CWE-862— Missing Authorization
7,974 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-862page 70 of 160
- CVE-2024-21748MEDIUMCVSS 4.3EG 4.32024-06-08
Missing Authorization vulnerability in Icegram.This issue affects Icegram: from n/a through 3.1.21.
- CVE-2024-21751MEDIUMCVSS 5.4EG 5.42024-06-10
Missing Authorization vulnerability in RabbitLoader.This issue affects RabbitLoader: from n/a through 2.19.13.
- CVE-2024-22151MEDIUMCVSS 5.3EG 5.32024-06-08
Missing Authorization vulnerability in Codection Import and export users and customers.This issue affects Import and export users and customers: from n/a through 1.24.6.
- CVE-2024-22156MEDIUMCVSS 6.5EG 6.52024-03-26
Missing Authorization vulnerability in SNP Digital SalesKing.This issue affects SalesKing: from n/a through 1.6.15.
- CVE-2024-2216HIGHCVSS 8.8EG 6.32024-03-06
A missing permission check in an HTTP endpoint in Jenkins docker-build-step Plugin 2.11 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified TCP or Unix socket URL, and to reconfigure the plugin usi…
- CVE-2024-2222MEDIUMCVSS 4.3EG 4.32024-04-09
The Advanced Classifieds & Directory Pro plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the ajax_callback_delete_attachment function in all versions up to, and including, 3.0.0. This ma…
- CVE-2024-22257HIGHCVSS 8.2EG 8.22024-03-18
In Spring Security, versions 5.7.x prior to 5.7.12, 5.8.x prior to 5.8.11, versions 6.0.x prior to 6.0.9, versions 6.1.x prior to 6.1.8, versions 6.2.x prior to 6.2.3, an application is possible vulnerable to broken access control when …
- CVE-2024-22272MEDIUMCVSS 4.9EG 4.92024-06-27
VMware Cloud Director contains an Improper Privilege Management vulnerability. An authenticated tenant administrator for a given organization within VMware Cloud Director may be able to accidentally disable their organization leading …
- CVE-2024-22296MEDIUMCVSS 4.3EG 4.32024-06-10
Missing Authorization vulnerability in Code for Recovery 12 Step Meeting List.This issue affects 12 Step Meeting List: from n/a through 3.14.28.
- CVE-2024-22298MEDIUMCVSS 5.3EG 5.32024-06-10
Missing Authorization vulnerability in TMS Amelia ameliabooking.This issue affects Amelia: from n/a through 1.0.98.
- CVE-2024-2292HIGHCVSS 7.1EG 7.12025-03-20
Due to a lack of access control, unauthorized users are able to view and modify information pertaining to other users.
- CVE-2024-2298MEDIUMCVSS 4.3EG 4.32024-03-08
The affiliate-toolkit – WordPress Affiliate Plugin plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the atkp_import_product() function in all versions up to, and including, 3.5.4. This makes …
- CVE-2024-23230MEDIUMCVSS 5.5EG 5.52024-03-08
This issue was addressed with improved file handling. This issue is fixed in macOS Monterey 12.7.4, macOS Sonoma 14.4, macOS Ventura 13.6.5. An app may be able to access sensitive user data.
- CVE-2024-23388MEDIUMCVSS 6.1EG 6.12024-01-26
Improper authorization in handler for custom URL scheme issue in "Mercari" App for Android prior to version 5.78.0 allows a remote attacker to lead a user to access an arbitrary website via the vulnerable App. As a result, the user may bec…
- CVE-2024-23493MEDIUMCVSS 4.3EG 4.32024-02-29
Mattermost fails to properly authorize the requests fetching team associated AD/LDAP groups, allowing a user to fetch details of AD/LDAP groups of a team that they are not a member of.
- CVE-2024-23503MEDIUMCVSS 4.3EG 4.32024-06-11
Missing Authorization vulnerability in WPManageNinja LLC Ninja Tables.This issue affects Ninja Tables: from n/a through 5.0.6.
- CVE-2024-23504MEDIUMCVSS 5.3EG 5.32024-06-14
Missing Authorization vulnerability in WPManageNinja LLC Ninja Tables.This issue affects Ninja Tables: from n/a through 5.0.5.
- CVE-2024-23518MEDIUMCVSS 4.3EG 4.32024-06-11
Missing Authorization vulnerability in Navneil Naicker ACF Photo Gallery Field.This issue affects ACF Photo Gallery Field: from n/a through 2.6.
- CVE-2024-23520MEDIUMCVSS 4.3EG 4.32024-03-26
Missing Authorization vulnerability in AccessAlly PopupAlly.This issue affects PopupAlly: from n/a through 2.1.0.
- CVE-2024-23521MEDIUMCVSS 5.3EG 5.32024-06-11
Missing Authorization vulnerability in Happyforms.This issue affects Happyforms: from n/a through 1.25.10.
- CVE-2024-23524MEDIUMCVSS 5.3EG 5.32024-06-10
Missing Authorization vulnerability in ONTRAPORT Inc. PilotPress.This issue affects PilotPress: from n/a through 2.0.30.
- CVE-2024-23704HIGHCVSS 7.8EG 7.02024-05-07
In onCreate of WifiDialogActivity.java, there is a possible way to bypass the DISALLOW_ADD_WIFI_CONFIG restriction due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges …
- CVE-2024-23752CRITICALCVSS 9.8EG 9.82024-01-22
GenerateSDFPipeline in synthetic_dataframe in PandasAI (aka pandas-ai) through 1.5.17 allows attackers to trigger the generation of arbitrary Python code that is executed by SDFCodeExecutor. An attacker can create a dataframe that provides…
- CVE-2024-23944MEDIUMCVSS 5.3EG 5.32024-03-15
Information disclosure in persistent watchers handling in Apache ZooKeeper due to missing ACL check. It allows an attacker to monitor child znodes by attaching a persistent watcher (addWatch command) to a parent which the attacker has alre…
- CVE-2024-2395HIGHCVSS 7.3EG 7.32024-03-12
The Bulgarisation for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.0.14. This is due to missing or incorrect nonce validation on several functions. This makes it possi…
- CVE-2024-23962MEDIUMCVSS 5.3EG 7.52025-01-31
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Alpine Halo9 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DLT interfac…
- CVE-2024-2417HIGHCVSS 8.8EG 8.82024-05-02
The User Registration – Custom Registration Form, Login Form, and User Profile WordPress Plugin plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the form_save_action() function in all versio…
- CVE-2024-24703HIGHCVSS 8.6EG 8.62024-06-11
Missing Authorization vulnerability in MultiVendorX WC Marketplace.This issue affects WC Marketplace: from n/a through 4.0.25.
- CVE-2024-24704MEDIUMCVSS 5.4EG 5.42024-06-11
Missing Authorization vulnerability in AddonMaster Load More Anything.This issue affects Load More Anything: from n/a through 3.3.3.
- CVE-2024-24710MEDIUMCVSS 4.3EG 4.32024-05-03
Missing Authorization vulnerability in SlickRemix Feed Them Social.This issue affects Feed Them Social: from n/a through 4.2.0.
- CVE-2024-24711MEDIUMCVSS 4.3EG 4.32024-03-26
Missing Authorization vulnerability in weDevs WooCommerce Conversion Tracking.This issue affects WooCommerce Conversion Tracking: from n/a through 2.0.11.
- CVE-2024-24716MEDIUMCVSS 5.4EG 5.42024-06-09
Missing Authorization vulnerability in Awesome Support Team Awesome Support.This issue affects Awesome Support: from n/a through 6.1.6.
- CVE-2024-24718MEDIUMCVSS 4.3EG 4.32024-03-26
Missing Authorization vulnerability in PropertyHive.This issue affects PropertyHive: from n/a through 2.0.6.
- CVE-2024-24719MEDIUMCVSS 4.3EG 4.32024-03-26
Missing Authorization vulnerability in Uriahs Victor Location Picker at Checkout for WooCommerce.This issue affects Location Picker at Checkout for WooCommerce: from n/a through 1.8.9.
- CVE-2024-24739MEDIUMCVSS 6.3EG 6.32024-02-13
SAP Bank Account Management (BAM) allows an authenticated user with restricted access to use functions which can result in escalation of privileges with low impact on confidentiality, integrity and availability of the application.
- CVE-2024-24741MEDIUMCVSS 4.3EG 4.32024-02-13
SAP Master Data Governance for Material Data - versions 618, 619, 620, 621, 622, 800, 801, 802, 803, 804, does not perform necessary authorization check for an authenticated user, resulting in escalation of privileges. This could allow an …
- CVE-2024-2476MEDIUMCVSS 4.3EG 4.32024-03-29
The OceanWP theme for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the load_theme_panel_pane function in all versions up to, and including, 3.5.4. This makes it possible for authenticated atta…
- CVE-2024-24799MEDIUMCVSS 6.5EG 6.52024-03-26
Missing Authorization vulnerability in WooCommerce WooCommerce Box Office.This issue affects WooCommerce Box Office: from n/a through 1.2.2.
- CVE-2024-24805MEDIUMCVSS 5.3EG 4.32024-03-26
Missing Authorization vulnerability in Deepak anand WP Dummy Content Generator.This issue affects WP Dummy Content Generator: from n/a through 3.1.2.
- CVE-2024-24822MEDIUMCVSS 6.5EG 6.52024-02-07
Pimcore's Admin Classic Bundle provides a backend user interface for Pimcore. Prior to version 1.3.3, an attacker can create, delete etc. tags without having the permission to do so. A fix is available in version 1.3.3. As a workaround, on…
- CVE-2024-24832HIGHCVSS 8.2EG 8.22024-03-23
Missing Authorization vulnerability in Metagauss EventPrime.This issue affects EventPrime: from n/a through 3.3.9.
- CVE-2024-24833MEDIUMCVSS 4.3EG 4.32024-05-08
Missing Authorization vulnerability in HappyMonster Happy Addons for Elementor happy-elementor-addons.This issue affects Happy Addons for Elementor: from n/a through <= 3.10.1.
- CVE-2024-24835MEDIUMCVSS 4.3EG 4.32024-03-23
Missing Authorization vulnerability in realmag777 BEAR.This issue affects BEAR: from n/a through 1.1.4.
- CVE-2024-24840MEDIUMCVSS 4.3EG 4.32024-03-23
Missing Authorization vulnerability in BdThemes Element Pack Elementor Addons.This issue affects Element Pack Elementor Addons: from n/a through 5.4.11.
- CVE-2024-24844HIGHCVSS 7.5EG 7.52025-12-23
Missing Authorization vulnerability in IdeaBox Creations PowerPack Pro for Elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PowerPack Pro for Elementor: from n/a through 2.10.6.
- CVE-2024-24850MEDIUMCVSS 5.3EG 5.32024-04-11
Missing Authorization vulnerability in Mark Stockton Quicksand Post Filter jQuery Plugin.This issue affects Quicksand Post Filter jQuery Plugin: from n/a through 3.1.1.
- CVE-2024-24883MEDIUMCVSS 4.3EG 4.32024-04-11
Missing Authorization vulnerability in BdThemes Prime Slider – Addons For Elementor.This issue affects Prime Slider – Addons For Elementor: from n/a through 3.11.10.
- CVE-2024-2508MEDIUMCVSS 5.3EG 5.32024-07-31
The WP Mobile Menu plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save_menu_item_icon function in all versions up to, and including, 2.8.4.4. This makes it possible for unau…
- CVE-2024-25092HIGHCVSS 8.8EG 8.82024-06-09
Missing Authorization vulnerability in XLPlugins NextMove Lite.This issue affects NextMove Lite: from n/a through 2.17.0.
- CVE-2024-2538MEDIUMCVSS 5.4EG 5.42024-03-20
The Permalink Manager Lite plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ajax_save_permalink' function in all versions up to, and including, 2.4.3.1. This makes it possibl…
Map vulnerabilities like CWE-862 to your infrastructure
EchelonGraph correlates every CVE — across CWE-862 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →