CWE-862— Missing Authorization
The product does not perform an authorization check when an actor attempts to access a resource or perform an action.— MITRE CWE catalog
8,570 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-862page 109 of 172
- CVE-2025-31182CRITICALCVSS 9.8EG 9.82025-03-31
This issue was addressed with improved handling of symlinks. This issue is fixed in iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.4, visionOS 2.4, watchOS 11.4. An app may be able to delet…
- CVE-2025-31194CRITICALCVSS 9.8EG 9.82025-03-31
An authentication issue was addressed with improved state management. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. A Shortcut may run with admin privileges without authentication.
- CVE-2025-3124MEDIUMCVSS 4.3EG 4.32025-04-17
A missing authorization vulnerability was identified in GitHub Enterprise Server that allowed a user to see the names of private repositories that they wouldn't otherwise have access to in the Security Overview in GitHub Advanced Security.…
- CVE-2025-31338MEDIUMCVSS 6.9EG 6.92025-04-17
A missing authorization vulnerability in the retrieve teacher Information function of Wisdom Master Pro versions 5.0 through 5.2 allows remote attackers to obtain partial user data by accessing the API functionality.
- CVE-2025-31376MEDIUMCVSS 4.3EG 4.32025-03-31
Missing Authorization vulnerability in Mayeenul Islam NanoSupport nanosupport allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects NanoSupport: from n/a through <= 0.6.0.
- CVE-2025-31377HIGHCVSS 7.5EG 7.52025-04-09
Missing Authorization vulnerability in Asaquzzaman mishu Woo Product Feed For Marketing Channels woocommerce-to-google-merchant-center allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Woo Product F…
- CVE-2025-31381MEDIUMCVSS 6.5EG 6.52025-04-04
Missing Authorization vulnerability in shiptrack Booking Calendar and Notification booking-calendar-and-notification allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Booking Calendar and Notificati…
- CVE-2025-31386MEDIUMCVSS 5.3EG 5.32025-03-31
Missing Authorization vulnerability in simplepress Simple:Press simplepress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simple:Press: from n/a through <= 6.11.5.
- CVE-2025-31406MEDIUMCVSS 4.3EG 4.32025-03-31
Missing Authorization vulnerability in ELEXtensions ELEX WooCommerce Request a Quote elex-request-a-quote allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ELEX WooCommerce Request a Quote: from n/a…
- CVE-2025-31408MEDIUMCVSS 4.3EG 4.32025-04-01
Missing Authorization vulnerability in Zoho Flow Zoho Flow zoho-flow allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Zoho Flow: from n/a through <= 2.13.3.
- CVE-2025-31415HIGHCVSS 7.6EG 7.62025-04-01
Missing Authorization vulnerability in YayCommerce YayExtra yayextra allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects YayExtra: from n/a through <= 1.5.2.
- CVE-2025-31417MEDIUMCVSS 4.3EG 4.32025-03-31
Missing Authorization vulnerability in Fahad Mahmood WP Docs wp-docs allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Docs: from n/a through < 2.2.7.
- CVE-2025-31425HIGHCVSS 7.5EG 7.52025-08-14
Missing Authorization vulnerability in kamleshyadav WP Lead Capturing Pages leadcapture allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Lead Capturing Pages: from n/a through < 2.6.
- CVE-2025-31469MEDIUMCVSS 5.3EG 5.32025-03-28
Missing Authorization vulnerability in webrangers Clear Sucuri Cache clear-sucuri-cache allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Clear Sucuri Cache: from n/a through <= 1.4.
- CVE-2025-3150MEDIUMCVSS 4.3EG 4.32025-04-03
A vulnerability was found in itning Student Homework Management System up to 1.2.7. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross-site request forgery. The …
- CVE-2025-31525MEDIUMCVSS 4.3EG 4.32025-04-01
Missing Authorization vulnerability in WP Messiah WP Mobile Bottom Menu mobile-bottom-menu-for-wp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Mobile Bottom Menu: from n/a through <= 1.4.0.
- CVE-2025-31528MEDIUMCVSS 4.3EG 4.32025-03-31
Missing Authorization vulnerability in wokamoto StaticPress staticpress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects StaticPress: from n/a through <= 0.4.5.
- CVE-2025-31529MEDIUMCVSS 4.3EG 4.32025-03-31
Missing Authorization vulnerability in Rashid Slider Path for Elementor slider-path allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Slider Path for Elementor: from n/a through <= 3.0.0.
- CVE-2025-31530MEDIUMCVSS 4.3EG 4.32025-03-31
Missing Authorization vulnerability in Smackcoders Inc., Google SEO Pressor Snippet google-seo-author-snippets allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Google SEO Pressor Snippet: from n/a …
- CVE-2025-31533MEDIUMCVSS 5.3EG 5.32025-03-31
Missing Authorization vulnerability in Salesmate.io Salesmate Add-On for Gravity Forms gf-salesmate-add-on allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Salesmate Add-On for Gravity Forms: from n/a thro…
- CVE-2025-31539MEDIUMCVSS 6.5EG 6.52025-03-31
Missing Authorization vulnerability in Blocksera Cryptocurrency Widgets Pack cryptocurrency-widgets-pack allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Cryptocurrency Widgets Pack: from n/a throu…
- CVE-2025-31540MEDIUMCVSS 4.3EG 4.32025-03-31
Missing Authorization vulnerability in acmemediakits ACME Divi Modules acme-divi-modules allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ACME Divi Modules: from n/a through <= 1.3.5.
- CVE-2025-31541MEDIUMCVSS 6.5EG 6.52025-04-03
Missing Authorization vulnerability in TuriTop TuriTop Booking System turitop-booking-system allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects TuriTop Booking System: from n/a through <= 1.0.10.
- CVE-2025-31544MEDIUMCVSS 4.3EG 4.32025-03-31
Missing Authorization vulnerability in WP Messiah Swiss Toolkit For WP swiss-toolkit-for-wp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Swiss Toolkit For WP: from n/a through <= 1.4.5.
- CVE-2025-31545MEDIUMCVSS 5.4EG 5.42025-03-31
Missing Authorization vulnerability in WP Messiah Safe Ai Malware Protection for WP safe-ai-malware-protection-for-wp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Safe Ai Malware Protection for…
- CVE-2025-31546MEDIUMCVSS 4.3EG 4.32025-03-31
Missing Authorization vulnerability in WP Messiah Swiss Toolkit For WP swiss-toolkit-for-wp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Swiss Toolkit For WP: from n/a through <= 1.4.0.
- CVE-2025-31555MEDIUMCVSS 5.4EG 5.42025-03-31
Missing Authorization vulnerability in ContentMX ContentMX Content Publisher contentmx-content-publisher allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ContentMX Content Publisher: from n/a throu…
- CVE-2025-31576MEDIUMCVSS 4.3EG 4.32025-03-31
Missing Authorization vulnerability in Gagan Deep Singh PostmarkApp Email Integrator postmarkapp-email-integrator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PostmarkApp Email Integrator: from…
- CVE-2025-31580HIGHCVSS 7.5EG 7.52025-04-01
Missing Authorization vulnerability in Anzar Ahmed Ni WooCommerce Product Enquiry ni-woocommerce-product-enquiry allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Ni WooCommerce Product Enquiry: from n/a th…
- CVE-2025-31581MEDIUMCVSS 6.5EG 6.52025-04-03
Missing Authorization vulnerability in Sandeep Kumar WP Video Playlist wp-video-playlist allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Video Playlist: from n/a through <= 1.1.2.
- CVE-2025-31584MEDIUMCVSS 5.4EG 5.42025-03-31
Missing Authorization vulnerability in elfsight Elfsight Testimonials Slider elfsight-testimonials-slider allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Elfsight Testimonials Slider: from n/a thr…
- CVE-2025-31596MEDIUMCVSS 4.3EG 4.32025-03-31
Missing Authorization vulnerability in Chatwee Chat by Chatwee chatwee allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Chat by Chatwee: from n/a through <= 2.1.3.
- CVE-2025-31603MEDIUMCVSS 5.4EG 5.42025-03-31
Missing Authorization vulnerability in moshensky CF7 Spreadsheets cf7-spreadsheets allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CF7 Spreadsheets: from n/a through <= 2.3.2.
- CVE-2025-31606MEDIUMCVSS 4.8EG 4.82025-03-31
Missing Authorization vulnerability in softpulseinfotech SP Blog Designer sp-blog-designer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SP Blog Designer: from n/a through <= 1.0.0.
- CVE-2025-31609MEDIUMCVSS 4.3EG 4.32025-03-31
Missing Authorization vulnerability in Arni Cinco WPCargo Track & Trace wpcargo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPCargo Track & Trace: from n/a through <= 8.0.2.
- CVE-2025-31611MEDIUMCVSS 4.3EG 4.32025-03-31
Missing Authorization vulnerability in Shaharia Azam Auto Post After Image Upload auto-post-after-image-upload allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Auto Post After Image Upload: from n/…
- CVE-2025-31618MEDIUMCVSS 5.3EG 5.32025-03-31
Missing Authorization vulnerability in Jaap Jansma Connector to CiviCRM with CiviMcRestFace connector-civicrm-mcrestface allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Connector to CiviCRM with C…
- CVE-2025-31628MEDIUMCVSS 5.3EG 5.32025-04-01
Missing Authorization vulnerability in SlicedInvoices Sliced Invoices sliced-invoices allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sliced Invoices: from n/a through <= 3.10.0.
- CVE-2025-31630MEDIUMCVSS 5.3EG 5.32025-05-16
Missing Authorization vulnerability in themeton The Business allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects The Business: from n/a through 1.6.1.
- CVE-2025-31678HIGHCVSS 8.2EG 8.22025-03-31
Missing Authorization vulnerability in Drupal AI (Artificial Intelligence) allows Forceful Browsing.This issue affects AI (Artificial Intelligence): from 0.0.0 before 1.0.3.
- CVE-2025-31681CRITICALCVSS 9.8EG 9.82025-03-31
Missing Authorization vulnerability in Drupal Authenticator Login allows Forceful Browsing.This issue affects Authenticator Login: from 0.0.0 before 2.0.6.
- CVE-2025-31685CRITICALCVSS 9.1EG 9.12025-03-31
Missing Authorization vulnerability in Drupal Open Social allows Forceful Browsing.This issue affects Open Social: from 0.0.0 before 12.3.11, from 12.4.0 before 12.4.10.
- CVE-2025-31686HIGHCVSS 8.1EG 8.12025-03-31
Missing Authorization vulnerability in Drupal Open Social allows Forceful Browsing.This issue affects Open Social: from 0.0.0 before 12.3.11, from 12.4.0 before 12.4.10.
- CVE-2025-31691CRITICALCVSS 9.8EG 9.82025-03-31
Missing Authorization vulnerability in Drupal OAuth2 Server allows Forceful Browsing.This issue affects OAuth2 Server: from 0.0.0 before 2.1.0.
- CVE-2025-31720MEDIUMCVSS 4.3EG 4.32025-04-02
A missing permission check in Jenkins 2.503 and earlier, LTS 2.492.2 and earlier allows attackers with Computer/Create permission but without Computer/Extended Read permission to copy an agent, gaining access to its configuration.
- CVE-2025-31721MEDIUMCVSS 4.3EG 4.32025-04-02
A missing permission check in Jenkins 2.503 and earlier, LTS 2.492.2 and earlier allows attackers with Computer/Create permission but without Computer/Configure permission to copy an agent, gaining access to encrypted secrets in its config…
- CVE-2025-31729MEDIUMCVSS 6.5EG 6.52025-04-03
Missing Authorization vulnerability in jeffikus WooTumblog woo-tumblog allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WooTumblog: from n/a through <= 2.1.4.
- CVE-2025-31732MEDIUMCVSS 4.3EG 4.32025-04-01
Missing Authorization vulnerability in gb-plugins GB Gallery Slideshow gb-gallery-slideshow allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GB Gallery Slideshow: from n/a through <= 1.3.
- CVE-2025-31736MEDIUMCVSS 6.5EG 6.52025-04-03
Missing Authorization vulnerability in richtexteditor Rich Text Editor richtexteditor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Rich Text Editor: from n/a through <= 1.0.1.
- CVE-2025-31739MEDIUMCVSS 6.4EG 6.42025-04-03
Missing Authorization vulnerability in Manuel Schmalstieg Minimalistic Event Manager minimalistic-event-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Minimalistic Event Manager: from n/a…
Map vulnerabilities like CWE-862 to your infrastructure
EchelonGraph correlates every CVE — across CWE-862 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →