CWE-862— Missing Authorization
7,977 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-862page 80 of 160
- CVE-2024-38748MEDIUMCVSS 5.3EG 5.32024-11-01
Access Control vulnerability in TheInnovs EleForms allows . This issue affects EleForms: from n/a through 2.9.9.9.
- CVE-2024-38769MEDIUMCVSS 5.3EG 5.32024-11-01
Missing Authorization vulnerability in Tyche Softwares Arconix Shortcodes allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Arconix Shortcodes: from n/a through 2.1.11.
- CVE-2024-38771MEDIUMCVSS 6.5EG 6.52024-11-01
Missing Authorization vulnerability in Vito Peleg Atarim atarim-visual-collaboration.This issue affects Atarim: from n/a through <= 4.0.
- CVE-2024-38774MEDIUMCVSS 5.4EG 5.42024-11-01
Missing Authorization vulnerability in SiteGround SiteGround Security allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SiteGround Security: from n/a through 1.5.0.
- CVE-2024-38777MEDIUMCVSS 6.5EG 6.52024-11-01
Missing Authorization vulnerability in CreativeMotion Titan Anti-spam & Security allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Titan Anti-spam & Security: from n/a through 7.3.6.
- CVE-2024-38783MEDIUMCVSS 5.3EG 5.32024-11-01
Missing Authorization vulnerability in Tyche Softwares Arconix FAQ allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Arconix FAQ: from n/a through 1.9.4.
- CVE-2024-38792MEDIUMCVSS 5.3EG 5.32024-11-01
Missing Authorization vulnerability in ConveyThis Translate Team Language Translate Widget for WordPress – ConveyThis allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Language Translate Widget for WordPr…
- CVE-2024-38794MEDIUMCVSS 5.3EG 5.32024-11-01
Missing Authorization vulnerability in MediaRon LLC Custom Query Blocks allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Custom Query Blocks: from n/a through 5.2.0.
- CVE-2024-38810MEDIUMCVSS 6.5EG 6.52024-08-20
Missing Authorization When Using @AuthorizeReturnObject in Spring Security 6.3.0 and 6.3.1 allows attacker to render security annotations inaffective.
- CVE-2024-3893MEDIUMCVSS 4.3EG 5.32024-04-25
The Classified Listing – Classified ads & Business Directory Plugin plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the rtcl_fb_gallery_image_delete AJAX action in all versions up to, …
- CVE-2024-3895HIGHCVSS 8.8EG 8.82024-05-02
The WP Datepicker plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wpdp_add_new_datepicker_ajax() function in all versions up to, and including, 2.1.0. This makes it possible …
- CVE-2024-3897MEDIUMCVSS 5.3EG 5.32024-05-02
The Popup Box – Best WordPress Popup Plugin plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the ays_pb_create_author AJAX action in all versions up to, and including, 4.3.6. This mak…
- CVE-2024-3915MEDIUMCVSS 5.3EG 5.32024-05-14
The Swift Framework plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the sf_edit_directory_item() function in all versions up to, and including, 2.7.31. This makes it possible for…
- CVE-2024-3932LOWCVSS 3.1EG 4.32024-04-18
A vulnerability classified as problematic has been found in Totara LMS up to 18.7. This affects an unknown part of the component User Selector. The manipulation leads to cross-site request forgery. It is possible to initiate the attack rem…
- CVE-2024-3936MEDIUMCVSS 4.3EG 4.32024-05-02
The The Post Grid – Shortcode, Gutenberg Blocks and Elementor Addon for Post Grid plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the rtTPGSaveSettings function in all versions…
- CVE-2024-3942MEDIUMCVSS 6.3EG 6.32024-05-02
The MasterStudy LMS WordPress Plugin – for Online Courses and Education plugin for WordPress is vulnerable to unauthorized access, modification, and loss of data due to a missing capability check on several functions in versions up to, a…
- CVE-2024-39546HIGHCVSS 7.3EG 7.32024-07-11
A Missing Authorization vulnerability in the Socket Intercept (SI) command file interface of Juniper Networks Junos OS Evolved allows an authenticated, low-privilege local attacker to modify certain files, allowing the attacker to cause an…
- CVE-2024-39591MEDIUMCVSS 4.3EG 4.32024-08-13
SAP Document Builder does not perform necessary authorization checks for one of the function modules resulting in escalation of privileges causing low impact on confidentiality of the application.
- CVE-2024-39592HIGHCVSS 7.7EG 7.72024-07-09
Elements of PDCE does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. This allows an attacker to read sensitive information causing high impact on the confidentiality of the a…
- CVE-2024-39596MEDIUMCVSS 4.3EG 4.32024-07-09
Due to missing authorization checks, SAP Enable Now allows an author to escalate privileges to access information which should otherwise be restricted. On successful exploitation, the attacker can cause limited impact on confidentiality of…
- CVE-2024-3961MEDIUMCVSS 5.3EG 5.32024-06-21
The ConvertKit – Email Newsletter, Email Marketing, Subscribers and Landing Pages plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the tag_subscriber function in all versions up…
- CVE-2024-39625MEDIUMCVSS 5.3EG 5.32024-11-01
Missing Authorization vulnerability in icegram Icegram allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Icegram: from n/a through 3.1.24.
- CVE-2024-39635MEDIUMCVSS 5.4EG 5.42024-11-01
Missing Authorization vulnerability in KaineLabs Youzify allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Youzify: from n/a through 1.2.6.
- CVE-2024-39640MEDIUMCVSS 6.5EG 6.52024-11-01
Missing Authorization vulnerability in QuadLayers WP Social Feed Gallery allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Social Feed Gallery: from n/a through 4.3.9.
- CVE-2024-39650HIGHCVSS 7.3EG 7.32024-11-01
Missing Authorization vulnerability in WPWeb Elite WooCommerce PDF Vouchers allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WooCommerce PDF Vouchers: from n/a through 4.9.4.
- CVE-2024-39654MEDIUMCVSS 5.3EG 5.32024-11-01
Missing Authorization vulnerability in Fetch Designs Sign-up Sheets sign-up-sheets.This issue affects Sign-up Sheets: from n/a through <= 2.2.12.
- CVE-2024-39664HIGHCVSS 7.3EG 7.32024-11-01
Missing Authorization vulnerability in YMC Filter & Grids allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Filter & Grids: from n/a through 2.8.33.
- CVE-2024-3976MEDIUMCVSS 6.5EG 6.52025-02-05
An issue has been discovered in GitLab CE/EE affecting all versions starting from 14.0 prior to 16.9.7, starting from 16.10 prior to 16.10.5, and starting from 16.11 prior to 16.11.2. It was possible to disclose via the UI the confidential…
- CVE-2024-39823MEDIUMCVSS 4.9EG 4.92024-08-14
Missing authorization in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow a privileged user to conduct an information disclosure via network access.
- CVE-2024-39824MEDIUMCVSS 4.9EG 4.92024-08-14
Missing authorization in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow a privileged user to conduct an information disclosure via network access.
- CVE-2024-4010HIGHCVSS 8.8EG 8.82024-05-15
The Email Subscribers by Icegram Express plugin for WordPress is vulnerable to unauthorized access of data, modification of data, and loss of data due to a missing capability check on the handle_ajax_request function in all versions up to,…
- CVE-2024-40650HIGHCVSS 7.8EG 7.82024-09-11
In wifi_item_edit_content of styles.xml , there is a possible FRP bypass due to Missing check for FRP state. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed fo…
- CVE-2024-40652HIGHCVSS 7.8EG 7.32024-09-11
In onCreate of SettingsHomepageActivity.java, there is a possible way to access the Settings app while the device is provisioning due to a missing permission check. This could lead to local escalation of privilege with no additional execut…
- CVE-2024-40661HIGHCVSS 7.8EG 7.82024-11-13
In mayAdminGrantPermission of AdminRestrictedPermissionsUtils.java, there is a possible way to access the microphone due to a missing permission check. This could lead to local escalation of privilege with no additional execution privilege…
- CVE-2024-40671HIGHCVSS 7.8EG 7.82024-11-13
In DevmemIntChangeSparse2 of devicemem_server.c, there is a possible way to achieve arbitrary code execution due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed…
- CVE-2024-40677HIGHCVSS 8.4EG 8.42025-01-28
In shouldSkipForInitialSUW of AdvancedPowerUsageDetail.java, there is a possible way to bypass factory reset protections due to a missing permission check. This could lead to local escalation of privilege with no additional execution privi…
- CVE-2024-40709HIGHCVSS 7.8EG 7.82024-09-07
A missing authorization vulnerability allows a local low-privileged user on the machine to escalate their privileges to root level.
- CVE-2024-40834MEDIUMCVSS 4.4EG 4.42024-07-29
This issue was addressed by adding an additional prompt for user consent. This issue is fixed in macOS Monterey 12.7.6, macOS Sonoma 14.6, macOS Ventura 13.6.8. A shortcut may be able to bypass sensitive Shortcuts app settings.
- CVE-2024-40839LOWCVSS 2.4EG 2.42025-01-15
This issue was addressed through improved state management. This issue is fixed in iOS 17.5 and iPadOS 17.5. An attacker with physical access to an iOS device may be able to view notification contents from the Lock Screen.
- CVE-2024-40852MEDIUMCVSS 5.3EG 7.52024-09-17
This issue was addressed by restricting options offered on a locked device. This issue is fixed in iOS 18 and iPadOS 18. An attacker may be able to see recent photos without authentication in Assistive Access.
- CVE-2024-4088MEDIUMCVSS 4.3EG 4.32024-06-05
The Gutenberg Blocks and Page Layouts – Attire Blocks plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the disable_fe_assets function in all versions up to, and including, 1.9.2…
- CVE-2024-4102MEDIUMCVSS 5.4EG 5.42024-07-09
The Pricing Table plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the ajax() function in all versions up to, and including, 2.0.1. This makes it possible for authenticated attackers, w…
- CVE-2024-41108HIGHCVSS 7.5EG 7.52024-07-31
FOG is a free open-source cloning/imaging/rescue suite/inventory management system. The hostinfo page has missing/improper access control since only the host's mac address is required to obtain the configuration information. This data can …
- CVE-2024-4138MEDIUMCVSS 4.3EG 4.32024-05-14
Manage Bank Statement ReProcessing Rules does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. By exploiting this vulnerability, an attacker can enable/disable the sharing rule of…
- CVE-2024-4139MEDIUMCVSS 4.3EG 4.32024-05-14
Manage Bank Statement ReProcessing Rules does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. By exploiting this vulnerability, an attacker can delete rules of other users affect…
- CVE-2024-41624MEDIUMCVSS 6.3EG 6.32024-07-29
Incorrect access control in Himalaya Xiaoya nano smart speaker rom_version 1.6.96 allows a remote attacker to have an unspecified impact.
- CVE-2024-4163HIGHCVSS 8.0EG 8.02024-04-26
The Skylab IGX IIoT Gateway allowed users to connect to it via a limited shell terminal (IGX). However, it was discovered that the process was running under root privileges. This allowed the attacker to read, write, and modify any file in …
- CVE-2024-41728LOWCVSS 2.7EG 2.72024-09-10
Due to missing authorization check, SAP NetWeaver Application Server for ABAP and ABAP Platform allows an attacker logged in as a developer to read objects contained in a package. This causes an impact on confidentiality, as this attacker …
- CVE-2024-41729MEDIUMCVSS 4.3EG 4.32024-09-10
Due to missing authorization checks, SAP BEx Analyzer allows an authenticated attacker to access information over the network which is otherwise restricted. On successful exploitation the attacker can enumerate information causing a limite…
- CVE-2024-41730CRITICALCVSS 9.8EG 9.82024-08-13
In SAP BusinessObjects Business Intelligence Platform, if Single Signed On is enabled on Enterprise authentication, an unauthorized user can get a logon token using a REST endpoint. The attacker can fully compromise the system resulting in…
Map vulnerabilities like CWE-862 to your infrastructure
EchelonGraph correlates every CVE — across CWE-862 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →