CWE-862— Missing Authorization
The product does not perform an authorization check when an actor attempts to access a resource or perform an action.— MITRE CWE catalog
8,570 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-862page 106 of 172
- CVE-2025-26765MEDIUMCVSS 5.4EG 5.42025-02-16
Missing Authorization vulnerability in enituretechnology Distance Based Shipping Calculator distance-based-shipping-calculator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Distance Based Shippi…
- CVE-2025-26773MEDIUMCVSS 4.3EG 4.32025-02-17
Missing Authorization vulnerability in Adnan Analytify wp-analytify allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Analytify: from n/a through <= 5.5.0.
- CVE-2025-26846CRITICALCVSS 9.8EG 9.82025-05-12
An issue was discovered in Znuny before 7.1.4. Permissions are not checked properly when using the Generic Interface to update ticket metadata.
- CVE-2025-26853CRITICALCVSS 10.0EG 4.32025-03-20
DESCOR INFOCAD 3.5.1 and before and fixed in v.3.5.2.0 has a broken authorization schema.
- CVE-2025-26867MEDIUMCVSS 5.3EG 5.32025-05-19
Missing Authorization vulnerability in Themes4WP Bulk allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Bulk: from n/a through 1.0.11.
- CVE-2025-26871MEDIUMCVSS 4.3EG 4.32025-02-25
Missing Authorization vulnerability in WPDeveloper Essential Blocks for Gutenberg essential-blocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Essential Blocks for Gutenberg: from n/a through …
- CVE-2025-26883MEDIUMCVSS 6.5EG 6.52025-02-24
Missing Authorization vulnerability in bPlugins Animated Text Block animated-text-block allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Animated Text Block: from n/a through <= 1.0.7.
- CVE-2025-26888MEDIUMCVSS 5.3EG 5.32025-04-09
Missing Authorization vulnerability in Amir Helzer WooCommerce Multilingual & Multicurrency woocommerce-multilingual allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WooCommerce Multilingual & Mult…
- CVE-2025-26901MEDIUMCVSS 4.3EG 4.32025-04-09
Missing Authorization vulnerability in Brizy Brizy Pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Brizy Pro: from n/a through 2.6.1.
- CVE-2025-26920MEDIUMCVSS 5.4EG 5.42025-05-19
Missing Authorization vulnerability in pressmaximum Customify customify-theme allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Customify: from n/a through <= 0.4.8.
- CVE-2025-26928MEDIUMCVSS 4.3EG 4.32025-02-25
Missing Authorization vulnerability in Xfinitysoft Order Limit for WooCommerce wc-order-limit-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Order Limit for WooCommerce: from n/a through <= …
- CVE-2025-26942HIGHCVSS 7.5EG 7.52025-04-15
Missing Authorization vulnerability in Crocoblock JetTricks jet-tricks allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects JetTricks: from n/a through <= 1.5.1.
- CVE-2025-26944HIGHCVSS 7.5EG 7.52025-04-15
Missing Authorization vulnerability in Crocoblock JetPopup jet-popup allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects JetPopup: from n/a through <= 2.0.11.
- CVE-2025-26948MEDIUMCVSS 4.3EG 4.32025-02-25
Missing Authorization vulnerability in NotFound Pie Register Premium. This issue affects Pie Register Premium: from n/a through 3.8.3.2.
- CVE-2025-26953HIGHCVSS 7.5EG 7.52025-04-15
Missing Authorization vulnerability in Crocoblock JetMenu jet-menu allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects JetMenu: from n/a through <= 2.4.9.
- CVE-2025-26955MEDIUMCVSS 4.3EG 4.32025-04-15
Missing Authorization vulnerability in vowelweb Industrial Lite industrial-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Industrial Lite: from n/a through <= 1.0.8.
- CVE-2025-26956HIGHCVSS 7.6EG 7.62025-03-27
Missing Authorization vulnerability in shinetheme Traveler traveler.This issue affects Traveler: from n/a through < 3.2.1.
- CVE-2025-26958HIGHCVSS 7.5EG 7.52025-04-15
Missing Authorization vulnerability in Crocoblock JetBlog jet-blog allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects JetBlog: from n/a through <= 2.4.3.
- CVE-2025-26959HIGHCVSS 8.8EG 8.82025-04-15
Missing Authorization vulnerability in Quý Lê 91 Administrator Z administrator-z allows Privilege Escalation.This issue affects Administrator Z: from n/a through <= 2025.03.24.
- CVE-2025-26960MEDIUMCVSS 6.5EG 6.52025-02-25
Missing Authorization vulnerability in enituretechnology Small Package Quotes – Unishippers Edition small-package-quotes-unishippers-edition allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Small…
- CVE-2025-26961HIGHCVSS 8.6EG 8.62025-03-15
Missing Authorization vulnerability in FRESHFACE Fresh Framework fresh-framework allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Fresh Framework: from n/a through <= 1.70.0.
- CVE-2025-26968HIGHCVSS 7.5EG 7.52025-04-17
Missing Authorization vulnerability in webbernaut Cloak Front End Email allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Cloak Front End Email: from n/a through 1.9.5.
- CVE-2025-26969HIGHCVSS 8.3EG 8.32025-03-15
Missing Authorization vulnerability in Aldo Latino PrivateContent. This issue affects PrivateContent: from n/a through 8.11.5.
- CVE-2025-26975MEDIUMCVSS 5.3EG 5.32025-02-25
Missing Authorization vulnerability in WP Chill Strong Testimonials strong-testimonials allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Strong Testimonials: from n/a through <= 3.2.3.
- CVE-2025-26983MEDIUMCVSS 4.3EG 4.32025-02-25
Missing Authorization vulnerability in WPZOOM Recipe Card Blocks for Gutenberg & Elementor recipe-card-blocks-by-wpzoom allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Recipe Card Blocks for Guten…
- CVE-2025-26995MEDIUMCVSS 5.4EG 5.42025-02-25
Missing Authorization vulnerability in Anton Vanyukov Market Exporter market-exporter allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Market Exporter: from n/a through <= 2.0.21.
- CVE-2025-27000MEDIUMCVSS 5.4EG 5.42025-02-25
Missing Authorization vulnerability in George Pattichis Simple Photo Feed simple-photo-feed allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simple Photo Feed: from n/a through <= 1.4.0.
- CVE-2025-27008HIGHCVSS 7.5EG 7.52025-04-15
Missing Authorization vulnerability in NotFound Unlimited Timeline unlimited-timeline allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Unlimited Timeline: from n/a through < 1.6.1.
- CVE-2025-27013MEDIUMCVSS 5.3EG 5.32025-02-18
Missing Authorization vulnerability in QuanticaLabs MediCenter - Health Medical Clinic medicenter allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MediCenter - Health Medical Clinic: from n/a throu…
- CVE-2025-27103MEDIUMCVSS 6.5EG 6.52025-03-13
DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.6, a bypass for the patch for CVE-2024-55953 allows authenticated users to read and deserialize arbitrary files through the background JDBC…
- CVE-2025-2719MEDIUMCVSS 6.5EG 6.52025-04-10
The Swatchly – WooCommerce Variation Swatches for Products (product attributes: Image swatch, Color swatches, Label swatches) plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on th…
- CVE-2025-27270CRITICALCVSS 9.8EG 9.82025-03-03
Missing Authorization vulnerability in enituretechnology Residential Address Detection residential-address-detection allows Privilege Escalation.This issue affects Residential Address Detection: from n/a through <= 2.5.4.
- CVE-2025-27294MEDIUMCVSS 4.8EG 4.82025-02-24
Missing Authorization vulnerability in platcom WP-Asambleas wp-asambleas allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP-Asambleas: from n/a through <= 2.85.0.
- CVE-2025-27296HIGHCVSS 7.2EG 7.22025-02-24
Missing Authorization vulnerability in revenueflex Auto Ad Inserter – Increase Google Adsense and Ad Manager Revenue revenueflex-easy-ads allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Auto Ad …
- CVE-2025-27310MEDIUMCVSS 6.5EG 6.52025-04-17
Missing Authorization vulnerability in Radius of Thought Page and Post Lister page-and-post-lister allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Page and Post Lister: from n/a through <= 1.2.1.
- CVE-2025-27356MEDIUMCVSS 5.4EG 5.42025-02-24
Missing Authorization vulnerability in Hardik Sticky Header On Scroll sticky-header-on-scroll allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sticky Header On Scroll: from n/a through <= 1.0.
- CVE-2025-27428HIGHCVSS 7.7EG 7.72025-04-08
Due to directory traversal vulnerability, an authorized attacker could gain access to some critical information by using RFC enabled function module. Upon successful exploitation, they could read files from any managed system connected to …
- CVE-2025-27432LOWCVSS 2.4EG 2.42025-03-11
The eDocument Cockpit (Inbound NF-e) in SAP Electronic Invoicing for Brazil allows an authenticated attacker with certain privileges to gain unauthorized access to each transaction. By executing the specific ABAP method within the ABAP sys…
- CVE-2025-27435MEDIUMCVSS 4.2EG 4.22025-04-08
Under specific conditions and prerequisites, an unauthenticated attacker could access customer coupon codes exposed in the URL parameters of the Coupon Campaign URL in SAP Commerce. This could allow the attacker to use the disclosed coupon…
- CVE-2025-27437MEDIUMCVSS 4.3EG 4.32025-04-08
A Missing Authorization Check vulnerability exists in the Virus Scanner Interface of SAP NetWeaver Application Server ABAP. Because of this, an attacker authenticated as a non-administrative user can initiate a transaction, allowing them t…
- CVE-2025-27461HIGHCVSS 7.6EG 7.62025-07-03
During startup, the device automatically logs in the EPC2 Windows user without requesting a password.
- CVE-2025-27505MEDIUMCVSS 5.3EG 5.32025-06-10
GeoServer is an open source server that allows users to share and edit geospatial data. It is possible to bypass the default REST API security and access the index page. The REST API security handles rest and its subpaths but not rest with…
- CVE-2025-27583CRITICALCVSS 9.1EG 9.12025-03-03
Incorrect access control in the component /rest/staffResource/findAllUsersAcrossOrg of Serosoft Solutions Pvt Ltd Academia Student Information System (SIS) EagleR v1.0.118 allows create and modify user accounts, including an Administrator …
- CVE-2025-27666CRITICALCVSS 9.8EG 9.82025-03-05
Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923 allows Insufficient Authorization Checks OVE-20230524-0010.
- CVE-2025-2779MEDIUMCVSS 6.5EG 6.52025-04-02
The Insert Headers and Footers Code – HT Script plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_dismiss function in all versions up to, and including, 1.1.2. This make…
- CVE-2025-2789MEDIUMCVSS 5.3EG 5.32025-04-05
The MultiVendorX – Empower Your WooCommerce Store with a Dynamic Multivendor Marketplace – Build the Next Amazon, eBay, Etsy plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the delet…
- CVE-2025-2807HIGHCVSS 8.8EG 8.82025-04-08
The Motors – Car Dealership & Classified Listings Plugin plugin for WordPress is vulnerable to arbitrary plugin installations due to a missing capability check in the mvl_setup_wizard_install_plugin() function in all versions up to, and …
- CVE-2025-28103MEDIUMCVSS 6.4EG 6.42025-04-21
Incorrect access control in laskBlog v2.6.1 allows attackers to arbitrarily delete user accounts via a crafted request.
- CVE-2025-2815HIGHCVSS 8.8EG 8.82025-03-28
The Administrator Z plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the adminz_import_backup() function in all versions up to, and including…
- CVE-2025-2816HIGHCVSS 8.1EG 8.12025-05-01
The Page View Count plugin for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to a missing capability check on the yellow_message_dontshow() function in versions 2.8.0 to 2.8.4. This m…
Map vulnerabilities like CWE-862 to your infrastructure
EchelonGraph correlates every CVE — across CWE-862 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →