CWE-862— Missing Authorization
7,974 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-862page 73 of 160
- CVE-2024-31307MEDIUMCVSS 6.3EG 6.32024-06-09
Missing Authorization vulnerability in appscreo Easy Social Share Buttons.This issue affects Easy Social Share Buttons: from n/a through 9.4.
- CVE-2024-31318HIGHCVSS 7.8EG 7.82024-07-09
In CompanionDeviceManagerService.java, there is a possible way to pair a companion device without user acceptance due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges n…
- CVE-2024-31332HIGHCVSS 7.8EG 8.42024-07-09
In multiple locations, there is a possible way to bypass a restriction on adding new Wi-Fi connections due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User…
- CVE-2024-31342MEDIUMCVSS 6.5EG 6.52024-04-10
Missing Authorization vulnerability in WPcloudgallery WordPress Gallery Exporter.This issue affects WordPress Gallery Exporter: from n/a through 1.3.
- CVE-2024-31343HIGHCVSS 7.5EG 7.52024-04-10
Missing Authorization vulnerability in Sonaar Music MP3 Audio Player for Music, Radio & Podcast by Sonaar.This issue affects MP3 Audio Player for Music, Radio & Podcast by Sonaar: from n/a through 4.10.1.
- CVE-2024-31347MEDIUMCVSS 4.3EG 4.32024-06-09
Missing Authorization vulnerability in Data443 Tracking Code Manager.This issue affects Tracking Code Manager: from n/a through 2.1.0.
- CVE-2024-31350MEDIUMCVSS 4.3EG 4.32024-06-09
Missing Authorization vulnerability in AWP Classifieds Team AWP Classifieds.This issue affects AWP Classifieds: from n/a through 4.3.1.
- CVE-2024-31352MEDIUMCVSS 5.3EG 5.32024-06-09
Missing Authorization vulnerability in Email Subscribers & Newsletters.This issue affects Email Subscribers & Newsletters: from n/a through 5.7.13.
- CVE-2024-31358HIGHCVSS 7.5EG 7.52024-04-10
Missing Authorization vulnerability in Saleswonder Team: Tobias 5 Stars Rating Funnel 5-stars-rating-funnel.This issue affects 5 Stars Rating Funnel: from n/a through <= 1.2.67.
- CVE-2024-31359MEDIUMCVSS 4.3EG 4.32024-06-09
Missing Authorization vulnerability in Premmerce Premmerce Product Filter for WooCommerce premmerce-woocommerce-product-filter.This issue affects Premmerce Product Filter for WooCommerce: from n/a through <= 3.7.2.
- CVE-2024-31366HIGHCVSS 7.1EG 7.12024-04-09
Missing Authorization vulnerability in Themify Post Type Builder (PTB).This issue affects Post Type Builder (PTB): from n/a through 2.0.8.
- CVE-2024-31367HIGHCVSS 7.1EG 7.12024-04-09
Missing Authorization vulnerability in PenciDesign Soledad.This issue affects Soledad: from n/a through 8.4.2.
- CVE-2024-31368MEDIUMCVSS 6.5EG 6.52024-04-09
Missing Authorization vulnerability in PenciDesign Soledad.This issue affects Soledad: from n/a through 8.4.2.
- CVE-2024-31375MEDIUMCVSS 5.4EG 5.42024-04-08
Missing Authorization vulnerability in Saleswonder Team: Tobias WP2LEADS wp2leads.This issue affects WP2LEADS: from n/a through <= 3.2.7.
- CVE-2024-31421MEDIUMCVSS 4.3EG 4.32024-04-15
Missing Authorization vulnerability in supsystic Popup by Supsystic popup-by-supsystic.This issue affects Popup by Supsystic: from n/a through <= 1.10.27.
- CVE-2024-31423MEDIUMCVSS 4.3EG 4.32024-06-09
Missing Authorization vulnerability in Alex Volkov WP Accessibility Helper (WAH).This issue affects WP Accessibility Helper (WAH): from n/a through 0.6.2.5.
- CVE-2024-31432MEDIUMCVSS 5.3EG 5.32024-04-15
Missing Authorization vulnerability in StellarWP Restrict Content.This issue affects Restrict Content: from n/a through 3.2.8.
- CVE-2024-31813HIGHCVSS 8.4EG 8.42024-04-08
TOTOLINK EX200 V4.0.3c.7646_B20201211 does not contain an authentication mechanism by default.
- CVE-2024-31981CRITICALCVSS 9.9EG 9.92024-04-10
XWiki Platform is a generic wiki platform. Starting in version 3.0.1 and prior to versions 4.10.20, 15.5.4, and 15.10-rc-1, remote code execution is possible via PDF export templates. This vulnerability has been patched in XWiki 14.10.20, …
- CVE-2024-31983CRITICALCVSS 9.9EG 9.92024-04-10
XWiki Platform is a generic wiki platform. In multilingual wikis, translations can be edited by any user who has edit right, circumventing the rights that are normally required for authoring translations (script right for user-scope transl…
- CVE-2024-31987CRITICALCVSS 9.9EG 9.92024-04-10
XWiki Platform is a generic wiki platform. Starting in version 6.4-milestone-1 and prior to versions 4.10.19, 15.5.4, and 15.10-rc-1, any user who can edit any page like their profile can create a custom skin with a template override that …
- CVE-2024-31997CRITICALCVSS 9.9EG 9.92024-04-10
XWiki Platform is a generic wiki platform. Prior to versions 4.10.19, 15.5.4, and 15.10-rc-1, parameters of UI extensions are always interpreted as Velocity code and executed with programming rights. Any user with edit right on any documen…
- CVE-2024-3206MEDIUMCVSS 4.3EG 4.32024-05-02
The Different Menu in Different Pages – Control Menu Visibility (All in One) plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the ajax() function in all versions up to, and including, 2.3.2. …
- CVE-2024-32081MEDIUMCVSS 4.3EG 4.32024-06-09
Missing Authorization vulnerability in Websupporter Filter Custom Fields & Taxonomies Light.This issue affects Filter Custom Fields & Taxonomies Light: from n/a through 1.05.
- CVE-2024-3213MEDIUMCVSS 5.3EG 5.32024-04-09
The Relevanssi – A Better Search plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the relevanssi_update_counts() function in all versions up to, and including, 4.22.1. This make…
- CVE-2024-32142MEDIUMCVSS 5.4EG 5.42024-04-18
Missing Authorization vulnerability in Ovic Team Ovic Responsive WPBakery.This issue affects Ovic Responsive WPBakery: from n/a through 1.3.0.
- CVE-2024-32143MEDIUMCVSS 4.3EG 4.32024-06-11
Missing Authorization vulnerability in Podlove Podlove Podcast Publisher.This issue affects Podlove Podcast Publisher: from n/a through 4.1.0.
- CVE-2024-32144MEDIUMCVSS 5.4EG 5.42024-06-11
Missing Authorization vulnerability in Welcart Inc. Welcart e-Commerce.This issue affects Welcart e-Commerce: from n/a through 2.9.14.
- CVE-2024-32146MEDIUMCVSS 4.3EG 4.32024-06-11
Missing Authorization vulnerability in Aspose.Cloud Marketplace Aspose.Words Exporter.This issue affects Aspose.Words Exporter: from n/a through 6.3.1.
- CVE-2024-32148MEDIUMCVSS 4.3EG 4.32024-06-11
Missing Authorization vulnerability in Salesforce Pardot.This issue affects Pardot: from n/a through 2.1.0.
- CVE-2024-3216MEDIUMCVSS 5.3EG 5.32024-04-06
The WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wt_pklist_reset_settings() function in all ver…
- CVE-2024-3233MEDIUMCVSS 4.3EG 4.32024-05-02
The Ivory Search – WordPress Search Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_create_index() function in all versions up to, and including, 5.5.5. This ma…
- CVE-2024-3235MEDIUMCVSS 5.3EG 5.32024-04-10
The Essential Grid Gallery WordPress Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.1.1 via the on_front_ajax_action() function. This makes it possible for unauthenticate…
- CVE-2024-3237MEDIUMCVSS 5.4EG 5.42024-05-04
The ConvertPlug plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the cp_dismiss_notice() function in all versions up to, and including, 3.5.25. This makes it possible for authenti…
- CVE-2024-3243MEDIUMCVSS 4.3EG 4.32024-04-16
The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to unauthorized email sending due to a missing capability check on the send_test_email() function in all versions up to, and including, 5.46.0. This makes it possible …
- CVE-2024-32432MEDIUMCVSS 4.3EG 4.32024-04-24
Missing Authorization vulnerability in Ovic Team Ovic Addon Toolkit.This issue affects Ovic Addon Toolkit: from n/a through 2.6.1.
- CVE-2024-32455MEDIUMCVSS 4.3EG 4.32024-04-16
Missing Authorization vulnerability in Very Good Plugins Fatal Error Notify.This issue affects Fatal Error Notify: from n/a through 1.5.2.
- CVE-2024-32466LOWCVSS 2.7EG 2.72024-04-18
Tolgee is an open-source localization platform. For the `/v2/projects/translations` and `/v2/projects/{projectId}/translations` endpoints, translation data was returned even when API key was missing `translation.view` scope. However, it wa…
- CVE-2024-3249MEDIUMCVSS 4.3EG 4.32024-06-25
The Zita Elementor Site Library plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the import_xml_data, xml_data_import, import_option_data, import_widgets, and import_customizer_se…
- CVE-2024-32509MEDIUMCVSS 6.5EG 6.52024-04-17
Missing Authorization vulnerability in Loopus WP Cost Estimation & Payment Forms Builder.This issue affects WP Cost Estimation & Payment Forms Builder: from n/a through 10.1.76.
- CVE-2024-32515MEDIUMCVSS 5.4EG 5.42024-04-17
Missing Authorization vulnerability in Qamar Sheeraz, Nasir Ahmad Mega Addons For Elementor.This issue affects Mega Addons For Elementor: from n/a through 1.8.
- CVE-2024-32516MEDIUMCVSS 4.3EG 4.32024-04-17
Missing Authorization vulnerability in Palscode Multi Currency For WooCommerce.This issue affects Multi Currency For WooCommerce: from n/a through 1.5.5.
- CVE-2024-32517MEDIUMCVSS 4.3EG 4.32024-04-17
Missing Authorization vulnerability in WooCommerce & WordPress Tutorials Custom Thank You Page Customize For WooCommerce by Binary Carpenter.This issue affects Custom Thank You Page Customize For WooCommerce by Binary Carpenter: from n/a t…
- CVE-2024-32518MEDIUMCVSS 5.3EG 5.32024-04-17
Missing Authorization vulnerability in Pepro Dev. Group PeproDev Ultimate Invoice.This issue affects PeproDev Ultimate Invoice: from n/a through 2.0.0.
- CVE-2024-32519MEDIUMCVSS 4.3EG 4.32024-04-17
Missing Authorization vulnerability in GutenGeek GG Woo Feed for WooCommerce.This issue affects GG Woo Feed for WooCommerce: from n/a through 1.2.6.
- CVE-2024-32520MEDIUMCVSS 4.3EG 4.32024-04-17
Missing Authorization vulnerability in WPClever WPC Grouped Product for WooCommerce.This issue affects WPC Grouped Product for WooCommerce: from n/a through 4.4.2.
- CVE-2024-32522MEDIUMCVSS 4.3EG 4.32024-04-17
Missing Authorization vulnerability in Jaed Mosharraf & Pluginbazar Team Open Close WooCommerce Store.This issue affects Open Close WooCommerce Store: from n/a through 4.9.1.
- CVE-2024-32524MEDIUMCVSS 4.3EG 4.32024-04-17
Missing Authorization vulnerability in Nuggethon Custom Order Statuses for WooCommerce.This issue affects Custom Order Statuses for WooCommerce: from n/a through 1.5.2.
- CVE-2024-32525MEDIUMCVSS 4.3EG 4.32024-04-17
Missing Authorization vulnerability in Theme My Login.This issue affects Theme My Login: from n/a through 7.1.6.
- CVE-2024-32532MEDIUMCVSS 5.3EG 5.32024-04-17
Missing Authorization vulnerability in SiteGround Speed Optimizer.This issue affects Speed Optimizer: from n/a through 7.4.6.
Map vulnerabilities like CWE-862 to your infrastructure
EchelonGraph correlates every CVE — across CWE-862 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →