CWE-862— Missing Authorization
The product does not perform an authorization check when an actor attempts to access a resource or perform an action.— MITRE CWE catalog
8,583 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-862page 117 of 172
- CVE-2025-47688MEDIUMCVSS 5.3EG 5.32025-05-07
Missing Authorization vulnerability in Saad Iqbal Advanced File Manager file-manager-advanced allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Advanced File Manager: from n/a through <= 5.3.1.
- CVE-2025-47690HIGHCVSS 8.8EG 8.82025-05-23
Missing Authorization vulnerability in Smackcoders Inc., Lead Form Data Collection to CRM wp-leads-builder-any-crm allows Privilege Escalation.This issue affects Lead Form Data Collection to CRM: from n/a through <= 3.1.
- CVE-2025-47692MEDIUMCVSS 4.3EG 4.32025-05-07
Missing Authorization vulnerability in contentstudio Contentstudio contentstudio allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Contentstudio: from n/a through <= 1.3.5.
- CVE-2025-47709MEDIUMCVSS 6.5EG 6.52025-05-14
Missing Authorization vulnerability in Drupal Enterprise MFA - TFA for Drupal allows Forceful Browsing.This issue affects Enterprise MFA - TFA for Drupal: from 0.0.0 before 4.7.0, from 5.0.0 before 5.2.0.
- CVE-2025-47792MEDIUMCVSS 5.0EG 5.02025-05-16
Nextcloud Desktop is the desktop sync client for Nextcloud. In versions of Nextcloud Desktop prior to 3.15, 3rdparty applications already installed on a user machine can create link shares for almost all data via the socket API. These shar…
- CVE-2025-47887MEDIUMCVSS 4.3EG 4.32025-05-14
Missing permission checks in Jenkins Cadence vManager Plugin 4.0.1-286.v9e25a_740b_a_48 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified username and password.
- CVE-2025-47942MEDIUMCVSS 5.3EG 5.32025-05-21
The Open edX Platform is a learning management platform. Prior to commit 6740e75c0fdc7ba095baf88e9f5e4f3e15cfd8ba, edxapp has no built-in protection against downloading the python_lib.zip asset from courses, which is a concern since it oft…
- CVE-2025-48009LOWCVSS 3.1EG 3.12025-05-21
Missing Authorization vulnerability in Drupal Single Content Sync allows Functionality Misuse.This issue affects Single Content Sync: from 0.0.0 before 1.4.12.
- CVE-2025-48013MEDIUMCVSS 5.3EG 5.32025-06-11
Missing Authorization vulnerability in Drupal Quick Node Block allows Forceful Browsing.This issue affects Quick Node Block: from 0.0.0 before 2.0.0.
- CVE-2025-48079MEDIUMCVSS 4.3EG 4.32025-05-16
Missing Authorization vulnerability in Metagauss ProfileGrid profilegrid-user-profiles-groups-and-communities allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ProfileGrid : from n/a through <= 5.9…
- CVE-2025-48096MEDIUMCVSS 6.5EG 6.52025-10-22
Missing Authorization vulnerability in FRESHFACE Custom CSS custom-css-editor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Custom CSS: from n/a through <= 1.4.0.
- CVE-2025-48108MEDIUMCVSS 6.5EG 6.52025-08-26
Missing Authorization vulnerability in Mojoomla School Management allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects School Management: from n/a through 93.2.0.
- CVE-2025-48116MEDIUMCVSS 5.3EG 5.32025-05-16
Missing Authorization vulnerability in Ashan Perera EventON eventon-lite allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects EventON: from n/a through <= 2.4.4.
- CVE-2025-48117MEDIUMCVSS 5.3EG 5.32025-05-16
Missing Authorization vulnerability in kilbot WooCommerce POS woocommerce-pos allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WooCommerce POS: from n/a through <= 1.7.8.
- CVE-2025-48127MEDIUMCVSS 6.5EG 6.52025-05-16
Missing Authorization vulnerability in App Cheap Push notification for Mobile and Web app push-notification-mobile-and-web-app allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Push notification for…
- CVE-2025-48128MEDIUMCVSS 4.3EG 4.32025-05-16
Missing Authorization vulnerability in Sharespine Sharespine Woocommerce Connector sharespine-woocommerce-connector allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sharespine Woocommerce Connector…
- CVE-2025-48133MEDIUMCVSS 6.5EG 6.52025-06-05
Missing Authorization vulnerability in Uncanny Owl Uncanny Automator uncanny-automator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Uncanny Automator: from n/a through <= 6.4.0.2.
- CVE-2025-48138MEDIUMCVSS 4.3EG 4.32025-05-16
Missing Authorization vulnerability in Bertha AI – Andrew Palmer BERTHA AI bertha-ai-free allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects BERTHA AI: from n/a through <= 1.13.
- CVE-2025-48139MEDIUMCVSS 6.5EG 6.52025-06-09
Missing Authorization vulnerability in relentlo StyleAI relentlosoftware allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects StyleAI: from n/a through <= 1.0.4.
- CVE-2025-48147MEDIUMCVSS 6.5EG 6.52025-06-09
Missing Authorization vulnerability in Crypto Cloud CryptoCloud - Crypto Payment Gateway cryptocloud-crypto-payment-gateway allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CryptoCloud - Crypto Pay…
- CVE-2025-48150MEDIUMCVSS 4.3EG 4.32025-07-16
Missing Authorization vulnerability in sminozzi Real Estate Property 2024 Create Your Own Fields and Search Bar WP Plugin real-estate-right-now allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Real…
- CVE-2025-48155MEDIUMCVSS 5.3EG 5.32025-07-16
Missing Authorization vulnerability in enituretechnology Residential Address Detection residential-address-detection allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Residential Address Detection: from n/a…
- CVE-2025-48166MEDIUMCVSS 5.3EG 5.32025-07-16
Missing Authorization vulnerability in sminozzi Stop and Block bots plugin Anti bots antibots allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Stop and Block bots plugin Anti bots: from n/a through <= 1.48.
- CVE-2025-48167MEDIUMCVSS 5.4EG 5.42025-07-16
Missing Authorization vulnerability in alexvtn Chatbox Manager wa-chatbox-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Chatbox Manager: from n/a through <= 1.2.5.
- CVE-2025-48242MEDIUMCVSS 6.5EG 6.52025-05-19
Missing Authorization vulnerability in wpWax Legal Pages legal-pages allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Legal Pages: from n/a through <= 1.4.5.
- CVE-2025-48246MEDIUMCVSS 5.4EG 5.42025-05-19
Missing Authorization vulnerability in StellarWP The Events Calendar the-events-calendar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects The Events Calendar: from n/a through <= 6.11.2.1.
- CVE-2025-48247MEDIUMCVSS 4.3EG 4.32025-05-19
Missing Authorization vulnerability in Blair Williams Shortlinks by Pretty Links pretty-link allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Shortlinks by Pretty Links: from n/a through <= 3.6.15.
- CVE-2025-48257MEDIUMCVSS 6.5EG 6.52025-05-19
Missing Authorization vulnerability in Projectopia Projectopia projectopia-core allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Projectopia: from n/a through <= 5.1.17.
- CVE-2025-48260MEDIUMCVSS 4.3EG 4.32025-05-19
Missing Authorization vulnerability in Ninja Team GDPR CCPA Compliance Support ninja-gdpr-compliance allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GDPR CCPA Compliance Support: from n/a through …
- CVE-2025-48262MEDIUMCVSS 4.3EG 4.32025-05-19
Missing Authorization vulnerability in M.Code Url Rewrite Analyzer url-rewrite-analyzer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Url Rewrite Analyzer: from n/a through <= 1.3.3.
- CVE-2025-48268MEDIUMCVSS 4.3EG 4.32025-05-19
Missing Authorization vulnerability in Guru Team Bot for Telegram on WooCommerce bot-for-telegram-on-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Bot for Telegram on WooCommerce: fr…
- CVE-2025-48271MEDIUMCVSS 6.5EG 6.52025-05-23
Missing Authorization vulnerability in Leadinfo Leadinfo leadinfo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Leadinfo: from n/a through <= 1.1.
- CVE-2025-48272MEDIUMCVSS 5.3EG 5.32025-05-19
Missing Authorization vulnerability in wpjobportal WP Job Portal wp-job-portal allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Job Portal: from n/a through <= 2.3.2.
- CVE-2025-48275MEDIUMCVSS 6.5EG 6.52025-05-23
Missing Authorization vulnerability in dastan800 Visual Header visual-header allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Visual Header: from n/a through <= 1.3.
- CVE-2025-48282MEDIUMCVSS 5.3EG 5.32025-05-19
Missing Authorization vulnerability in Majestic Support Majestic Support majestic-support allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Majestic Support: from n/a through <= 1.1.0.
- CVE-2025-48326MEDIUMCVSS 6.5EG 6.52025-09-26
Missing Authorization vulnerability in Acclectic Media Acclectic Media Organizer acclectic-media-organizer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Acclectic Media Organizer: from n/a throu…
- CVE-2025-48327MEDIUMCVSS 5.3EG 5.32025-08-28
Missing Authorization vulnerability in inkthemes WP Mailgun SMTP wp-mailgun-smtp allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WP Mailgun SMTP: from n/a through <= 1.0.7.
- CVE-2025-48334MEDIUMCVSS 6.5EG 6.52025-05-30
Missing Authorization vulnerability in BinaryCarpenter Woo Slider Pro woo-slider-pro-drag-drop-slider-builder-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Woo Slider Pro: from n…
- CVE-2025-48335MEDIUMCVSS 5.4EG 5.42025-06-06
Missing Authorization vulnerability in CyberChimps Responsive Plus responsive-add-ons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Responsive Plus: from n/a through <= 3.2.0.
- CVE-2025-48337MEDIUMCVSS 5.3EG 5.32025-06-06
Missing Authorization vulnerability in QuickcabWP QuickCab.This issue affects QuickCab: from n/a through 1.3.3.
- CVE-2025-48339MEDIUMCVSS 6.5EG 6.52025-07-16
Missing Authorization vulnerability in activity-log.com Profiler - What Slowing Down Your WP allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Profiler - What Slowing Down Your WP: from n/a through…
- CVE-2025-48346MEDIUMCVSS 5.3EG 5.32025-05-19
Missing Authorization vulnerability in Embed360 Embed and Integrate Etsy Shop embed-and-integrate-etsy-shop allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Embed and Integrate Etsy Shop: from n/a through …
- CVE-2025-48350MEDIUMCVSS 4.3EG 4.32025-08-28
Missing Authorization vulnerability in Basar Ventures AutoWP autowp-ai-content-writer-rewriter allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AutoWP: from n/a through <= 2.2.7.
- CVE-2025-48444MEDIUMCVSS 5.3EG 5.32025-06-11
Missing Authorization vulnerability in Drupal Quick Node Block allows Forceful Browsing.This issue affects Quick Node Block: from 0.0.0 before 2.0.0.
- CVE-2025-48524MEDIUMCVSS 5.5EG 5.52025-09-04
In isSystem of WifiPermissionsUtil.java, there is a possible permission bypass due to a missing permission check. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for…
- CVE-2025-48547HIGHCVSS 7.3EG 7.32025-09-04
In multiple locations, there is a possible one-time permission bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploit…
- CVE-2025-48549HIGHCVSS 7.8EG 7.82025-09-04
In multiple locations, there is a possible way to record audio via a background app due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not…
- CVE-2025-48575HIGHCVSS 7.8EG 7.82025-12-08
In multiple functions of CertInstaller.java, there is a possible way to install certificates due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is …
- CVE-2025-48591MEDIUMCVSS 5.5EG 5.52025-12-08
In multiple locations, there is a possible way to read files from another user due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not neede…
- CVE-2025-48599HIGHCVSS 7.8EG 7.82025-12-08
In multiple functions of WifiScanModeActivity.java, there is a possible way to bypass a device config restriction due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges n…
Map vulnerabilities like CWE-862 to your infrastructure
EchelonGraph correlates every CVE — across CWE-862 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →