CWE-862— Missing Authorization
The product does not perform an authorization check when an actor attempts to access a resource or perform an action.— MITRE CWE catalog
8,583 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-862page 116 of 172
- CVE-2025-46255HIGHCVSS 7.5EG 7.52026-01-05
Missing Authorization vulnerability in Marketing Fire LLC LoginWP - Pro allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects LoginWP - Pro: from n/a through 4.0.8.5.
- CVE-2025-46258MEDIUMCVSS 5.4EG 5.42025-06-05
Missing Authorization vulnerability in BdThemes Element Pack Pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Element Pack Pro: from n/a before 8.0.0.
- CVE-2025-46259MEDIUMCVSS 5.4EG 5.42025-07-01
Missing Authorization vulnerability in POSIMYTH Innovation The Plus Addons for Elementor Pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects The Plus Addons for Elementor Pro: from n/a before 6.3.…
- CVE-2025-46348CRITICALCVSS 10.0EG 10.02025-04-29
YesWiki is a wiki system written in PHP. Prior to version 4.5.4, the request to commence a site backup can be performed and downloaded without authentication. The archives are created with a predictable filename, so a malicious user could …
- CVE-2025-46434MEDIUMCVSS 6.5EG 6.52026-01-07
Missing Authorization vulnerability in POSIMYTH Innovation The Plus Addons for Elementor Pro theplus_elementor_addon allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects The Plus Addons for Elementor P…
- CVE-2025-46470MEDIUMCVSS 4.3EG 4.32025-04-24
Missing Authorization vulnerability in Peter Raschendorfer Smart Hashtags [#hashtagger] hashtagger allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Smart Hashtags [#hashtagger]: from n/a through <=…
- CVE-2025-46485MEDIUMCVSS 5.3EG 5.32025-04-24
Missing Authorization vulnerability in Carlo La Pera WP Customize Login Page wp-customize-login-page allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WP Customize Login Page: from n/a through <= 1.6.5.
- CVE-2025-46488HIGHCVSS 7.1EG 7.12025-05-23
Missing Authorization vulnerability in dastan800 Visual Builder visual-builder allows Reflected XSS.This issue affects Visual Builder: from n/a through <= 1.2.2.
- CVE-2025-46489MEDIUMCVSS 5.3EG 5.32025-04-24
Missing Authorization vulnerability in vinodvaswani9 Bulk Assign Linked Products For WooCommerce wc-bulk-assign-linked-products allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Bulk Assign Linked Products …
- CVE-2025-46519MEDIUMCVSS 4.3EG 4.32025-04-24
Missing Authorization vulnerability in M.Code Media Library Downloader media-library-downloader allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Media Library Downloader: from n/a through <= 1.3.1.
- CVE-2025-46535MEDIUMCVSS 5.4EG 5.42025-04-25
Missing Authorization vulnerability in AlphaEfficiencyTeam Custom Login and Registration allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Custom Login and Registration: from n/a through 1.0.0.
- CVE-2025-46554MEDIUMCVSS 5.3EG 5.32025-04-30
XWiki is a generic wiki platform. In versions starting from 1.8.1 to before 14.10.22, from 15.0-rc-1 to before 15.10.12, from 16.0.0-rc-1 to before 16.4.3, and from 16.5.0-rc-1 to before 16.7.0, anyone can access the metadata of any attach…
- CVE-2025-46557CRITICALCVSS 9.8EG 9.82025-04-30
XWiki is a generic wiki platform. In versions starting from 15.3-rc-1 to before 15.10.14, from 16.0.0-rc-1 to before 16.4.6, and from 16.5.0-rc-1 to before 16.10.0-rc-1, a user who can access pages located in the XWiki space (by default, a…
- CVE-2025-46586MEDIUMCVSS 5.1EG 5.12025-05-06
Permission control vulnerability in the contacts module Impact: Successful exploitation of this vulnerability may affect availability.
- CVE-2025-46745MEDIUMCVSS 6.5EG 6.52025-05-12
An authenticated user without user-management permissions could view other users account information.
- CVE-2025-46811CRITICALCVSS 9.8EG 9.82025-07-30
A Missing Authorization vulnerability in SUSE Linux Manager allows anyone with the ability to connect to port 443 of SUSE Manager is able to run any command as root on any client. This issue affects Container suse/manager/5.0/x86_64/serve…
- CVE-2025-46823HIGHCVSS 8.0EG 8.02025-05-29
openmrs-module-fhir2 provides the FHIR REST API and related services for OpenMRS, an open medical records system. In versions of the FHIR2 module prior to 2.5.0, privileges were not always correctly checked, which means that unauthorized u…
- CVE-2025-4683MEDIUMCVSS 4.3EG 4.32025-05-27
The MStore API – Create Native Android & iOS Apps On The Cloud plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the create_blog function in all versions up to, and including, 4.…
- CVE-2025-47444MEDIUMCVSS 5.3EG 7.52025-08-12
Missing Authorization vulnerability in Damian Góra FiboSearch ajax-search-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects FiboSearch: from n/a through <= 1.32.1.
- CVE-2025-47450MEDIUMCVSS 5.3EG 5.32025-05-07
Missing Authorization vulnerability in Mitchell Bennis Simple File List simple-file-list allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simple File List: from n/a through <= 6.1.13.
- CVE-2025-47457MEDIUMCVSS 5.3EG 5.32025-05-07
Missing Authorization vulnerability in dgamoni LocateAndFilter locateandfilter allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects LocateAndFilter: from n/a through <= 1.6.16.
- CVE-2025-47463HIGHCVSS 7.1EG 7.12025-06-09
Missing Authorization vulnerability in Fahad Mahmood Stock Locations for WooCommerce stock-locations-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Stock Locations for WooCommerce…
- CVE-2025-47465MEDIUMCVSS 4.9EG 4.92025-05-07
Missing Authorization vulnerability in creativethemeshq Blocksy blocksy allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Blocksy: from n/a through <= 2.0.97.
- CVE-2025-47467MEDIUMCVSS 4.3EG 4.32025-05-07
Missing Authorization vulnerability in GS Plugins GS Testimonial Slider gs-testimonial allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GS Testimonial Slider: from n/a through <= 3.3.0.
- CVE-2025-47469MEDIUMCVSS 5.4EG 5.42025-05-07
Missing Authorization vulnerability in slui Media Hygiene media-hygiene allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Media Hygiene: from n/a through <= 4.0.0.
- CVE-2025-47471MEDIUMCVSS 4.3EG 4.32025-05-07
Missing Authorization vulnerability in EnvoThemes Envo Extra envo-extra allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Envo Extra: from n/a through <= 1.9.9.
- CVE-2025-47472MEDIUMCVSS 5.4EG 5.42025-05-07
Missing Authorization vulnerability in codepeople Music Player for WooCommerce music-player-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Music Player for WooCommerce: from n/a t…
- CVE-2025-47480MEDIUMCVSS 5.4EG 5.42025-05-07
Missing Authorization vulnerability in Iqonic Design Graphina graphina-elementor-charts-and-graphs allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Graphina: from n/a through <= 3.0.4.
- CVE-2025-47485MEDIUMCVSS 5.3EG 5.32025-05-07
Missing Authorization vulnerability in CozyThemes Cozy Blocks cozy-addons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Cozy Blocks: from n/a through <= 2.1.22.
- CVE-2025-47486MEDIUMCVSS 5.3EG 5.32025-05-07
Missing Authorization vulnerability in CyberChimps Responsive Plus responsive-add-ons allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Responsive Plus: from n/a through <= 3.1.9.
- CVE-2025-47526MEDIUMCVSS 5.4EG 5.42025-05-07
Missing Authorization vulnerability in GS Plugins GS Variation Swatches for WooCommerce gs-woo-variation-swatches allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GS Variation Swatches for WooComme…
- CVE-2025-47527HIGHCVSS 7.1EG 7.12025-06-09
Missing Authorization vulnerability in Icegram Icegram Collect icegram-rainmaker allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Icegram Collect: from n/a through <= 1.3.18.
- CVE-2025-47528MEDIUMCVSS 4.3EG 4.32025-05-07
Missing Authorization vulnerability in pewilliams Ovation Elements ovation-elements allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ovation Elements: from n/a through <= 1.1.2.
- CVE-2025-47529MEDIUMCVSS 6.5EG 6.52025-05-23
Missing Authorization vulnerability in UX Design Experts Experto CTA Widget – Call To Action, Sticky CTA, Floating Button Plugin experto-cta-widget allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affect…
- CVE-2025-47534MEDIUMCVSS 4.3EG 4.32025-05-16
Missing Authorization vulnerability in ValvePress Wordpress Auto Spinner wp-auto-spinner allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Wordpress Auto Spinner: from n/a through <= 3.25.0.
- CVE-2025-47556MEDIUMCVSS 5.4EG 5.42025-05-16
Missing Authorization vulnerability in QuanticaLabs CSS3 Compare Pricing Tables for WordPress css3_web_pricing_tables_grids allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CSS3 Compare Pricing Tab…
- CVE-2025-47558HIGHCVSS 7.5EG 7.52025-05-23
Missing Authorization vulnerability in RomanCode MapSVG mapsvg allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects MapSVG: from n/a through < 8.6.13.
- CVE-2025-47560MEDIUMCVSS 5.0EG 5.02025-05-16
Missing Authorization vulnerability in RomanCode MapSVG mapsvg allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MapSVG: from n/a through < 8.6.13.
- CVE-2025-47563MEDIUMCVSS 5.3EG 5.32025-05-16
Missing Authorization vulnerability in villatheme CURCY woocommerce-multi-currency allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects CURCY: from n/a through <= 2.3.7.
- CVE-2025-47564MEDIUMCVSS 5.3EG 5.32025-05-16
Missing Authorization vulnerability in ashanjay EventON eventon allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects EventON: from n/a through <= 4.9.8.
- CVE-2025-47565MEDIUMCVSS 6.3EG 6.32025-07-04
Missing Authorization vulnerability in ashanjay EventON eventon allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects EventON: from n/a through <= 4.9.9.
- CVE-2025-47580MEDIUMCVSS 5.4EG 5.42025-05-15
Missing Authorization vulnerability in Rustaurius Front End Users front-end-only-users allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Front End Users: from n/a through <= 3.2.35.
- CVE-2025-47585MEDIUMCVSS 6.5EG 6.52025-06-02
Missing Authorization vulnerability in magepeopleteam Booking and Rental Manager booking-and-rental-manager-for-woocommerce allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Booking and Rental Manager: from…
- CVE-2025-47591MEDIUMCVSS 4.3EG 4.32025-05-07
Missing Authorization vulnerability in CreedAlly Bulk Featured Image bulk-featured-image allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Bulk Featured Image: from n/a through <= 1.2.4.
- CVE-2025-47601HIGHCVSS 8.8EG 8.82025-06-07
Missing Authorization vulnerability in Christiaan Pieterse MaxiBlocks maxi-blocks allows Privilege Escalation.This issue affects MaxiBlocks: from n/a through <= 2.1.0.
- CVE-2025-47602MEDIUMCVSS 5.4EG 5.42025-05-07
Missing Authorization vulnerability in ammarahmad786 Calculate Prices based on Distance For WooCommerce calculate-prices-based-on-distance-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue a…
- CVE-2025-47612MEDIUMCVSS 5.4EG 5.42025-05-07
Missing Authorization vulnerability in ClickWhale ClickWhale clickwhale allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ClickWhale: from n/a through <= 2.4.6.
- CVE-2025-47619MEDIUMCVSS 6.5EG 6.52025-05-23
Missing Authorization vulnerability in 6Storage 6Storage Rentals 6storage-rentals allows Path Traversal.This issue affects 6Storage Rentals: from n/a through <= 2.20.2.
- CVE-2025-47628MEDIUMCVSS 5.4EG 5.42025-05-07
Missing Authorization vulnerability in quomodosoft QS Dark Mode qs-dark-mode allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects QS Dark Mode: from n/a through <= 3.0.
- CVE-2025-47634MEDIUMCVSS 6.5EG 6.52025-07-04
Missing Authorization vulnerability in Keylor Mendoza WC Pickup Store wc-pickup-store allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WC Pickup Store: from n/a through <= 1.8.9.
Map vulnerabilities like CWE-862 to your infrastructure
EchelonGraph correlates every CVE — across CWE-862 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →