CWE-862— Missing Authorization
7,977 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-862page 79 of 160
- CVE-2024-37456MEDIUMCVSS 5.3EG 5.32024-11-01
Missing Authorization vulnerability in Noptin Newsletter Noptin allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Noptin: from n/a through 3.4.2.
- CVE-2024-37463MEDIUMCVSS 5.3EG 5.32024-11-01
Missing Authorization vulnerability in CRM Perks CRM Perks Forms allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects CRM Perks Forms: from n/a through 1.1.5.
- CVE-2024-37468MEDIUMCVSS 5.3EG 5.32024-11-01
Missing Authorization vulnerability in blazethemes Newsmatic allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Newsmatic: from n/a through 1.3.1.
- CVE-2024-37470HIGHCVSS 8.2EG 8.22024-11-01
Missing Authorization vulnerability in WofficeIO Woffice Core allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Woffice Core: from n/a through 5.4.8.
- CVE-2024-37475MEDIUMCVSS 5.3EG 5.32024-11-01
Missing Authorization vulnerability in Automattic Newspack Newsletters allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Newspack Newsletters: from n/a through 2.13.2.
- CVE-2024-37477MEDIUMCVSS 6.5EG 6.52024-11-01
Missing Authorization vulnerability in Automattic Newspack Content Converter allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Newspack Content Converter: from n/a through 0.1.5.
- CVE-2024-37481MEDIUMCVSS 6.5EG 6.52024-11-01
Missing Authorization vulnerability in RadiusTheme The Post Grid the-post-grid.This issue affects The Post Grid: from n/a through <= 7.7.4.
- CVE-2024-37482MEDIUMCVSS 4.3EG 4.32024-11-01
Missing Authorization vulnerability in RadiusTheme The Post Grid the-post-grid.This issue affects The Post Grid: from n/a through <= 7.7.4.
- CVE-2024-37483MEDIUMCVSS 5.4EG 5.42024-11-01
Missing Authorization vulnerability in RadiusTheme The Post Grid the-post-grid.This issue affects The Post Grid: from n/a through <= 7.7.4.
- CVE-2024-3750HIGHCVSS 8.8EG 8.82024-05-16
The Visualizer: Tables and Charts Manager for WordPress plugin for WordPress is vulnerable to unauthorized modification and retrieval of data due to a missing capability check on the getQueryData() function in all versions up to, and inclu…
- CVE-2024-37505MEDIUMCVSS 4.3EG 4.32024-11-01
Missing Authorization vulnerability in Rara Themes Business One Page allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Business One Page: from n/a through 1.2.9.
- CVE-2024-37506MEDIUMCVSS 5.3EG 5.32024-11-01
Missing Authorization vulnerability in Charitable Donations & Fundraising Team Charitable allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Charitable: from n/a through 1.8.1.7.
- CVE-2024-37510MEDIUMCVSS 6.5EG 6.52024-11-01
Missing Authorization vulnerability in Charitable Donations & Fundraising Team Charitable allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Charitable: from n/a through 1.8.1.7.
- CVE-2024-37516MEDIUMCVSS 6.3EG 6.32024-11-01
Missing Authorization vulnerability in fifu.App Featured Image from URL allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Featured Image from URL: from n/a through 4.8.2.
- CVE-2024-37517MEDIUMCVSS 4.3EG 4.32024-11-01
Missing Authorization vulnerability in Brainstorm Force Spectra allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Spectra: from n/a through 2.13.7.
- CVE-2024-37542MEDIUMCVSS 5.4EG 5.42024-07-06
Missing Authorization vulnerability in WpDevArt Responsive Image Gallery, Gallery Album.This issue affects Responsive Image Gallery, Gallery Album: from n/a through 2.0.3.
- CVE-2024-37544MEDIUMCVSS 4.3EG 4.32024-07-12
Missing Authorization vulnerability in Saleswonder Team: Tobias Get Better Reviews for WooCommerce more-better-reviews-for-woocommerce.This issue affects Get Better Reviews for WooCommerce: from n/a through <= 4.0.6.
- CVE-2024-3761HIGHCVSS 7.5EG 9.12024-05-20
In lunary-ai/lunary version 1.2.2, the DELETE endpoint located at `packages/backend/src/api/v1/datasets` is vulnerable to unauthorized dataset deletion due to missing authorization and authentication mechanisms. This vulnerability allows a…
- CVE-2024-37898MEDIUMCVSS 4.3EG 4.32024-07-31
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. When a user has view but not edit right on a page in XWiki, that user can delete the page and replace it by a page with new content wi…
- CVE-2024-37901CRITICALCVSS 9.9EG 9.92024-07-31
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user with edit right on any page can perform arbitrary remote code execution by adding instances of `XWiki.SearchSuggestConfig` an…
- CVE-2024-37903HIGHCVSS 8.2EG 8.22024-07-05
Mastodon is a self-hosted, federated microblogging platform. Starting in version 2.6.0 and prior to versions 4.1.18 and 4.2.10, by crafting specific activities, an attacker can extend the audience of a post they do not own to other Mastodo…
- CVE-2024-37921MEDIUMCVSS 5.3EG 5.32024-11-01
Missing Authorization vulnerability in Kiboko Labs Chained Quiz allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Chained Quiz: from n/a through 1.3.2.8.
- CVE-2024-37926MEDIUMCVSS 5.3EG 5.32024-11-01
Missing Authorization vulnerability in Alex Volkov WP Accessibility Helper (WAH) allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WP Accessibility Helper (WAH): from n/a through 0.6.2.9.
- CVE-2024-37929MEDIUMCVSS 6.3EG 6.32024-11-01
Missing Authorization vulnerability in solwin User Activity Log Pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects User Activity Log Pro: from n/a through 2.3.4.
- CVE-2024-37930MEDIUMCVSS 5.3EG 5.32024-08-12
Insertion of Sensitive Information into Log File vulnerability in ThemeSphere SmartMag smartmag-responsive-retina-wordpress-magazine.This issue affects SmartMag: from n/a through < 10.1.0.
- CVE-2024-37935HIGHCVSS 7.5EG 7.52024-08-13
Missing Authorization vulnerability in anhvnit Woocommerce OpenPos allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Woocommerce OpenPos: from n/a through 6.4.4.
- CVE-2024-38002CRITICALCVSS 9.0EG 9.02024-10-22
The workflow component in Liferay Portal 7.3.2 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, 7.4 GA through update 92 and 7.3 GA through update 36 does not properly check user permissions befo…
- CVE-2024-38179HIGHCVSS 8.8EG 8.82024-10-08
Azure Stack Hyperconverged Infrastructure (HCI) Elevation of Privilege Vulnerability
- CVE-2024-38190HIGHCVSS 8.6EG 8.62024-10-15
Missing authorization in Power Platform allows an unauthenticated attacker to view sensitive information through a network attack vector.
- CVE-2024-3821HIGHCVSS 7.3EG 7.32024-06-01
The wpDataTables – WordPress Data Table, Dynamic Tables & Table Charts Plugin plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several functions in the wdt_ajax_actions.php file in all versio…
- CVE-2024-38353MEDIUMCVSS 5.3EG 5.32024-07-10
CodiMD allows realtime collaborative markdown notes on all platforms. CodiMD before 2.5.4 is missing authentication and access control vulnerability allowing an unauthenticated attacker to gain unauthorised access to image data uploaded to…
- CVE-2024-38504MEDIUMCVSS 4.3EG 4.32024-06-18
In JetBrains YouTrack before 2024.2.34646 the Guest User Account was enabled for attaching files to articles
- CVE-2024-38506MEDIUMCVSS 6.3EG 6.32024-06-18
In JetBrains YouTrack before 2024.2.34646 user without appropriate permissions could enable the auto-attach option for workflows
- CVE-2024-3869MEDIUMCVSS 4.3EG 4.32024-04-16
The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'woocommerce_json_search_coupons' function . This makes it possible for attackers with subscrib…
- CVE-2024-38690MEDIUMCVSS 5.3EG 5.32024-11-01
Missing Authorization vulnerability in Avirtum iPanorama 360 WordPress Virtual Tour Builder allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects iPanorama 360 WordPress Virtual Tour Builder: from n/a through 1…
- CVE-2024-38695MEDIUMCVSS 4.3EG 4.32024-11-01
Missing Authorization vulnerability in Martin Gibson WP GoToWebinar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP GoToWebinar: from n/a through 15.6.
- CVE-2024-38699HIGHCVSS 7.5EG 7.52024-08-13
Missing Authorization vulnerability in WP Swings Wallet System for WooCommerce allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Wallet System for WooCommerce: from n/a through 2.5.13.
- CVE-2024-38702MEDIUMCVSS 5.3EG 5.32024-11-01
Missing Authorization vulnerability in Tyche Softwares Product Delivery Date for WooCommerce – Lite allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Product Delivery Date for WooCommerce – Lite: from n…
- CVE-2024-38707MEDIUMCVSS 6.3EG 6.32024-11-01
Missing Authorization vulnerability in WPDeveloper EmbedPress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects EmbedPress: from n/a through 4.0.4.
- CVE-2024-38714MEDIUMCVSS 4.3EG 4.32024-11-01
Missing Authorization vulnerability in Epsiloncool WP Fast Total Search fulltext-search.This issue affects WP Fast Total Search: from n/a through <= 1.68.232.
- CVE-2024-38719MEDIUMCVSS 4.3EG 4.32024-11-01
Missing Authorization vulnerability in Creative Motion Auto Featured Image (Auto Post Thumbnail) allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Auto Featured Image (Auto Post Thumbnail): from n/a…
- CVE-2024-38721HIGHCVSS 7.1EG 7.12024-11-01
Missing Authorization vulnerability in spider-themes EazyDocs allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects EazyDocs: from n/a through 2.5.0.
- CVE-2024-38726HIGHCVSS 7.5EG 7.52024-11-01
Missing Authorization vulnerability in PickPlugins Product Designer allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Product Designer: from n/a through 1.0.33.
- CVE-2024-38727MEDIUMCVSS 4.3EG 4.32024-11-01
Missing Authorization vulnerability in Seraphinite Solutions Seraphinite Post .DOCX Source allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Seraphinite Post .DOCX Source: from n/a through 2.16.9.
- CVE-2024-38733MEDIUMCVSS 5.4EG 5.42024-11-01
Missing Authorization vulnerability in Meks Meks Video Importer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Meks Video Importer: from n/a through 1.0.12.
- CVE-2024-38737MEDIUMCVSS 5.4EG 5.42024-11-01
Missing Authorization vulnerability in Reservation Diary ReDi Restaurant Reservation allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects ReDi Restaurant Reservation: from n/a through 24.0422.
- CVE-2024-38740MEDIUMCVSS 5.4EG 5.42024-11-01
Missing Authorization vulnerability in Packlink Shipping S.L. Packlink PRO shipping module allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Packlink PRO shipping module: from n/a through 3.4.6.
- CVE-2024-38743MEDIUMCVSS 5.3EG 5.32024-11-01
Access Control vulnerability in Upqode Plum: Spin Wheel & Email Pop-up allows . This issue affects Plum: Spin Wheel & Email Pop-up: from n/a through 2.0.
- CVE-2024-38744HIGHCVSS 8.3EG 8.32024-11-01
Missing Authorization vulnerability in Upqode Plum: Spin Wheel & Email Pop-up allows Accessing Functionality Not Properly Constrained by ACLs, Stored XSS.This issue affects Plum: Spin Wheel & Email Pop-up: from n/a through 2.0.
- CVE-2024-38745MEDIUMCVSS 5.3EG 5.32024-11-01
Missing Authorization vulnerability in Rymera Web Co Wholesale Suite allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Wholesale Suite: from n/a through 2.1.12.
Map vulnerabilities like CWE-862 to your infrastructure
EchelonGraph correlates every CVE — across CWE-862 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →