CWE-862— Missing Authorization
The product does not perform an authorization check when an actor attempts to access a resource or perform an action.— MITRE CWE catalog
8,583 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-862page 120 of 172
- CVE-2025-50010MEDIUMCVSS 5.4EG 5.42025-06-20
Missing Authorization vulnerability in Zapier Zapier for WordPress zapier allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Zapier for WordPress: from n/a through <= 1.5.2.
- CVE-2025-50028MEDIUMCVSS 6.5EG 6.52025-07-16
Missing Authorization vulnerability in CodeSolz Ultimate Push Notifications ultimate-push-notifications allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ultimate Push Notifications: from n/a throug…
- CVE-2025-50029MEDIUMCVSS 6.5EG 6.52025-08-14
Missing Authorization vulnerability in Ashish AI Tools artificial-intelligence-auto-content-generator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AI Tools: from n/a through <= 4.0.7.
- CVE-2025-50031MEDIUMCVSS 6.5EG 6.52025-08-14
Missing Authorization vulnerability in syedamirhussain91 DB Backup db-backup allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects DB Backup: from n/a through <= 6.0.
- CVE-2025-50032MEDIUMCVSS 6.5EG 6.52025-07-04
Missing Authorization vulnerability in Paytiko - Payment Orchestration Platform Paytiko for WooCommerce paytiko allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Paytiko for WooCommerce: from n/a th…
- CVE-2025-50034MEDIUMCVSS 6.5EG 6.52025-06-20
Missing Authorization vulnerability in Mahmudul Hasan Arif Enhanced Blocks – Page Builder Blocks for Gutenberg enhanced-blocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Enhanced Blocks –…
- CVE-2025-50039MEDIUMCVSS 6.5EG 6.52025-07-04
Missing Authorization vulnerability in vgwort VG WORT METIS vgw-metis allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects VG WORT METIS: from n/a through <= 2.0.1.
- CVE-2025-50171CRITICALCVSS 9.1EG 9.12025-08-12
Missing authorization in Remote Desktop Server allows an unauthorized attacker to perform spoofing over a network.
- CVE-2025-5018HIGHCVSS 7.1EG 7.12025-06-06
The Hive Support plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on the hs_update_ai_chat_settings() and hive_lite_support_get_all_binbox() functions in all versions up t…
- CVE-2025-5033MEDIUMCVSS 4.3EG 4.32025-05-21
A vulnerability classified as problematic was found in XiaoBingby TeaCMS 2.0.2. Affected by this vulnerability is an unknown functionality of the file src/main/java/me/teacms/controller/admin/UserManageController/addUser. The manipulation …
- CVE-2025-5117HIGHCVSS 8.8EG 8.82025-05-27
The Property plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the use of the property_package_user_role metadata in versions 1.0.5 to 1.0.6. This makes it possible for authenticated attackers,…
- CVE-2025-5121HIGHCVSS 8.5EG 8.52025-06-20
An issue has been discovered in GitLab CE/EE affecting all versions from 17.11 before 17.11.4 and 18.0 before 18.0.2. A missing authorization check may have allowed compliance frameworks to be applied to projects outside the compliance fra…
- CVE-2025-51308MEDIUMCVSS 5.3EG 5.32025-08-06
In Gatling Enterprise versions below 1.25.0, a low-privileged user that does not hold the role "admin" could perform a REST API call on read-only endpoints, allowing him to collect some information, due to missing authorization checks.
- CVE-2025-5132HIGHCVSS 8.8EG 4.32025-05-24
A vulnerability was found in Tmall Demo up to 20250505. It has been rated as problematic. This issue affects some unknown processing of the file tmall/admin/account/logout. The manipulation leads to cross-site request forgery. The attack m…
- CVE-2025-5185MEDIUMCVSS 4.3EG 4.32025-05-26
A vulnerability was found in Summer Pearl Group Vacation Rental Management Platform up to 1.0.1. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross-site request …
- CVE-2025-52024CRITICALCVSS 9.4EG 9.42026-01-23
A vulnerability exists in the Aptsys POS Platform Web Services module thru 2025-05-28, which exposes internal API testing tools to unauthenticated users. By accessing specific URLs, an attacker is presented with a directory-style index lis…
- CVE-2025-52352CRITICALCVSS 9.8EG 9.82025-08-21
Aikaan IoT management platform v3.25.0325-5-g2e9c59796 provides a configuration to disable user sign-up in distributed deployments by hiding the sign-up option on the login page UI. However, the sign-up API endpoint remains publicly access…
- CVE-2025-52554MEDIUMCVSS 4.3EG 4.32025-07-03
n8n is a workflow automation platform. Prior to version 1.99.1, an authorization vulnerability was discovered in the /rest/executions/:id/stop endpoint of n8n. An authenticated user can stop workflow executions that they do not own or that…
- CVE-2025-52670MEDIUMCVSS 6.5EG 7.12025-11-20
Missing authorization check in Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes users on the system to delete banners owned by other accounts
- CVE-2025-52721MEDIUMCVSS 6.5EG 6.52025-08-14
Missing Authorization vulnerability in LCweb Global Gallery allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Global Gallery: from n/a through 9.2.3.
- CVE-2025-52731HIGHCVSS 7.5EG 7.52025-08-14
Missing Authorization vulnerability in themefunction WordPress Event Manager, Event Calendar and Booking Plugin eventin-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WordPress Event Manager,…
- CVE-2025-52738MEDIUMCVSS 6.5EG 9.12025-10-22
Missing Authorization vulnerability in Wikimedia Foundation Wikipedia Preview wikipedia-preview allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Wikipedia Preview: from n/a through <= 1.15.0.
- CVE-2025-52757MEDIUMCVSS 6.5EG 6.12025-10-22
Missing Authorization vulnerability in FantasticPlugins SUMO Memberships for WooCommerce sumomemberships allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SUMO Memberships for WooCommerce: from n/a …
- CVE-2025-52766MEDIUMCVSS 6.5EG 6.52026-06-02
Missing Authorization vulnerability in Printeers Printeers Print & Ship allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Printeers Print & Ship: from n/a through 1.17.0.
- CVE-2025-52775HIGHCVSS 7.1EG 7.12025-08-14
Missing Authorization vulnerability in Ronik@UnlimitedWP Project Cost Calculator project-cost-calculator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Project Cost Calculator: from n/a through <…
- CVE-2025-52785HIGHCVSS 7.1EG 7.12025-08-14
Missing Authorization vulnerability in softnwords SMM API smm-api allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SMM API: from n/a through <= 6.0.31.
- CVE-2025-52800HIGHCVSS 7.3EG 7.32025-08-14
Missing Authorization vulnerability in Unity Business Technology Pty Ltd The E-Commerce ERP profitori allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects The E-Commerce ERP: from n/a through <= 2.1.1.3.
- CVE-2025-52801HIGHCVSS 7.3EG 7.32025-08-14
Missing Authorization vulnerability in VonStroheim TheBooking thebooking allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects TheBooking: from n/a through <= 1.4.4.
- CVE-2025-52802HIGHCVSS 7.5EG 7.52025-06-20
Missing Authorization vulnerability in enguerranws Import YouTube videos as WP Posts import-youtube-videos-as-wp-post allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Import YouTube videos as WP Po…
- CVE-2025-52803HIGHCVSS 7.5EG 7.52025-07-16
Missing Authorization vulnerability in uxper Sala allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Sala: from n/a through 1.1.3.
- CVE-2025-52804HIGHCVSS 7.5EG 7.52025-07-16
Missing Authorization vulnerability in uxper Nuss nuss allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Nuss: from n/a through <= 1.3.7.1.
- CVE-2025-52813HIGHCVSS 8.1EG 8.12025-07-04
Missing Authorization vulnerability in pietro MobiLoud allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects MobiLoud: from n/a through 4.6.5.
- CVE-2025-52817HIGHCVSS 8.2EG 8.22025-06-27
Missing Authorization vulnerability in ZealousWeb Abandoned Contact Form 7 abandoned-contact-form-7 allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Abandoned Contact Form 7: from n/a through <= 2.…
- CVE-2025-52818HIGHCVSS 8.2EG 8.22025-06-27
Missing Authorization vulnerability in Dejan Jasnic Trusty Whistleblowing trusty-whistleblowing-solution allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Trusty Whistleblowing: from n/a through <= …
- CVE-2025-5282HIGHCVSS 7.5EG 7.52025-06-13
The WP Travel Engine – Tour Booking Plugin – Tour Operator Software plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the delete_package() function in all versions up to, and including…
- CVE-2025-52824HIGHCVSS 8.8EG 8.82025-06-27
Missing Authorization vulnerability in MDJM Mobile DJ Manager mobile-dj-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Mobile DJ Manager: from n/a through <= 1.7.8.3.
- CVE-2025-52878MEDIUMCVSS 4.3EG 4.32025-06-23
In JetBrains TeamCity before 2025.03.3 usernames were exposed to the users without proper permissions
- CVE-2025-5288CRITICALCVSS 9.8EG 9.82025-06-13
The REST API | Custom API Generator For Cross Platform And Import Export In WP plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the process_handler() function in versions 1.0.0 to 2.0.3. This …
- CVE-2025-52950CRITICALCVSS 9.6EG 9.62025-07-11
A Missing Authorization vulnerability in Juniper Networks Security Director allows an unauthenticated network-based attacker to read or tamper with multiple sensitive resources via the web interface. Numerous endpoints on the Juniper Sec…
- CVE-2025-52954HIGHCVSS 7.8EG 7.82025-07-11
A Missing Authorization vulnerability in the internal virtual routing and forwarding (VRF) of Juniper Networks Junos OS Evolved allows a local, low-privileged user to gain root privileges, leading to a system compromise. Any low-privileg…
- CVE-2025-5304CRITICALCVSS 9.8EG 9.82025-06-28
The PT Project Notebooks plugin for WordPress is vulnerable to Privilege Escalation due to missing authorization in the wpnb_pto_new_users_add() function in versions 1.0.0 through 1.1.3. This makes it possible for unauthenticated attackers…
- CVE-2025-53108MEDIUMCVSS 5.3EG 5.32025-07-02
HomeBox is a home inventory and organization system. Prior to 0.20.1, HomeBox contains a missing authorization check in the API endpoints responsible for updating and deleting inventory item attachments. This flaw allows authenticated user…
- CVE-2025-53111MEDIUMCVSS 6.5EG 6.52025-07-30
GLPI is a Free Asset and IT Management Software package. In versions 0.80 through 10.0.18, a lack of permission checks can result in unauthorized access to some resources. This is fixed in version 10.0.19.
- CVE-2025-53112MEDIUMCVSS 4.3EG 4.32025-07-30
GLPI is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. In versions 9.1.0 through 10.0.18, a lack of permission checks can result in unauthorized removal o…
- CVE-2025-53113LOWCVSS 2.7EG 2.72025-07-30
GLPI, which stands for Gestionnaire Libre de Parc Informatique, is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. In versions 0.65 through 10.0.18, a tech…
- CVE-2025-5315MEDIUMCVSS 4.3EG 4.32025-06-26
An issue has been discovered in GitLab CE/EE affecting all versions from 17.2 before 17.11.5, 18.0 before 18.0.3, and 18.1 before 18.1.1 that could have allowed authenticated users with Guest role permissions to add child items to incident…
- CVE-2025-5317MEDIUMCVSS 5.5EG 5.52025-11-11
An improper access restriction to a folder in Bitdefender Endpoint Security Tools for Mac (BEST) before 7.20.52.200087 allows local users with administrative privileges to bypass the configured uninstall password protection. An unauthorize…
- CVE-2025-53200MEDIUMCVSS 4.3EG 4.32025-06-27
Missing Authorization vulnerability in QuantumCloud ChatBot chatbot allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ChatBot: from n/a through <= 6.7.3.
- CVE-2025-53214MEDIUMCVSS 6.5EG 9.12025-11-06
Missing Authorization vulnerability in sertifier Sertifier Certificate & Badge Maker sertifier-certificates-open-badges allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sertifier Certificate & Badg…
- CVE-2025-53217HIGHCVSS 7.6EG 7.62026-02-20
Missing Authorization vulnerability in staviravn AIO WP Builder all-in-one-wp-builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AIO WP Builder: from n/a through <= 2.0.2.
Map vulnerabilities like CWE-862 to your infrastructure
EchelonGraph correlates every CVE — across CWE-862 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →