CWE-862— Missing Authorization
The product does not perform an authorization check when an actor attempts to access a resource or perform an action.— MITRE CWE catalog
8,570 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-862page 107 of 172
- CVE-2025-28202HIGHCVSS 8.8EG 9.82025-05-09
Incorrect access control in Victure RX1800 EN_V1.0.0_r12_110933 allows attackers to enable SSH and Telnet services without authentication.
- CVE-2025-2821MEDIUMCVSS 5.3EG 5.32025-05-07
The Search Exclude plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the get_rest_permission function in all versions up to, and including, 2.4.9. This makes it possible for unauth…
- CVE-2025-2832MEDIUMCVSS 4.3EG 4.32025-03-27
A vulnerability was found in mingyuefusu 明月复苏 tushuguanlixitong 图书管理系统 up to d4836f6b49cd0ac79a4021b15ce99ff7229d4694 and classified as problematic. This issue affects some unknown processing. The manipulation leads to …
- CVE-2025-2848MEDIUMCVSS 6.3EG 6.32025-12-04
A vulnerability in Synology Mail Server allows remote authenticated attackers to read and write non-sensitive settings, and disable some non-critical functions.
- CVE-2025-2876MEDIUMCVSS 5.3EG 5.32025-04-08
The MelaPress Login Security and MelaPress Login Security Premium plugins for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'monitor_admin_actions' function in version 2.1.0. This makes it po…
- CVE-2025-28872MEDIUMCVSS 5.3EG 5.32025-03-11
Missing Authorization vulnerability in jwpegram Block Spam By Math Reloaded block-spam-by-math-reloaded allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Block Spam By Math Reloaded: from n/a through <= 2.2…
- CVE-2025-28920MEDIUMCVSS 5.3EG 5.32025-03-11
Missing Authorization vulnerability in Jogesh Responsive Google Map responsive-google-map allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Responsive Google Map: from n/a through <= 3.1.5.
- CVE-2025-28938MEDIUMCVSS 4.3EG 4.32025-03-11
Missing Authorization vulnerability in Bjoern WP Performance Pack wp-performance-pack allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Performance Pack: from n/a through <= 2.5.3.
- CVE-2025-28962MEDIUMCVSS 6.5EG 6.52025-08-14
Missing Authorization vulnerability in stefanoai Advanced Google Universal Analytics advanced-google-universal-analytics allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Advanced Google Universal A…
- CVE-2025-28965HIGHCVSS 8.6EG 8.62025-07-16
Missing Authorization vulnerability in Md Yeasin Ul Haider URL Shortener exact-links allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects URL Shortener: from n/a through <= 3.0.7.
- CVE-2025-28985MEDIUMCVSS 5.4EG 5.42025-06-06
Missing Authorization vulnerability in Elastic Email Elastic Email Subscribe Form elastic-email-subscribe-form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Elastic Email Subscribe Form: from n/…
- CVE-2025-28994MEDIUMCVSS 4.3EG 4.32025-06-06
Missing Authorization vulnerability in viralloops Viral Loops WP Integration viral-loops-wp-integration allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Viral Loops WP Integration: from n/a through…
- CVE-2025-28995MEDIUMCVSS 5.3EG 5.32025-06-06
Missing Authorization vulnerability in viralloops Viral Loops WP Integration viral-loops-wp-integration allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Viral Loops WP Integration: from n/a through…
- CVE-2025-28996MEDIUMCVSS 4.3EG 4.32025-06-06
Missing Authorization vulnerability in Thad Allender GPP Slideshow gpp-slideshow allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GPP Slideshow: from n/a through <= 1.3.5.
- CVE-2025-28997MEDIUMCVSS 5.3EG 5.32025-06-06
Missing Authorization vulnerability in EXEIdeas International WP AutoKeyword wp-autokeyword allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP AutoKeyword: from n/a through <= 1.0.
- CVE-2025-29000HIGHCVSS 7.5EG 7.52025-07-16
Missing Authorization vulnerability in August Infotech Multi-language Responsive Contact Form responsive-contact-form allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Multi-language Responsive Contact Form…
- CVE-2025-29001MEDIUMCVSS 4.3EG 4.32025-07-04
Missing Authorization vulnerability in ZoomIt WooCommerce Shop Page Builder allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WooCommerce Shop Page Builder: from n/a through 2.27.7.
- CVE-2025-29006MEDIUMCVSS 5.3EG 5.32025-06-06
Missing Authorization vulnerability in centangle Direct Checkout for WooCommerce Lite woo-direct-checkout-lite allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Direct Checkout for WooCommerce Lite: from n/…
- CVE-2025-29007MEDIUMCVSS 4.3EG 4.32025-07-04
Missing Authorization vulnerability in LMSACE LMSACE Connect lmsace-connect allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LMSACE Connect: from n/a through <= 3.4.
- CVE-2025-29010MEDIUMCVSS 4.3EG 4.32025-06-06
Missing Authorization vulnerability in eleopard Behance Portfolio Manager portfolio-manager-powered-by-behance allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Behance Portfolio Manager: from n/a t…
- CVE-2025-29012MEDIUMCVSS 5.3EG 5.32025-07-04
Missing Authorization vulnerability in kamleshyadav CF7 7 Mailchimp Add-on CF7-mailchimp-addon allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CF7 7 Mailchimp Add-on: from n/a through < 2.4.
- CVE-2025-29013MEDIUMCVSS 5.4EG 5.42025-06-06
Missing Authorization vulnerability in faaiq Custom Category/Post Type Post order custom-post-order-category allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Custom Category/Post Type Post order: f…
- CVE-2025-2902HIGHCVSS 8.3EG 8.32026-06-29
Improper Authorization Vulnerability of Maintenance Utility in Hitachi Virtual Storage Platform. This issue affects Hitachi Virtual Storage Platform E390, E590, E790, E990, E1090, E390H, E590H, E790H, E1090H: before DKCMAIN Ver. 93-07-26-…
- CVE-2025-2933HIGHCVSS 8.8EG 8.82025-04-05
The Email Notifications for Updates plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the awun_import_settings() function in all versions up t…
- CVE-2025-29756HIGHCVSS 8.3EG 8.32025-06-11
SunGrow's back end users system iSolarCloud https://isolarcloud.com uses an MQTT service to transport data from the user's connected devices to the user's web browser. The MQTT server however did not have sufficient restrictions in pl…
- CVE-2025-29926CRITICALCVSS 9.8EG 9.82025-03-19
XWiki Platform is a generic wiki platform. Prior to 15.10.15, 16.4.6, and 16.10.0, any user can exploit the WikiManager REST API to create a new wiki, where the user could become an administrator and so performs other attacks on the farm. …
- CVE-2025-30017MEDIUMCVSS 4.4EG 4.42025-04-08
Due to a missing authorization check, an authenticated attacker could upload a file as a template for solution documentation in SAP Solution Manager 7.1. After successful exploitation, an attacker can cause limited impact on the integrity …
- CVE-2025-30107HIGHCVSS 7.5EG 7.52025-03-18
On IROAD V9 devices, Managing Settings and Obtaining Sensitive Data and Sabotaging the Car Battery can be performed by unauthorized parties. A vulnerability in the dashcam's configuration management allows unauthorized users to modify sett…
- CVE-2025-3037MEDIUMCVSS 4.3EG 4.32025-03-31
A vulnerability has been found in yzk2356911358 StudentServlet-JSP cc0cdce25fbe43b6c58b60a77a2c85f52d2102f5/d4d7a0643f1dae908a4831206f2714b21820f991 and classified as problematic. This vulnerability affects unknown code. The manipulation l…
- CVE-2025-30398HIGHCVSS 8.1EG 8.12025-11-11
Missing authorization in Nuance PowerScribe allows an unauthorized attacker to disclose information over a network.
- CVE-2025-30448CRITICALCVSS 9.1EG 9.12025-05-12
This issue was addressed with additional entitlement checks. This issue is fixed in iOS 18.5 and iPadOS 18.5, iPadOS 17.7.7, macOS Sequoia 15.4, macOS Sonoma 14.7.6, macOS Ventura 13.7.6, visionOS 2.5. An attacker may be able to turn on sh…
- CVE-2025-30461CRITICALCVSS 9.8EG 9.82025-03-31
An access issue was addressed with additional sandbox restrictions on the system pasteboards. This issue is fixed in macOS Sequoia 15.4. An app may be able to access protected user data.
- CVE-2025-30543MEDIUMCVSS 4.3EG 4.32025-03-24
Missing Authorization vulnerability in swayam.tejwani Menu Duplicator copy-menu allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Menu Duplicator: from n/a through <= 1.0.
- CVE-2025-3058HIGHCVSS 8.8EG 8.82025-04-24
The Xelion Webchat plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the xwc_save_settings() function in all versions up to, and including, 9.…
- CVE-2025-30581MEDIUMCVSS 5.3EG 5.32025-03-24
Missing Authorization vulnerability in PluginOps Top Bar ultimate-bar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Top Bar: from n/a through <= 3.3.
- CVE-2025-30591MEDIUMCVSS 5.3EG 5.32025-03-24
Missing Authorization vulnerability in tuyennv Music Press Pro music-press-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Music Press Pro: from n/a through <= 1.4.6.
- CVE-2025-30592MEDIUMCVSS 5.3EG 5.32025-03-24
Missing Authorization vulnerability in WesternDeal Advanced Dewplayer advanced-dewplayer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Advanced Dewplayer: from n/a through <= 1.6.
- CVE-2025-30605MEDIUMCVSS 4.3EG 4.32025-03-24
Missing Authorization vulnerability in ldwin79 sourceplay-navermap sourceplay-navermap allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects sourceplay-navermap: from n/a through <= 0.0.2.
- CVE-2025-30624MEDIUMCVSS 4.3EG 4.32025-06-06
Missing Authorization vulnerability in WordLift WordLift wordlift allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WordLift: from n/a through <= 3.54.4.
- CVE-2025-3063HIGHCVSS 8.8EG 8.82025-04-02
The Shopper Approved Reviews plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the ajax_callback_update_sa_option() function in versions 2.0 t…
- CVE-2025-30636MEDIUMCVSS 5.4EG 5.42025-06-06
Missing Authorization vulnerability in Ability, Inc Accessibility Suite online-accessibility allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Accessibility Suite: from n/a through <= 4.19.
- CVE-2025-30639HIGHCVSS 7.5EG 7.52025-08-14
Missing Authorization vulnerability in ThemeAtelier IDonatePro idonate-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects IDonatePro: from n/a through <= 2.1.9.
- CVE-2025-30716HIGHCVSS 7.5EG 7.52025-04-15
Vulnerability in the Oracle Common Applications product of Oracle E-Business Suite (component: CRM User Management Framework). Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows unauthenticate…
- CVE-2025-30767MEDIUMCVSS 5.4EG 5.42025-03-27
Missing Authorization vulnerability in add-ons.org PDF for WPForms pdf-for-wpforms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PDF for WPForms: from n/a through <= 5.3.0.
- CVE-2025-30772HIGHCVSS 8.8EG 8.82025-03-27
Missing Authorization vulnerability in WPClever WPC Smart Upsell Funnel for WooCommerce wpc-smart-upsell-funnel allows Privilege Escalation.This issue affects WPC Smart Upsell Funnel for WooCommerce: from n/a through <= 3.0.4.
- CVE-2025-30790MEDIUMCVSS 5.3EG 5.32025-03-27
Missing Authorization vulnerability in alexvtn Chatbox Manager wa-chatbox-manager allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Chatbox Manager: from n/a through <= 1.2.2.
- CVE-2025-30797HIGHCVSS 7.5EG 7.52025-04-01
Missing Authorization vulnerability in bigdrop.gr Greek Multi Tool – Fix peralinks, accents, auto create menus and more greek-multi-tool allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Greek Mul…
- CVE-2025-30803MEDIUMCVSS 4.3EG 4.32025-03-27
Missing Authorization vulnerability in Greg Ross Just Writing Statistics just-writing-statistics allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Just Writing Statistics: from n/a through <= 5.3.
- CVE-2025-30809MEDIUMCVSS 5.4EG 5.42025-03-27
Missing Authorization vulnerability in Shahjada Live Forms liveforms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Live Forms: from n/a through <= 4.8.4.
- CVE-2025-30817MEDIUMCVSS 5.4EG 5.42025-03-27
Missing Authorization vulnerability in wpzita Z Companion z-companion allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Z Companion: from n/a through <= 1.0.13.
Map vulnerabilities like CWE-862 to your infrastructure
EchelonGraph correlates every CVE — across CWE-862 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →