CWE-862— Missing Authorization
The product does not perform an authorization check when an actor attempts to access a resource or perform an action.— MITRE CWE catalog
8,571 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-862page 110 of 172
- CVE-2025-31746MEDIUMCVSS 6.4EG 6.42025-04-03
Missing Authorization vulnerability in Think201 Clients clients allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Clients: from n/a through <= 1.1.4.
- CVE-2025-31752MEDIUMCVSS 4.3EG 4.32025-04-01
Missing Authorization vulnerability in termel Bulk Fields Editor bulk-user-editor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Bulk Fields Editor: from n/a through <= 1.8.0.
- CVE-2025-31755MEDIUMCVSS 4.3EG 4.32025-04-01
Missing Authorization vulnerability in josselynj pCloud Backup pcloud-backup allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects pCloud Backup: from n/a through <= 1.0.1.
- CVE-2025-31757MEDIUMCVSS 5.4EG 5.42025-04-01
Missing Authorization vulnerability in BinaryCarpenter Free Woocommerce Product Table View free-product-table-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Free Woocommerce Produ…
- CVE-2025-31758MEDIUMCVSS 6.5EG 6.52025-04-03
Missing Authorization vulnerability in BinaryCarpenter Free Woocommerce Product Table View free-product-table-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Free Woocommerce Produ…
- CVE-2025-31765MEDIUMCVSS 5.3EG 5.32025-04-01
Missing Authorization vulnerability in themeqx GDPR Cookie Notice gdpr-cookie-notice allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GDPR Cookie Notice: from n/a through <= 1.2.0.
- CVE-2025-31768MEDIUMCVSS 6.5EG 6.52025-04-03
Missing Authorization vulnerability in OTWthemes Widget Manager Light widget-manager-light allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Widget Manager Light: from n/a through <= 1.18.
- CVE-2025-31773MEDIUMCVSS 5.3EG 5.32025-04-01
Missing Authorization vulnerability in cedcommerce Ship Per Product ship-per-product allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Ship Per Product: from n/a through <= 2.1.0.
- CVE-2025-31774MEDIUMCVSS 5.3EG 5.32025-04-01
Missing Authorization vulnerability in WebProtect.ai Astra Security Suite getastra allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Astra Security Suite: from n/a through <= 0.2.
- CVE-2025-31777MEDIUMCVSS 5.3EG 5.32025-04-01
Missing Authorization vulnerability in BeastThemes Clockinator Lite clockify-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Clockinator Lite: from n/a through <= 1.0.9.
- CVE-2025-31780MEDIUMCVSS 6.5EG 6.52025-04-01
Missing Authorization vulnerability in Andy Stratton Append Content append-content allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Append Content: from n/a through <= 2.1.1.
- CVE-2025-31781MEDIUMCVSS 4.3EG 4.32025-04-01
Missing Authorization vulnerability in ahmadshyk Gift Cards for WooCommerce woo-giftcards allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Gift Cards for WooCommerce: from n/a through <= 1.5.8.
- CVE-2025-31782MEDIUMCVSS 5.4EG 5.42025-04-01
Missing Authorization vulnerability in pupunzi mb.YTPlayer wpmbytplayer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects mb.YTPlayer: from n/a through <= 3.3.8.
- CVE-2025-31786MEDIUMCVSS 5.3EG 5.32025-04-01
Missing Authorization vulnerability in Travis Simple Icons simple-icons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simple Icons: from n/a through <= 2.8.4.
- CVE-2025-31787MEDIUMCVSS 4.3EG 4.32025-04-01
Missing Authorization vulnerability in AudioTheme Cue cue allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Cue: from n/a through <= 2.4.4.
- CVE-2025-31789MEDIUMCVSS 6.5EG 6.52025-04-03
Missing Authorization vulnerability in Matat Technologies TextMe SMS textme-sms-integration allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects TextMe SMS: from n/a through <= 1.9.1.
- CVE-2025-31791MEDIUMCVSS 5.4EG 5.42025-04-01
Missing Authorization vulnerability in Oliver Boyers Pin Generator pin-generator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Pin Generator: from n/a through <= 2.0.0.
- CVE-2025-31794MEDIUMCVSS 5.4EG 5.42025-04-03
Missing Authorization vulnerability in Web Ready Now WR Price List Manager For Woocommerce wr-price-list-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WR Price List Manager For W…
- CVE-2025-31795MEDIUMCVSS 6.5EG 6.52025-04-03
Missing Authorization vulnerability in Plugin Devs Shopify to WooCommerce Migration migrate-shopify-to-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Shopify to WooCommerce Migration:…
- CVE-2025-31798MEDIUMCVSS 4.3EG 4.32025-04-01
Missing Authorization vulnerability in publitio Publitio publitio allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Publitio: from n/a through <= 2.1.8.
- CVE-2025-31799MEDIUMCVSS 4.3EG 4.32025-04-01
Missing Authorization vulnerability in publitio Publitio publitio allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Publitio: from n/a through <= 2.1.8.
- CVE-2025-31802MEDIUMCVSS 5.4EG 5.42025-04-01
Missing Authorization vulnerability in Shiptimize Shiptimize for WooCommerce shiptimize-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Shiptimize for WooCommerce: from n/a through…
- CVE-2025-31810MEDIUMCVSS 5.3EG 5.32025-04-01
Missing Authorization vulnerability in PickPlugins Question Answer question-answer allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Question Answer: from n/a through <= 1.2.73.
- CVE-2025-31816MEDIUMCVSS 5.4EG 5.42025-04-01
Missing Authorization vulnerability in pietro Mobile App Canvas mobile-app allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Mobile App Canvas: from n/a through <= 3.8.2.
- CVE-2025-31820MEDIUMCVSS 4.3EG 4.32025-04-01
Missing Authorization vulnerability in webdevstudios Automatic Featured Images from Videos automatic-featured-images-from-videos allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Automatic Featured …
- CVE-2025-31822MEDIUMCVSS 5.3EG 5.32025-04-01
Missing Authorization vulnerability in Ashish Ajani WP Simple HTML Sitemap wp-simple-html-sitemap allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Simple HTML Sitemap: from n/a through <= 3.5.
- CVE-2025-31826MEDIUMCVSS 5.4EG 5.42025-04-01
Missing Authorization vulnerability in Anzar Ahmed Ni WooCommerce Cost Of Goods ni-woocommerce-cost-of-goods allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ni WooCommerce Cost Of Goods: from n/a …
- CVE-2025-31830MEDIUMCVSS 4.3EG 4.32025-04-01
Missing Authorization vulnerability in Uriahs Victor Printus printus-cloud-printing-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Printus: from n/a through <= 1.2.6.
- CVE-2025-31831MEDIUMCVSS 4.3EG 4.32025-04-01
Missing Authorization vulnerability in Team AtomChat AtomChat atomchat allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AtomChat: from n/a through <= 1.1.7.
- CVE-2025-31834MEDIUMCVSS 5.3EG 5.32025-04-01
Missing Authorization vulnerability in themeglow JobBoard Job listing job-board-light allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JobBoard Job listing: from n/a through <= 1.2.8.
- CVE-2025-31836MEDIUMCVSS 5.3EG 5.32025-04-01
Missing Authorization vulnerability in matthewrubin Review Manager review-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Review Manager: from n/a through <= 2.5.0.
- CVE-2025-31841MEDIUMCVSS 6.3EG 6.32025-04-03
Missing Authorization vulnerability in Frank P. Walentynowicz FPW Category Thumbnails fpw-category-thumbnails allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects FPW Category Thumbnails: from n/a thro…
- CVE-2025-31843MEDIUMCVSS 4.3EG 4.32025-04-01
Missing Authorization vulnerability in Wilson OpenAI Tools for WordPress & WooCommerce openai-tools-for-wp-wc allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects OpenAI Tools for WordPress & WooCommer…
- CVE-2025-31846MEDIUMCVSS 4.3EG 4.32025-04-01
Missing Authorization vulnerability in Jeroen Schmit Theater for WordPress theatre allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Theater for WordPress: from n/a through <= 0.18.7.
- CVE-2025-31848MEDIUMCVSS 5.3EG 5.32025-04-01
Missing Authorization vulnerability in WPFactory Adverts adverts-click-tracker allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Adverts: from n/a through <= 1.4.
- CVE-2025-31854MEDIUMCVSS 4.3EG 4.32025-04-01
Missing Authorization vulnerability in Sharaz Shahid Simple Sticky Add To Cart For WooCommerce sticky-add-to-cart-woo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simple Sticky Add To Cart For …
- CVE-2025-31856MEDIUMCVSS 4.3EG 4.32025-04-01
Missing Authorization vulnerability in brainvireinfo Export All Post Meta export-all-post-meta allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Export All Post Meta: from n/a through <= 1.2.1.
- CVE-2025-31858MEDIUMCVSS 6.5EG 6.52025-04-03
Missing Authorization vulnerability in matthewrubin Local Magic local-magic allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Local Magic: from n/a through <= 2.9.0.
- CVE-2025-31862MEDIUMCVSS 5.3EG 5.32025-04-01
Missing Authorization vulnerability in PickPlugins Job Board Manager job-board-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Job Board Manager: from n/a through <= 2.1.61.
- CVE-2025-31863MEDIUMCVSS 5.3EG 5.32025-04-01
Missing Authorization vulnerability in inspry Agency Toolkit agency-toolkit allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Agency Toolkit: from n/a through <= 1.0.24.
- CVE-2025-31865MEDIUMCVSS 4.3EG 4.32025-04-01
Missing Authorization vulnerability in CartBoss CartBoss cartboss allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CartBoss: from n/a through <= 4.1.2.
- CVE-2025-31866MEDIUMCVSS 4.3EG 4.32025-04-01
Missing Authorization vulnerability in Ship Depot ShipDepot for WooCommerce ship-depot allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ShipDepot for WooCommerce: from n/a through <= 1.2.19.
- CVE-2025-31868MEDIUMCVSS 5.3EG 5.32025-04-01
Missing Authorization vulnerability in JoomSky JS Job Manager js-jobs allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JS Job Manager: from n/a through <= 2.0.2.
- CVE-2025-31870MEDIUMCVSS 5.4EG 5.42025-04-01
Missing Authorization vulnerability in EXEIdeas International WP AutoKeyword wp-autokeyword allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP AutoKeyword: from n/a through <= 1.0.
- CVE-2025-31872MEDIUMCVSS 5.3EG 5.32025-04-01
Missing Authorization vulnerability in Galaxy Weblinks WP Clone any post type wp-clone-any-post-type allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Clone any post type: from n/a through <= 3.6.
- CVE-2025-31876MEDIUMCVSS 5.8EG 5.82025-04-03
Missing Authorization vulnerability in gunnarpayday Payday payday allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Payday: from n/a through <= 3.3.18.
- CVE-2025-31877MEDIUMCVSS 4.3EG 4.32025-04-01
Missing Authorization vulnerability in Magnigenie RestroPress restropress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects RestroPress: from n/a through <= 3.2.8.
- CVE-2025-31878MEDIUMCVSS 5.4EG 5.42025-04-01
Missing Authorization vulnerability in Dmitry V. (CEO of "UKR Solution") UPC/EAN/GTIN Code Generator upc-ean-barcode-generator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects UPC/EAN/GTIN Code Gen…
- CVE-2025-31879MEDIUMCVSS 5.4EG 5.42025-04-01
Missing Authorization vulnerability in Dmitry V. (CEO of "UKR Solution") Barcode Generator for WooCommerce embedding-barcodes-into-product-pages-and-orders allows Exploiting Incorrectly Configured Access Control Security Levels.This issue …
- CVE-2025-31881MEDIUMCVSS 5.4EG 5.42025-04-01
Missing Authorization vulnerability in Stylemix Pearl pearl-header-builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Pearl: from n/a through <= 1.3.9.
Map vulnerabilities like CWE-862 to your infrastructure
EchelonGraph correlates every CVE — across CWE-862 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →