CWE-862— Missing Authorization
The product does not perform an authorization check when an actor attempts to access a resource or perform an action.— MITRE CWE catalog
8,584 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-862page 126 of 172
- CVE-2025-60148MEDIUMCVSS 4.3EG 4.32025-09-26
Missing Authorization vulnerability in wpshuffle Subscribe to Download subscribe-to-download allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Subscribe to Download: from n/a through <= 2.0.9.
- CVE-2025-60152MEDIUMCVSS 4.3EG 4.32025-09-26
Missing Authorization vulnerability in wpshuffle Subscribe To Unlock subscribe-to-unlock allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Subscribe To Unlock: from n/a through <= 1.1.5.
- CVE-2025-60155MEDIUMCVSS 5.3EG 5.32025-09-26
Missing Authorization vulnerability in loopus WP Virtual Assistant VirtualAssistant allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Virtual Assistant: from n/a through <= 3.0.
- CVE-2025-60159MEDIUMCVSS 4.3EG 4.32025-09-26
Missing Authorization vulnerability in webmaniabr Nota Fiscal Eletrônica WooCommerce nota-fiscal-eletronica-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Nota Fiscal Eletrônica Woo…
- CVE-2025-60165MEDIUMCVSS 4.3EG 4.32025-09-26
Missing Authorization vulnerability in HaruTheme Frames frames allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Frames: from n/a through <= 1.5.7.
- CVE-2025-60166MEDIUMCVSS 4.3EG 4.32025-09-26
Missing Authorization vulnerability in wpshuffle WP Subscription Forms PRO wp-subscription-forms-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Subscription Forms PRO: from n/a through <= …
- CVE-2025-60247MEDIUMCVSS 6.5EG 6.52025-11-06
Missing Authorization vulnerability in Bux Bux Woocommerce bux-woocommerce allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Bux Woocommerce: from n/a through <= 1.2.3.
- CVE-2025-6043HIGHCVSS 8.1EG 8.12025-07-16
The Malcure Malware Scanner — #1 Toolset for WordPress Malware Removal plugin for WordPress is vulnerable to Arbitrary File Deletion due to a missing capability check on the wpmr_delete_file() function in all versions up to, and includin…
- CVE-2025-6105HIGHCVSS 8.8EG 4.32025-06-16
A vulnerability has been found in jflyfox jfinal_cms 5.0.1 and classified as problematic. This vulnerability affects unknown code of the file HOME.java. The manipulation of the argument Logout leads to cross-site request forgery. The attac…
- CVE-2025-6106MEDIUMCVSS 4.3EG 4.32025-06-16
A vulnerability was found in WuKongOpenSource WukongCRM 9.0 and classified as problematic. This issue affects some unknown processing of the file AdminRoleController.java. The manipulation leads to cross-site request forgery. The attack ma…
- CVE-2025-6171MEDIUMCVSS 4.3EG 5.32025-11-15
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.2 before 18.3.6, 18.4 before 18.4.4, and 18.5 before 18.5.2 that could have allowed an authenticated attacker with reporter access to view branch names and pipel…
- CVE-2025-61751HIGHCVSS 8.1EG 8.12025-10-21
Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Platform). Supported versions that are affected are 8.0.7.9, 8.0.8.7 and 8.1.2.5. Easily …
- CVE-2025-61755LOWCVSS 3.7EG 3.72025-10-21
Vulnerability in the Oracle GraalVM for JDK product of Oracle Java SE (component: Compiler). Supported versions that are affected are Oracle GraalVM for JDK: 17.0.16 and 21.0.8. Difficult to exploit vulnerability allows unauthenticated a…
- CVE-2025-6187CRITICALCVSS 9.8EG 9.82025-07-22
The bSecure plugin for WordPress is vulnerable to Privilege Escalation due to missing authorization within its order_info REST endpoint in versions 1.3.7 through 1.7.9. The plugin registers the /webhook/v2/order_info/ route with a permissi…
- CVE-2025-6190HIGHCVSS 8.8EG 8.82025-07-23
The Realty Portal – Agent plugin for WordPress is vulnerable to Privilege Escalation due to missing authorization within the rp_user_profile() AJAX handler in versions 0.1.0 through 0.3.9. The handler reads the client-supplied meta key a…
- CVE-2025-62006MEDIUMCVSS 5.4EG 5.42025-10-22
Missing Authorization vulnerability in VeronaLabs WP SMS wp-sms.This issue affects WP SMS: from n/a through <= 7.0.1.
- CVE-2025-62013MEDIUMCVSS 4.3EG 4.32025-10-22
Missing Authorization vulnerability in POSIMYTH UiChemy uichemy.This issue affects UiChemy: from n/a through <= 4.0.0.
- CVE-2025-62017MEDIUMCVSS 5.4EG 5.42025-11-06
Missing Authorization vulnerability in hogash KALLYAS kallyas.This issue affects KALLYAS: from n/a through <= 4.22.0.
- CVE-2025-62018MEDIUMCVSS 5.3EG 5.32025-11-06
Missing Authorization vulnerability in hogash KALLYAS kallyas.This issue affects KALLYAS: from n/a through <= 4.22.0.
- CVE-2025-62019MEDIUMCVSS 6.5EG 6.52025-10-22
Missing Authorization vulnerability in WPZOOM Recipe Card Blocks for Gutenberg & Elementor recipe-card-blocks-by-wpzoom.This issue affects Recipe Card Blocks for Gutenberg & Elementor: from n/a through <= 3.4.8.
- CVE-2025-62021MEDIUMCVSS 4.3EG 4.32025-10-22
Missing Authorization vulnerability in Made Neat Acknowledgify acknowledgify.This issue affects Acknowledgify: from n/a through <= 1.1.3.
- CVE-2025-62022HIGHCVSS 7.5EG 7.52025-10-22
Missing Authorization vulnerability in BuddyPress BuddyPress buddypress.This issue affects BuddyPress: from n/a through <= 14.3.4.
- CVE-2025-62027MEDIUMCVSS 5.4EG 5.42025-10-22
Missing Authorization vulnerability in StellarWP Event Tickets event-tickets.This issue affects Event Tickets: from n/a through <= 5.26.3.
- CVE-2025-62028MEDIUMCVSS 4.3EG 4.32025-11-06
Missing Authorization vulnerability in ThemeNectar Salient salient.This issue affects Salient: from n/a through < 17.4.0.
- CVE-2025-62033MEDIUMCVSS 6.5EG 6.52025-11-06
Missing Authorization vulnerability in uxper Togo togo.This issue affects Togo: from n/a through < 1.0.4.
- CVE-2025-62037MEDIUMCVSS 6.5EG 6.52025-11-06
Missing Authorization vulnerability in uxper Togo togo.This issue affects Togo: from n/a through < 1.0.4.
- CVE-2025-62046MEDIUMCVSS 6.5EG 6.52025-11-06
Missing Authorization vulnerability in CodexThemes TheGem Demo Import (for WPBakery) thegem-importer.This issue affects TheGem Demo Import (for WPBakery): from n/a through <= 5.10.5.
- CVE-2025-62048MEDIUMCVSS 5.4EG 5.42025-10-22
Missing Authorization vulnerability in WPMU DEV - Your All-in-One WordPress Platform SmartCrawl smartcrawl-seo.This issue affects SmartCrawl: from n/a through <= 3.14.3.
- CVE-2025-62049MEDIUMCVSS 6.5EG 6.52025-11-06
Missing Authorization vulnerability in Stylemix Cost Calculator Builder cost-calculator-builder.This issue affects Cost Calculator Builder: from n/a through <= 3.5.32.
- CVE-2025-6205CRITICALCVSS 9.1EG 9.1⚠ KEV2025-08-04
A missing authorization vulnerability affecting DELMIA Apriso from Release 2020 through Release 2025 could allow an attacker to gain privileged access to the application.
- CVE-2025-62052MEDIUMCVSS 4.3EG 4.32025-10-22
Missing Authorization vulnerability in Horea Radu One Page Express Companion one-page-express-companion.This issue affects One Page Express Companion: from n/a through <= 1.6.43.
- CVE-2025-62070MEDIUMCVSS 4.3EG 4.32025-10-22
Missing Authorization vulnerability in WPXPO WowRevenue revenue.This issue affects WowRevenue: from n/a through <= 1.2.13.
- CVE-2025-62071MEDIUMCVSS 4.3EG 4.32025-10-22
Missing Authorization vulnerability in Repuso Social proof testimonials and reviews by Repuso social-testimonials-and-reviews-widget.This issue affects Social proof testimonials and reviews by Repuso: from n/a through <= 5.29.
- CVE-2025-62072MEDIUMCVSS 4.3EG 4.32025-10-22
Missing Authorization vulnerability in Rustaurius Front End Users front-end-only-users.This issue affects Front End Users: from n/a through <= 3.2.33.
- CVE-2025-62073MEDIUMCVSS 4.3EG 4.32025-10-22
Missing Authorization vulnerability in Sovlix MeetingHub meetinghub.This issue affects MeetingHub: from n/a through <= 1.23.9.
- CVE-2025-62078MEDIUMCVSS 4.3EG 4.32025-12-31
Missing Authorization vulnerability in Fahad Mahmood Easy Upload Files During Checkout easy-upload-files-during-checkout allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Upload Files During Ch…
- CVE-2025-62079MEDIUMCVSS 5.3EG 5.32025-12-31
Missing Authorization vulnerability in Damian WP Export Categories & Taxonomies wp-export-categories-taxonomies allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Export Categories & Taxonomies: f…
- CVE-2025-62081MEDIUMCVSS 5.3EG 5.32025-12-31
Missing Authorization vulnerability in Channelize.io Team Live Shopping & Shoppable Videos For WooCommerce live-shopping-video-streams allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Live Shopping…
- CVE-2025-62085MEDIUMCVSS 5.3EG 5.32025-12-09
Missing Authorization vulnerability in Bertha AI – Andrew Palmer BERTHA AI bertha-ai-free allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects BERTHA AI: from n/a through <= 1.13.
- CVE-2025-62086MEDIUMCVSS 5.4EG 5.42025-12-09
Missing Authorization vulnerability in akazanstev Яндекс Доставка (Boxberry) boxberry allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Яндекс Доставка (Boxberry): from n…
- CVE-2025-62087MEDIUMCVSS 4.3EG 4.32025-12-31
Missing Authorization vulnerability in Web Builder 143 Sticky Notes for WP Dashboard wb-sticky-notes allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sticky Notes for WP Dashboard: from n/a through…
- CVE-2025-62090MEDIUMCVSS 6.5EG 6.52025-12-09
Missing Authorization vulnerability in Jegstudio Gutenverse News – Advanced News Magazine Blog Gutenberg Blocks Addons gutenverse-news allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Gutenverse …
- CVE-2025-62091MEDIUMCVSS 5.4EG 5.42025-12-31
Missing Authorization vulnerability in Vollstart Serial Codes Generator and Validator with WooCommerce Support serial-codes-generator-and-validator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects …
- CVE-2025-62092MEDIUMCVSS 5.3EG 5.32025-12-31
Missing Authorization vulnerability in Wiremo Wiremo woo-reviews-by-wiremo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Wiremo: from n/a through <= 1.4.99.
- CVE-2025-62098MEDIUMCVSS 5.4EG 5.42025-12-31
Missing Authorization vulnerability in totalsoft Portfolio Gallery gallery-portfolio allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Portfolio Gallery: from n/a through <= 1.4.8.
- CVE-2025-62099MEDIUMCVSS 4.3EG 4.32025-12-31
Missing Authorization vulnerability in approveme Signature Add-On for Gravity Forms gravity-signature-forms-add-on allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Signature Add-On for Gravity Form…
- CVE-2025-62100MEDIUMCVSS 5.3EG 5.32025-12-09
Missing Authorization vulnerability in themerain ThemeRain Core themerain-core allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ThemeRain Core: from n/a through <= 1.1.9.
- CVE-2025-62104MEDIUMCVSS 4.3EG 4.32026-04-23
Missing Authorization vulnerability in Navneil Naicker ACF Galerie 4 allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ACF Galerie 4: from n/a through 1.4.2.
- CVE-2025-62106MEDIUMCVSS 5.4EG 8.82026-01-22
Missing Authorization vulnerability in Mario Peshev WP-CRM System wp-crm-system allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP-CRM System: from n/a through <= 3.4.5.
- CVE-2025-62108MEDIUMCVSS 5.4EG 5.42025-12-31
Missing Authorization vulnerability in SaifuMak Add Custom Codes add-custom-codes allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Add Custom Codes: from n/a through <= 4.80.
Map vulnerabilities like CWE-862 to your infrastructure
EchelonGraph correlates every CVE — across CWE-862 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →