CWE-862— Missing Authorization
The product does not perform an authorization check when an actor attempts to access a resource or perform an action.— MITRE CWE catalog
8,579 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-862page 113 of 172
- CVE-2025-39385MEDIUMCVSS 4.3EG 4.32025-04-24
Missing Authorization vulnerability in vowelweb Sirat sirat allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sirat: from n/a through <= 1.5.1.
- CVE-2025-39388MEDIUMCVSS 5.3EG 5.32025-05-19
Missing Authorization vulnerability in Solid Plugins AnalyticsWP allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects AnalyticsWP: from n/a through 2.0.0.
- CVE-2025-39390MEDIUMCVSS 5.3EG 5.32025-04-24
Missing Authorization vulnerability in magepeopleteam Booking and Rental Manager booking-and-rental-manager-for-woocommerce allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Booking and Rental Manager: from…
- CVE-2025-39398MEDIUMCVSS 4.3EG 4.32025-05-19
Missing Authorization vulnerability in Themovation Bellevue bellevuex.This issue affects Bellevue: from n/a through <= 4.2.2.
- CVE-2025-39412MEDIUMCVSS 4.3EG 4.32025-05-19
Missing Authorization vulnerability in averta Master Slider master-slider.This issue affects Master Slider: from n/a through <= 3.11.0.
- CVE-2025-39413MEDIUMCVSS 4.3EG 4.32025-04-30
Missing Authorization vulnerability in David Gwyer Simple Sitemap – Create a Responsive HTML Sitemap simple-sitemap.This issue affects Simple Sitemap – Create a Responsive HTML Sitemap: from n/a through <= 3.6.0.
- CVE-2025-39447HIGHCVSS 7.5EG 7.52025-05-19
Missing Authorization vulnerability in Crocoblock JetElements For Elementor jet-elements allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects JetElements For Elementor: from n/a through <= 2.7.4.1.
- CVE-2025-39449HIGHCVSS 7.5EG 7.52025-05-19
Missing Authorization vulnerability in Crocoblock JetWooBuilder jet-woo-builder allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects JetWooBuilder: from n/a through <= 2.1.18.
- CVE-2025-39451HIGHCVSS 7.5EG 7.52025-05-19
Missing Authorization vulnerability in Crocoblock JetBlocks For Elementor jet-blocks allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects JetBlocks For Elementor: from n/a through <= 1.3.16.
- CVE-2025-39454MEDIUMCVSS 4.3EG 4.32025-05-19
Missing Authorization vulnerability in Jeroen Peters Name Directory name-directory.This issue affects Name Directory: from n/a through <= 1.30.0.
- CVE-2025-39456MEDIUMCVSS 5.4EG 5.42025-04-17
Missing Authorization vulnerability in iTRON WP Logger wp-data-logger allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Logger: from n/a through <= 2.2.
- CVE-2025-39457MEDIUMCVSS 5.3EG 5.32025-04-17
Missing Authorization vulnerability in magepeopleteam Booking and Rental Manager booking-and-rental-manager-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Booking and Rental Manag…
- CVE-2025-39460MEDIUMCVSS 5.3EG 5.32025-05-19
Missing Authorization vulnerability in ThimPress Eduma eduma allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Eduma: from n/a through <= 5.6.4.
- CVE-2025-39465MEDIUMCVSS 4.3EG 8.12025-11-06
Missing Authorization vulnerability in flippercode Advanced Google Maps wp-google-map-gold allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Advanced Google Maps: from n/a through <= 5.8.4.
- CVE-2025-39477CRITICALCVSS 9.8EG 9.82026-01-06
Missing Authorization vulnerability in Sfwebservice InWave Jobs allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects InWave Jobs: from n/a through 3.5.8.
- CVE-2025-39482MEDIUMCVSS 4.3EG 4.32025-05-16
Missing Authorization vulnerability in imithemes Eventer eventer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Eventer: from n/a through < 3.11.4.
- CVE-2025-3949MEDIUMCVSS 4.3EG 4.32025-05-09
The Website Builder by SeedProd — Theme Builder, Landing Page Builder, Coming Soon Page, Maintenance Mode plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'seedprod_lite_get_revis…
- CVE-2025-39493MEDIUMCVSS 4.3EG 4.32025-05-16
Missing Authorization vulnerability in ValvePress Rankie valvepress-rankie allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Rankie: from n/a through < 1.8.2.
- CVE-2025-39511MEDIUMCVSS 4.3EG 4.32025-05-16
Missing Authorization vulnerability in ValvePress Pinterest Automatic Pin wp-pinterest-automatic allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Pinterest Automatic Pin: from n/a through <= 4.19.0.
- CVE-2025-39513MEDIUMCVSS 5.3EG 5.32025-04-16
Missing Authorization vulnerability in ActiveDEMAND Online Agency Marketing Automation ActiveDEMAND activedemand allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects ActiveDEMAND: from n/a through <= 0.2.46.
- CVE-2025-3952HIGHCVSS 8.1EG 8.12025-05-01
The Projectopia – WordPress Project Management plugin for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to a missing capability check on the 'pto_remove_logo' function in all versio…
- CVE-2025-39522MEDIUMCVSS 5.4EG 5.42025-04-16
Missing Authorization vulnerability in Service2Client LLC Dynamic Post dynamic-post allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Dynamic Post: from n/a through <= 5.03.
- CVE-2025-3953MEDIUMCVSS 5.4EG 6.52025-04-30
The WP Statistics – The Most Popular Privacy-Friendly Analytics Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'optionUpdater' function in all versions up to, and i…
- CVE-2025-39531MEDIUMCVSS 5.3EG 5.32025-04-16
Missing Authorization vulnerability in slazzercom Slazzer Background Changer slazzer-background-changer allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Slazzer Background Changer: from n/a through <= 3.14.
- CVE-2025-39532HIGHCVSS 7.5EG 7.52025-04-17
Missing Authorization vulnerability in spicethemes Spice Blocks spice-blocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Spice Blocks: from n/a through <= 2.0.7.7.
- CVE-2025-39533HIGHCVSS 8.8EG 8.82025-04-17
Missing Authorization vulnerability in Starfish Reviews Starfish Review Generation & Marketing starfish-reviews allows Privilege Escalation.This issue affects Starfish Review Generation & Marketing: from n/a through <= 3.1.19.
- CVE-2025-39536HIGHCVSS 8.2EG 8.22025-05-23
Missing Authorization vulnerability in Chimpstudio JobHunt Job Alerts allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects JobHunt Job Alerts: from n/a through 3.6.
- CVE-2025-39541MEDIUMCVSS 6.5EG 6.52025-09-09
Missing Authorization vulnerability in Roland Murg WP Simple Booking Calendar wp-simple-booking-calendar.This issue affects WP Simple Booking Calendar: from n/a through <= 2.0.13.
- CVE-2025-39545MEDIUMCVSS 5.4EG 5.42025-04-16
Missing Authorization vulnerability in miniOrange WordPress REST API Authentication wp-rest-api-authentication allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WordPress REST API Authentication: fr…
- CVE-2025-39552MEDIUMCVSS 5.4EG 5.42025-04-16
Missing Authorization vulnerability in Dylan James Zephyr Project Manager zephyr-project-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Zephyr Project Manager: from n/a through <= 3.3.200.
- CVE-2025-39553MEDIUMCVSS 4.3EG 4.32025-09-09
Missing Authorization vulnerability in andy_moyle Church Admin church-admin.This issue affects Church Admin: from n/a through <= 5.0.9.
- CVE-2025-39554MEDIUMCVSS 6.5EG 6.52025-04-17
Missing Authorization vulnerability in Elliot Sowersby / RelyWP AI Text to Speech ai-text-to-speech allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AI Text to Speech: from n/a through <= 3.0.3.
- CVE-2025-39559MEDIUMCVSS 6.5EG 6.52025-04-17
Missing Authorization vulnerability in Eivin Landa Bring Fraktguiden for WooCommerce bring-fraktguiden-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Bring Fraktguiden for WooComm…
- CVE-2025-39560MEDIUMCVSS 5.4EG 5.42025-04-16
Missing Authorization vulnerability in Shahjada Live Forms liveforms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Live Forms: from n/a through <= 4.8.4.
- CVE-2025-39561MEDIUMCVSS 6.5EG 6.52026-01-05
Missing Authorization vulnerability in Marketing Fire, LLC LoginWP - Pro allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects LoginWP - Pro: from n/a through 4.0.8.5.
- CVE-2025-39571MEDIUMCVSS 4.3EG 4.32025-04-16
Missing Authorization vulnerability in WPXPO WowStore product-blocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WowStore: from n/a through <= 4.2.4.
- CVE-2025-39580MEDIUMCVSS 5.8EG 5.82025-04-17
Missing Authorization vulnerability in jidaikobo Dashi dashi allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Dashi: from n/a through <= 3.1.8.
- CVE-2025-39583HIGHCVSS 7.1EG 7.12025-04-17
Missing Authorization vulnerability in Bertha AI – Andrew Palmer BERTHA AI bertha-ai-free allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects BERTHA AI: from n/a through <= 1.12.10.2.
- CVE-2025-3959MEDIUMCVSS 4.3EG 4.32025-04-27
A vulnerability was found in withstars Books-Management-System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /reader_delete.html. The manipulation leads to cross-site reque…
- CVE-2025-39591MEDIUMCVSS 5.4EG 5.42025-04-16
Missing Authorization vulnerability in WP Shuffle WP Subscription Forms wp-subscription-forms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Subscription Forms: from n/a through <= 1.2.3.
- CVE-2025-3960HIGHCVSS 7.3EG 7.32025-04-27
A vulnerability was found in withstars Books-Management-System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /allreaders.html of the component Background Interface. The manipulation le…
- CVE-2025-39602MEDIUMCVSS 4.3EG 4.32025-04-16
Missing Authorization vulnerability in WC Product Table WooCommerce Product Table Lite wc-product-table-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WooCommerce Product Table Lite: from n/…
- CVE-2025-3963HIGHCVSS 7.3EG 7.32025-04-27
A vulnerability, which was classified as critical, has been found in withstars Books-Management-System 1.0. This issue affects some unknown processing of the file /admin/article/list of the component Background Interface. The manipulation …
- CVE-2025-3964MEDIUMCVSS 4.3EG 4.32025-04-27
A vulnerability, which was classified as problematic, was found in withstars Books-Management-System 1.0. Affected is an unknown function of the file /api/article/del of the component Article Handler. The manipulation leads to cross-site r…
- CVE-2025-3977MEDIUMCVSS 4.3EG 4.32025-04-27
A vulnerability was found in iteachyou Dreamer CMS up to 4.1.3. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/attachment/download of the component Attachment Handler. The…
- CVE-2025-3979MEDIUMCVSS 4.3EG 4.32025-04-27
A vulnerability classified as problematic has been found in dazhouda lecms 3.0.3. This affects an unknown part of the file /index.php?my-password-ajax-1 of the component Password Change Handler. The manipulation leads to cross-site request…
- CVE-2025-3980MEDIUMCVSS 4.3EG 4.32025-04-27
A vulnerability classified as problematic was found in wowjoy 浙江湖州华卓信息科技有限公司 Internet Doctor Workstation System 1.0. This vulnerability affects unknown code of the file /v1/prescription/list. The manipulation le…
- CVE-2025-3981MEDIUMCVSS 4.3EG 4.32025-04-27
A vulnerability, which was classified as problematic, has been found in wowjoy 浙江湖州华卓信息科技有限公司 Internet Doctor Workstation System 1.0. This issue affects some unknown processing of the file /v1/prescription/detai…
- CVE-2025-3997MEDIUMCVSS 4.3EG 4.32025-04-28
A vulnerability classified as problematic has been found in dazhouda lecms 3.0.3. This affects an unknown part of the file /index.php?my-profile-ajax-1 of the component Personal Information Page. The manipulation leads to cross-site reques…
- CVE-2025-4046HIGHCVSS 8.5EG 8.52025-08-19
A missing authorization vulnerability in Lexmark Cloud Services badge management allows attacker to reassign badges within their organization
Map vulnerabilities like CWE-862 to your infrastructure
EchelonGraph correlates every CVE — across CWE-862 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →