CWE-862— Missing Authorization
The product does not perform an authorization check when an actor attempts to access a resource or perform an action.— MITRE CWE catalog
8,583 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-862page 119 of 172
- CVE-2025-49509MEDIUMCVSS 5.3EG 5.32025-06-10
Missing Authorization vulnerability in Roland Beaussant Audio Editor & Recorder audio-editor-recorder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Audio Editor & Recorder: from n/a through <= 2…
- CVE-2025-49651HIGHCVSS 8.1EG 8.12025-06-09
Missing Authorization in Lablup's BackendAI allows attackers to takeover all active sessions; Accessing, stealing, or altering any data accessible in the session. This vulnerability exists in all current versions of BackendAI.
- CVE-2025-49723HIGHCVSS 8.8EG 8.82025-07-08
Missing authorization in Windows StateRepository API allows an authorized attacker to perform tampering locally.
- CVE-2025-49747CRITICALCVSS 9.9EG 9.92025-07-18
Missing authorization in Azure Machine Learning allows an authorized attacker to elevate privileges over a network.
- CVE-2025-49829MEDIUMCVSS 6.5EG 6.52025-07-15
Conjur provides secrets management and application identity for infrastructure. Missing validations in Secrets Manager, Self-Hosted allows authenticated attackers to inject resources into the database and to bypass permission checks. This …
- CVE-2025-49857MEDIUMCVSS 4.3EG 4.32025-06-17
Missing Authorization vulnerability in Saad Iqbal myCred mycred allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects myCred: from n/a through <= 2.9.4.2.
- CVE-2025-49860MEDIUMCVSS 5.3EG 5.32025-09-09
Missing Authorization vulnerability in Majestic Support Majestic Support majestic-support.This issue affects Majestic Support: from n/a through <= 1.1.0.
- CVE-2025-49864MEDIUMCVSS 5.3EG 5.32025-06-17
Missing Authorization vulnerability in AFS Analytics AFS Analytics addfreestats allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects AFS Analytics: from n/a through <= 4.21.
- CVE-2025-49872MEDIUMCVSS 5.3EG 5.32025-06-17
Missing Authorization vulnerability in Saad Iqbal myCred mycred allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects myCred: from n/a through <= 2.9.4.2.
- CVE-2025-49874MEDIUMCVSS 4.3EG 4.32025-06-17
Missing Authorization vulnerability in tychesoftwares Arconix FAQ arconix-faq allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Arconix FAQ: from n/a through <= 1.9.6.
- CVE-2025-49880MEDIUMCVSS 4.3EG 4.32025-06-17
Missing Authorization vulnerability in Imran Tauqeer CubeWP Forms cubewp-forms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CubeWP Forms: from n/a through <= 1.1.5.
- CVE-2025-49884MEDIUMCVSS 6.5EG 6.52025-07-16
Missing Authorization vulnerability in alexvtn Internal Linking of Related Contents internal-linking-of-related-contents allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Internal Linking of Related…
- CVE-2025-49888HIGHCVSS 7.1EG 7.12025-07-16
Missing Authorization vulnerability in pimwick PW WooCommerce On Sale! pw-woocommerce-on-sale allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PW WooCommerce On Sale!: from n/a through <= 1.39.
- CVE-2025-49899MEDIUMCVSS 5.3EG 5.32025-10-22
Missing Authorization vulnerability in jjlemstra Whydonate wp-whydonate allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Whydonate: from n/a through <= 4.0.15.
- CVE-2025-49902MEDIUMCVSS 6.5EG 6.52025-12-18
Missing Authorization vulnerability in A WP Life Login Page Customizer – Customizer Login Page, Admin Page, Custom Design customizer-login-page allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Lo…
- CVE-2025-49903MEDIUMCVSS 5.3EG 5.32025-10-22
Missing Authorization vulnerability in bdthemes ZoloBlocks zoloblocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ZoloBlocks: from n/a through <= 2.3.11.
- CVE-2025-49906MEDIUMCVSS 5.3EG 5.32025-10-22
Missing Authorization vulnerability in StellarWP WPComplete wpcomplete allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WPComplete: from n/a through <= 2.9.5.3.
- CVE-2025-49907MEDIUMCVSS 4.3EG 8.22025-10-22
Missing Authorization vulnerability in RealMag777 MDTF wp-meta-data-filter-and-taxonomy-filter allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MDTF: from n/a through <= 1.3.3.9.
- CVE-2025-49910HIGHCVSS 8.2EG 8.22025-10-22
Missing Authorization vulnerability in AmentoTech Private Limited WPGuppy wpguppy-lite allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WPGuppy: from n/a through <= 1.1.4.
- CVE-2025-49913MEDIUMCVSS 5.3EG 5.32025-10-22
Missing Authorization vulnerability in CoSchedule CoSchedule coschedule-by-todaymade allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CoSchedule: from n/a through <= 3.4.0.
- CVE-2025-49916HIGHCVSS 8.6EG 8.62025-10-22
Missing Authorization vulnerability in MultiVendorX MultiVendorX dc-woocommerce-multi-vendor allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects MultiVendorX: from n/a through <= 4.2.23.
- CVE-2025-49920MEDIUMCVSS 5.4EG 5.42025-10-22
Missing Authorization vulnerability in accessiBe Web Accessibility By accessiBe accessibe allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Web Accessibility By accessiBe: from n/a through <= 2.10.
- CVE-2025-49922MEDIUMCVSS 4.3EG 4.32025-10-22
Missing Authorization vulnerability in etruel WPeMatico RSS Feed Fetcher wpematico allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPeMatico RSS Feed Fetcher: from n/a through <= 2.8.3.
- CVE-2025-49925HIGHCVSS 7.5EG 7.32025-10-22
Missing Authorization vulnerability in VibeThemes WPLMS wplms_plugin allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WPLMS: from n/a through <= 1.9.9.7.
- CVE-2025-49937MEDIUMCVSS 4.3EG 4.32025-10-22
Missing Authorization vulnerability in Syed Balkhi Smash Balloon Social Post Feed custom-facebook-feed allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Smash Balloon Social Post Feed: from n/a thro…
- CVE-2025-49949MEDIUMCVSS 5.4EG 8.82025-10-22
Missing Authorization vulnerability in templazee Templazee templazee allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Templazee: from n/a through <= 1.0.2.
- CVE-2025-49950HIGHCVSS 7.2EG 8.82025-10-22
Missing Authorization vulnerability in billingo Official Integration for Billingo billingo allows Privilege Escalation.This issue affects Official Integration for Billingo: from n/a through <= 4.3.0.
- CVE-2025-49961MEDIUMCVSS 6.5EG 8.12025-10-22
Missing Authorization vulnerability in Breeze Team Breeze Checkout breeze-checkout allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Breeze Checkout: from n/a through <= 1.4.0.
- CVE-2025-49969MEDIUMCVSS 4.3EG 4.32025-06-20
Missing Authorization vulnerability in Zara 4 Zara 4 Image Compression zara-4 allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Zara 4 Image Compression: from n/a through <= 1.2.17.2.
- CVE-2025-49970MEDIUMCVSS 4.3EG 4.32025-06-20
Missing Authorization vulnerability in sparklewpthemes Hello FSE Blog hello-fse-blog allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Hello FSE Blog: from n/a through <= 1.0.6.
- CVE-2025-49971MEDIUMCVSS 4.3EG 4.32025-06-20
Missing Authorization vulnerability in aThemeArt Translations eDS Responsive Menu eds-responsive-menu allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects eDS Responsive Menu: from n/a through <= 1.2.
- CVE-2025-49973MEDIUMCVSS 4.3EG 4.32025-06-20
Missing Authorization vulnerability in GrandPlugins Image Sizes Controller, Create Custom Image Sizes, Disable Image Sizes image-sizes-controller allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Im…
- CVE-2025-49974MEDIUMCVSS 4.3EG 4.32025-06-20
Missing Authorization vulnerability in upstreamplugin UpStream: a Project Management Plugin for WordPress upstream allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects UpStream: a Project Management Pl…
- CVE-2025-49976MEDIUMCVSS 4.3EG 4.32025-06-20
Missing Authorization vulnerability in WANotifier Notifier notifier allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Notifier: from n/a through <= 2.7.12.
- CVE-2025-49979MEDIUMCVSS 4.3EG 4.32025-06-20
Missing Authorization vulnerability in slui Media Hygiene media-hygiene allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Media Hygiene: from n/a through <= 4.0.1.
- CVE-2025-49980MEDIUMCVSS 4.3EG 4.32025-06-20
Missing Authorization vulnerability in WP Event Manager WP User Profile Avatar wp-user-profile-avatar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP User Profile Avatar: from n/a through <= 1.…
- CVE-2025-49981MEDIUMCVSS 4.3EG 4.32025-06-20
Missing Authorization vulnerability in mahabub81 User Roles and Capabilities user-roles-and-capabilities allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects User Roles and Capabilities: from n/a throu…
- CVE-2025-49982MEDIUMCVSS 4.3EG 4.32025-06-20
Missing Authorization vulnerability in aguilatechnologies WP Customer Area customer-area allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Customer Area: from n/a through <= 8.3.4.
- CVE-2025-49986MEDIUMCVSS 5.3EG 5.32025-06-20
Missing Authorization vulnerability in thanhtungtnt Video List Manager video-list-manager allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Video List Manager: from n/a through <= 1.7.
- CVE-2025-49987MEDIUMCVSS 5.3EG 5.32025-06-20
Missing Authorization vulnerability in WPFactory CRM ERP Business Solution crm-erp-business-solution allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CRM ERP Business Solution: from n/a through <= …
- CVE-2025-49988MEDIUMCVSS 5.3EG 5.32025-06-20
Missing Authorization vulnerability in Renzo Johnson Contact Form 7 AWeber Extension integrate-contact-form-7-and-aweber allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Contact Form 7 AWeber Exten…
- CVE-2025-49989MEDIUMCVSS 5.3EG 5.32025-06-20
Missing Authorization vulnerability in App Cheap App Builder app-builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects App Builder: from n/a through <= 5.5.6.
- CVE-2025-49990MEDIUMCVSS 5.3EG 5.32025-06-20
Missing Authorization vulnerability in contentstudio Contentstudio contentstudio allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Contentstudio: from n/a through <= 1.3.7.
- CVE-2025-49991MEDIUMCVSS 5.3EG 5.32025-06-20
Missing Authorization vulnerability in tggfref WP-Recall allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects WP-Recall: from n/a through 16.26.14.
- CVE-2025-49993MEDIUMCVSS 5.3EG 5.32025-06-20
Missing Authorization vulnerability in csarturas Cookie-Script.com cookie-script-com allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Cookie-Script.com: from n/a through <= 1.2.1.
- CVE-2025-49996MEDIUMCVSS 5.3EG 5.32025-06-20
Missing Authorization vulnerability in osama.esh WP Visitor Statistics (Real Time Traffic) wp-stats-manager allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WP Visitor Statistics (Real Time Traffic): from …
- CVE-2025-49997MEDIUMCVSS 5.3EG 5.32025-06-20
Missing Authorization vulnerability in Syed Balkhi Giveaways and Contests by RafflePress rafflepress allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Giveaways and Contests by RafflePress: from n/a through…
- CVE-2025-49998MEDIUMCVSS 5.4EG 5.42025-06-20
Missing Authorization vulnerability in Wetail WooCommerce Fortnox Integration woocommerce-fortnox-integration allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WooCommerce Fortnox Integration: from …
- CVE-2025-50008MEDIUMCVSS 5.4EG 5.42025-06-20
Missing Authorization vulnerability in cscode WooCommerce Manager – Customize and Control Cart page, Add to Cart button, Checkout fields easily innovs-woo-manager allows Exploiting Incorrectly Configured Access Control Security Levels.Th…
- CVE-2025-50009MEDIUMCVSS 5.4EG 5.42025-06-20
Missing Authorization vulnerability in Climax Themes Kata Plus kata-plus allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Kata Plus: from n/a through <= 1.5.3.
Map vulnerabilities like CWE-862 to your infrastructure
EchelonGraph correlates every CVE — across CWE-862 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →