CWE-862— Missing Authorization
The product does not perform an authorization check when an actor attempts to access a resource or perform an action.— MITRE CWE catalog
8,584 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-862page 129 of 172
- CVE-2025-63038MEDIUMCVSS 4.3EG 4.32025-12-31
Missing Authorization vulnerability in Northern Beaches Websites WP Custom Admin Interface wp-custom-admin-interface allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Custom Admin Interface: from…
- CVE-2025-63039MEDIUMCVSS 6.5EG 6.52025-12-18
Missing Authorization vulnerability in CridioStudio ListingPro listingpro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ListingPro: from n/a through <= 2.9.9.
- CVE-2025-63041MEDIUMCVSS 5.4EG 5.42026-06-26
Contributor Broken Access Control in Forget About Shortcode Buttons <= 2.1.3 versions.
- CVE-2025-63047MEDIUMCVSS 5.3EG 5.32025-12-09
Missing Authorization vulnerability in CridioStudio ListingPro listingpro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ListingPro: from n/a through <= 2.9.9.
- CVE-2025-63049MEDIUMCVSS 5.3EG 5.32025-12-09
Missing Authorization vulnerability in CridioStudio ListingPro Lead Form listingpro-lead-form allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects ListingPro Lead Form: from n/a through <= 1.0.7.
- CVE-2025-63054MEDIUMCVSS 5.3EG 5.32025-12-09
Missing Authorization vulnerability in ExpressTech Systems Quiz And Survey Master quiz-master-next allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Quiz And Survey Master: from n/a through <= 10.3.…
- CVE-2025-63056MEDIUMCVSS 4.3EG 4.32025-12-09
Missing Authorization vulnerability in bestwebsoft Contact Form by BestWebSoft contact-form-plugin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Contact Form by BestWebSoft: from n/a through <= …
- CVE-2025-63063MEDIUMCVSS 5.3EG 6.52025-12-09
Missing Authorization vulnerability in Yandex Metrika Yandex.Metrica wp-yandex-metrika allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Yandex.Metrica: from n/a through <= 1.2.2.
- CVE-2025-63067MEDIUMCVSS 4.3EG 4.32025-12-09
Missing Authorization vulnerability in p-themes Porto Theme - Functionality porto-functionality allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Porto Theme - Functionality: from n/a through < 3.7.…
- CVE-2025-63069MEDIUMCVSS 5.3EG 5.32025-12-09
Missing Authorization vulnerability in Vinod Dalvi Ivory Search add-search-to-menu allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ivory Search: from n/a through <= 5.5.12.
- CVE-2025-63077MEDIUMCVSS 4.3EG 4.32025-12-09
Missing Authorization vulnerability in HappyMonster Happy Addons for Elementor happy-elementor-addons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Happy Addons for Elementor: from n/a through <…
- CVE-2025-63078MEDIUMCVSS 4.3EG 4.32026-06-26
Subscriber Broken Access Control in Restaurant Menu by MotoPress <= 2.4.11 versions.
- CVE-2025-63079MEDIUMCVSS 4.3EG 4.32026-06-26
Contributor Broken Access Control in Live Copy Paste for Elementor <= 1.5.3 versions.
- CVE-2025-63293MEDIUMCVSS 6.5EG 6.52025-11-03
FairSketch Rise Ultimate Project Manager & CRM 3.9.4 is vulnerable to Insecure Permissions. A remote authenticated user can append comments or upload attachments to tickets for which they lack view or edit authorization, due to missing aut…
- CVE-2025-63294MEDIUMCVSS 6.5EG 6.52025-11-04
WorkDo HRM SaaS HR and Payroll Tool 8.1 is affected vulnerable to Insecure Permissions. An authenticated user can create leave or resignation records on behalf of other users.
- CVE-2025-6341MEDIUMCVSS 4.3EG 4.32025-06-20
A vulnerability classified as problematic was found in code-projects School Fees Payment System 1.0. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The e…
- CVE-2025-6380CRITICALCVSS 9.8EG 9.82025-07-24
The ONLYOFFICE Docs plugin for WordPress is vulnerable to Privilege Escalation due to missing authorization within its oo.callback REST endpoint in versions 1.1.0 to 2.2.0. The plugin’s permission callback only verifies that the supplied…
- CVE-2025-64132MEDIUMCVSS 5.4EG 5.42025-10-29
Jenkins MCP Server Plugin 0.84.v50ca_24ef83f2 and earlier does not perform permission checks in multiple MCP tools, allowing attackers to trigger builds and obtain information about job and cloud configuration they should not be able to ac…
- CVE-2025-64137MEDIUMCVSS 4.3EG 4.32025-10-29
A missing permission check in Jenkins Themis Plugin 1.4.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified HTTP server.
- CVE-2025-64139MEDIUMCVSS 4.3EG 4.32025-10-29
A missing permission check in Jenkins Start Windocks Containers Plugin 1.4 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL.
- CVE-2025-64142MEDIUMCVSS 4.3EG 4.32025-10-29
A missing permission check in Jenkins Nexus Task Runner Plugin 0.9.2 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials.
- CVE-2025-64148MEDIUMCVSS 4.3EG 4.32025-10-29
A missing permission check in Jenkins Publish to Bitbucket Plugin 0.4 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.
- CVE-2025-64150MEDIUMCVSS 5.4EG 5.42025-10-29
A missing permission check in Jenkins Publish to Bitbucket Plugin 0.4 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another metho…
- CVE-2025-64171HIGHCVSS 8.7EG 8.72025-11-06
MARIN3R is a lightweight, CRD based envoy control plane for kubernetes. In versions 0.13.3 and below, there is a cross-namespace secret access vulnerability in the project's DiscoveryServiceCertificate which allows users to bypass RBAC and…
- CVE-2025-64179MEDIUMCVSS 5.3EG 5.32025-11-06
lakeFS is an open-source tool that transforms object storage into a Git-like repositories. In versions 1.69.0 and below, missing authentication in the /api/v1/usage-report/summary endpoint allows anyone to retrieve aggregate API usage coun…
- CVE-2025-64192MEDIUMCVSS 6.3EG 6.32025-12-18
Missing Authorization vulnerability in 8theme XStore xstore allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects XStore: from n/a through < 9.6.
- CVE-2025-64199MEDIUMCVSS 5.3EG 5.42025-10-29
Missing Authorization vulnerability in WpEstate wpresidence wpresidence allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects wpresidence: from n/a through <= 5.3.2.
- CVE-2025-64209HIGHCVSS 7.5EG 7.52025-12-18
Missing Authorization vulnerability in StylemixThemes Masterstudy masterstudy allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Masterstudy: from n/a through < 4.8.122.
- CVE-2025-64210MEDIUMCVSS 5.4EG 5.42025-10-29
Missing Authorization vulnerability in StylemixThemes Masterstudy Elementor Widgets masterstudy-elementor-widgets allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Masterstudy Elementor Widgets: fro…
- CVE-2025-64211MEDIUMCVSS 5.3EG 5.32025-10-29
Missing Authorization vulnerability in StylemixThemes Masterstudy Elementor Widgets masterstudy-elementor-widgets allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Masterstudy Elementor Widgets: from n/a th…
- CVE-2025-64212MEDIUMCVSS 5.4EG 5.42025-10-29
Missing Authorization vulnerability in StylemixThemes MasterStudy LMS Pro masterstudy-lms-learning-management-system-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MasterStudy LMS Pro: from n…
- CVE-2025-64214HIGHCVSS 7.5EG 7.52025-12-18
Missing Authorization vulnerability in StylemixThemes MasterStudy LMS Pro masterstudy-lms-learning-management-system-pro allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects MasterStudy LMS Pro: from n/a throu…
- CVE-2025-64215MEDIUMCVSS 6.5EG 6.52026-06-15
Missing Authorization vulnerability in StylemixThemes MasterStudy LMS Pro allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects MasterStudy LMS Pro: from n/a before 4.7.16.
- CVE-2025-64219MEDIUMCVSS 4.3EG 4.32025-10-29
Missing Authorization vulnerability in Strategy11 Team Business Directory business-directory-plugin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Business Directory: from n/a through <= 6.4.18.
- CVE-2025-64222HIGHCVSS 7.5EG 7.52025-12-18
Missing Authorization vulnerability in FantasticPlugins WooCommerce Recover Abandoned Cart rac allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WooCommerce Recover Abandoned Cart: from n/a through …
- CVE-2025-64229MEDIUMCVSS 4.3EG 4.32025-10-29
Missing Authorization vulnerability in BoldGrid Client Invoicing by Sprout Invoices sprout-invoices allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Client Invoicing by Sprout Invoices: from n/a th…
- CVE-2025-64234MEDIUMCVSS 4.3EG 4.32025-10-29
Missing Authorization vulnerability in Evergreen Content Poster Evergreen Content Poster evergreen-content-poster allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Evergreen Content Poster: from n/a…
- CVE-2025-64238MEDIUMCVSS 4.3EG 4.32025-12-16
Missing Authorization vulnerability in NicolasKulka WPS Bidouille wps-bidouille allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPS Bidouille: from n/a through <= 1.33.1.
- CVE-2025-64241MEDIUMCVSS 4.3EG 4.32025-12-16
Missing Authorization vulnerability in Imtiaz Rayhan WP Coupons and Deals wp-coupons-and-deals allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Coupons and Deals: from n/a through <= 3.2.4.
- CVE-2025-64242MEDIUMCVSS 4.3EG 4.32025-12-16
Missing Authorization vulnerability in Merv Barrett Easy Property Listings easy-property-listings allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Property Listings: from n/a through <= 3.5.22.
- CVE-2025-64243MEDIUMCVSS 4.3EG 4.32025-12-16
Missing Authorization vulnerability in e-plugins Directory Pro directory-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Directory Pro: from n/a through <= 2.5.6.
- CVE-2025-64244MEDIUMCVSS 4.3EG 4.32025-12-16
Missing Authorization vulnerability in Codexpert, Inc Restrict Elementor Widgets, Columns and Sections restrict-elementor-widgets allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Restrict Elementor…
- CVE-2025-64245MEDIUMCVSS 4.3EG 4.32025-12-16
Missing Authorization vulnerability in ryanpcmcquen Import external attachments import-external-attachments allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Import external attachments: from n/a th…
- CVE-2025-64246MEDIUMCVSS 4.3EG 4.32025-12-16
Missing Authorization vulnerability in netopsae Accessibility by AudioEye accessibility-by-audioeye allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Accessibility by AudioEye: from n/a through <= 1…
- CVE-2025-64247MEDIUMCVSS 4.3EG 6.52025-12-16
Missing Authorization vulnerability in edmon.parker Read More & Accordion expand-maker allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Read More & Accordion: from n/a through <= 3.5.5.1.
- CVE-2025-64248MEDIUMCVSS 4.3EG 4.32025-12-16
Missing Authorization vulnerability in emarket-design Request a Quote request-a-quote allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Request a Quote: from n/a through <= 2.5.3.
- CVE-2025-64249MEDIUMCVSS 5.3EG 4.82025-12-16
Missing Authorization vulnerability in WP-EXPERTS.IN Protect WP Admin protect-wp-admin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Protect WP Admin: from n/a through <= 4.1.
- CVE-2025-64251MEDIUMCVSS 4.9EG 4.92025-12-16
Missing Authorization vulnerability in azzaroco Ultimate Learning Pro indeed-learning-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ultimate Learning Pro: from n/a through <= 3.9.3.
- CVE-2025-64254LOWCVSS 2.7EG 8.82025-12-09
Missing Authorization vulnerability in Ronald Huereca Photo Block photo-block allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Photo Block: from n/a through <= 1.5.1.
- CVE-2025-64255LOWCVSS 2.7EG 7.22025-12-09
Missing Authorization vulnerability in Bowo Admin and Site Enhancements (ASE) admin-site-enhancements allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Admin and Site Enhancements (ASE): from n/a th…
Map vulnerabilities like CWE-862 to your infrastructure
EchelonGraph correlates every CVE — across CWE-862 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →