVE-2023-48758HIGHCVSS 7.1EG 7.12025-01-02
Missing Authorization vulnerability in Crocoblock JetEngine jet-engine allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JetEngine: from n/a through <= 3.2.4.
- CVE-2023-48759HIGHCVSS 7.5EG 7.52024-06-19
Missing Authorization vulnerability in Crocoblock JetElements For Elementor.This issue affects JetElements For Elementor: from n/a through 2.6.13.
- CVE-2023-48760HIGHCVSS 8.2EG 8.22024-06-19
Missing Authorization vulnerability in Crocoblock JetElements For Elementor.This issue affects JetElements For Elementor: from n/a through 2.6.13.
- CVE-2023-48761MEDIUMCVSS 6.3EG 6.32024-06-19
Missing Authorization vulnerability in Crocoblock JetElements For Elementor.This issue affects JetElements For Elementor: from n/a through 2.6.13.
- CVE-2023-48774MEDIUMCVSS 5.4EG 5.42024-12-09
Missing Authorization vulnerability in Martin Gibson IdeaPush allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects IdeaPush: from n/a through n/a.
- CVE-2023-48775MEDIUMCVSS 5.3EG 5.32024-12-31
Missing Authorization vulnerability in Gfazioli WP Cleanfix allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Cleanfix: from n/a through 5.6.2.
- CVE-2023-48776MEDIUMCVSS 5.4EG 5.42024-12-09
Missing Authorization vulnerability in virtuellwerk canvasio3D Light canvasio3d-light allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects canvasio3D Light: from n/a through <= 2.5.0.
- CVE-2023-48779MEDIUMCVSS 6.5EG 6.52024-12-09
Missing Authorization vulnerability in 3DWeb 360 Javascript Viewer 360deg-javascript-viewer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects 360 Javascript Viewer: from n/a through <= 1.7.11.
- CVE-2023-48926MEDIUMCVSS 5.3EG 5.32024-01-16
An issue in 202 ecommerce Advanced Loyalty Program: Loyalty Points before v2.3.4 for PrestaShop allows unauthenticated attackers to arbitrarily change an order status.
- CVE-2023-4895MEDIUMCVSS 4.3EG 4.32024-02-22
An issue has been discovered in GitLab EE affecting all versions starting from 12.0 to 16.7.6, all versions starting from 16.8 before 16.8.3, all versions starting from 16.9 before 16.9.1. This vulnerability allows for bypassing the 'group…
- CVE-2023-49003MEDIUMCVSS 5.3EG 5.32023-12-27
An issue in simplemobiletools Simple Dialer 5.18.1 allows an attacker to bypass intended access restrictions via interaction with com.simplemobiletools.dialer.activities.DialerActivity.
- CVE-2023-49154MEDIUMCVSS 5.3EG 5.32024-12-09
Missing Authorization vulnerability in Wow-Company Button Generator – easily Button Builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Button Generator – easily Button Builder: from n/a t…
- CVE-2023-49156MEDIUMCVSS 4.3EG 4.32024-12-09
Missing Authorization vulnerability in GoDaddy GoDaddy Email Marketing godaddy-email-marketing-sign-up-forms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GoDaddy Email Marketing: from n/a throu…
- CVE-2023-49167MEDIUMCVSS 6.5EG 6.52024-12-09
Missing Authorization vulnerability in code4life Database for CF7 database-for-cf7 allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Database for CF7: from n/a through <= 1.2.4.
- CVE-2023-49192MEDIUMCVSS 5.3EG 5.32024-12-09
Missing Authorization vulnerability in cl272 Enhanced Text Widget enhanced-text-widget allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Enhanced Text Widget: from n/a through <= 1.6.3.
- CVE-2023-49193MEDIUMCVSS 5.3EG 5.32024-12-09
Missing Authorization vulnerability in NerdPress Hubbub Lite social-pug allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Hubbub Lite: from n/a through <= 1.30.0.
- CVE-2023-49196MEDIUMCVSS 4.3EG 4.32024-12-09
Missing Authorization vulnerability in Pagelayer Team PageLayer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PageLayer: from n/a through 1.7.7.
- CVE-2023-49229MEDIUMCVSS 4.3EG 4.32023-12-28
An issue was discovered in Peplink Balance Two before 8.4.0. A missing authorization check in the administration web service allows read-only, unprivileged users to obtain sensitive information about the device configuration.
- CVE-2023-49230HIGHCVSS 8.8EG 8.82023-12-28
An issue was discovered in Peplink Balance Two before 8.4.0. A missing authorization check in captive portals allows attackers to modify the portals' configurations without prior authentication.
- CVE-2023-4938MEDIUMCVSS 4.3EG 4.32023-10-18
The BEAR for WordPress is vulnerable to Missing Authorization in versions up to, and including, 1.1.3.3. This is due to a missing capability check on the woobe_bulkoperations_apply_default_combination function. This makes it possible for a…
- CVE-2023-4941MEDIUMCVSS 4.3EG 4.32023-10-20
The BEAR for WordPress is vulnerable to Missing Authorization in versions up to, and including, 1.1.3.3. This is due to a missing capability check on the woobe_bulkoperations_swap function. This makes it possible for authenticated attacker…
- CVE-2023-4943MEDIUMCVSS 4.3EG 4.32023-10-20
The BEAR for WordPress is vulnerable to Missing Authorization in versions up to, and including, 1.1.3.3. This is due to a missing capability check on the woobe_bulkoperations_visibility function. This makes it possible for authenticated at…
- CVE-2023-4947MEDIUMCVSS 4.3EG 4.32023-10-20
The WooCommerce EAN Payment Gateway plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the refresh_order_ean_data AJAX action in versions up to 6.1.0. This makes it possible for aut…
- CVE-2023-4948MEDIUMCVSS 4.3EG 4.32023-09-14
The WooCommerce CVR Payment Gateway plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the refresh_order_cvr_data AJAX action in versions up to 6.1.0. This makes it possible for aut…
- CVE-2023-49620MEDIUMCVSS 6.5EG 6.52023-11-30
Before DolphinScheduler version 3.1.0, the login user could delete UDF function in the resource center unauthorized (which almost used in sql task), with unauthorized access vulnerability (IDOR), but after version 3.1.0 we fixed this iss…
- CVE-2023-49652LOWCVSS 2.7EG 2.72023-11-29
Incorrect permission checks in Jenkins Google Compute Engine Plugin 4.550.vb_327fca_3db_11 and earlier allow attackers with global Item/Configure permission (while lacking Item/Configure permission on any particular job) to enumerate syste…
- CVE-2023-49654CRITICALCVSS 9.8EG 9.82023-11-29
Missing permission checks in Jenkins MATLAB Plugin 2.11.0 and earlier allow attackers to have Jenkins parse an XML file from the Jenkins controller file system.
- CVE-2023-49674MEDIUMCVSS 4.3EG 4.32023-11-29
A missing permission check in Jenkins NeuVector Vulnerability Scanner Plugin 1.22 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified hostname and port using attacker-specified username and passwor…
- CVE-2023-49742CRITICALCVSS 9.9EG 9.92024-04-18
Missing Authorization vulnerability in Support Genix.This issue affects Support Genix: from n/a through 1.2.3.
- CVE-2023-49754MEDIUMCVSS 4.3EG 4.32024-12-09
Missing Authorization vulnerability in Yogesh Pawar Bulk Edit Post Titles bulk-edit-post-titles allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Bulk Edit Post Titles: from n/a through <= 5.0.0.
- CVE-2023-49755MEDIUMCVSS 5.4EG 5.42024-12-09
Missing Authorization vulnerability in B.M. Rafiul Alam Elementor Timeline Widget allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Elementor Timeline Widget: from n/a through 2.2.
- CVE-2023-49756MEDIUMCVSS 5.4EG 5.42024-12-09
Missing Authorization vulnerability in Arraytics Eventin wp-event-solution allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Eventin: from n/a through <= 3.3.52.
- CVE-2023-49757MEDIUMCVSS 5.4EG 5.42024-12-09
Missing Authorization vulnerability in awesomesupport Awesome Support awesome-support allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Awesome Support: from n/a through <= 6.1.10.
- CVE-2023-49758MEDIUMCVSS 4.3EG 4.32024-12-09
Missing Authorization vulnerability in Roland Murg WP Booking System wp-booking-system allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Booking System: from n/a through <= 2.0.19.2.
- CVE-2023-49817HIGHCVSS 8.2EG 8.22024-12-09
Missing Authorization vulnerability in heoLixfy Flexible Woocommerce Checkout Field Editor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Flexible Woocommerce Checkout Field Editor: from n/a thro…
- CVE-2023-49818MEDIUMCVSS 5.3EG 5.32024-12-09
Missing Authorization vulnerability in Webflow Webflow Pages allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Webflow Pages: from n/a through 1.0.8.
- CVE-2023-49831HIGHCVSS 7.5EG 7.52024-12-09
Missing Authorization vulnerability in Metagauss RegistrationMagic custom-registration-form-builder-with-submission-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects RegistrationMagic: from …
- CVE-2023-49832MEDIUMCVSS 5.3EG 5.32024-12-09
Missing Authorization vulnerability in Gemini Labs Site Reviews site-reviews allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Site Reviews: from n/a through <= 6.10.2.
- CVE-2023-49835MEDIUMCVSS 4.3EG 4.32024-12-09
Missing Authorization vulnerability in Metaphor Creations Post Duplicator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Post Duplicator: from n/a through 2.31.
- CVE-2023-49845MEDIUMCVSS 5.3EG 5.32024-12-09
Missing Authorization vulnerability in mattdeclaire Redirects redirects allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Redirects: from n/a through <= 1.2.1.
- CVE-2023-49848MEDIUMCVSS 6.5EG 6.52024-12-09
Missing Authorization vulnerability in Marc dooder Sharkdropship dropshipping for Aliexpress, eBay, Amazon, etsy woo-aliexpress-dropshipping allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sharkdr…
- CVE-2023-49849MEDIUMCVSS 4.3EG 4.32024-12-09
Missing Authorization vulnerability in vaakash Shortcoder shortcoder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Shortcoder: from n/a through <= 6.3.
Map vulnerabilities like CWE-862 to your infrastructure
EchelonGraph correlates every CVE — across CWE-862 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →