CWE-862— Missing Authorization
The product does not perform an authorization check when an actor attempts to access a resource or perform an action.— MITRE CWE catalog
8,584 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-862page 130 of 172
- CVE-2025-64257MEDIUMCVSS 4.3EG 4.32025-12-09
Missing Authorization vulnerability in Joe Dolson My Tickets my-tickets allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects My Tickets: from n/a through <= 2.1.0.
- CVE-2025-64259MEDIUMCVSS 5.3EG 6.52025-11-13
Missing Authorization vulnerability in Jeroen Schmit Theater for WordPress theatre allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Theater for WordPress: from n/a through <= 0.18.8.
- CVE-2025-64261MEDIUMCVSS 5.4EG 6.52025-11-13
Missing Authorization vulnerability in codepeople Appointment Booking Calendar appointment-booking-calendar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Appointment Booking Calendar: from n/a t…
- CVE-2025-64263MEDIUMCVSS 5.4EG 5.42025-11-13
Missing Authorization vulnerability in PluginEver WP Content Pilot wp-content-pilot allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Content Pilot: from n/a through <= 2.1.7.
- CVE-2025-64265MEDIUMCVSS 4.3EG 4.32025-11-13
Missing Authorization vulnerability in N-Media Frontend File Manager nmedia-user-file-uploader allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Frontend File Manager: from n/a through <= 23.2.
- CVE-2025-64268HIGHCVSS 7.5EG 7.52025-12-18
Missing Authorization vulnerability in Arraytics Timetics timetics allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Timetics: from n/a through <= 1.0.44.
- CVE-2025-64269MEDIUMCVSS 4.3EG 4.32025-11-13
Missing Authorization vulnerability in EDGARROJAS WooCommerce PDF Invoice Builder woo-pdf-invoice-builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WooCommerce PDF Invoice Builder: from n/a …
- CVE-2025-64273MEDIUMCVSS 6.5EG 7.52025-12-18
Missing Authorization vulnerability in GetResponse Email marketing for WordPress by GetResponse Official getresponse-official allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Email marketing for Wo…
- CVE-2025-64274MEDIUMCVSS 4.3EG 4.32025-11-13
Missing Authorization vulnerability in wpkoithemes WPKoi Templates for Elementor wpkoi-templates-for-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPKoi Templates for Elementor: from n…
- CVE-2025-64276MEDIUMCVSS 6.5EG 6.52025-11-13
Missing Authorization vulnerability in Ays Pro Survey Maker survey-maker allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Survey Maker: from n/a through <= 5.1.9.4.
- CVE-2025-64277MEDIUMCVSS 5.3EG 5.32025-11-13
Missing Authorization vulnerability in QuantumCloud ChatBot chatbot allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ChatBot: from n/a through <= 7.3.9.
- CVE-2025-64285MEDIUMCVSS 5.4EG 5.42025-10-29
Missing Authorization vulnerability in Premmerce Premmerce Wholesale Pricing for WooCommerce premmerce-woocommerce-wholesale-pricing allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Premmerce Whole…
- CVE-2025-64294MEDIUMCVSS 5.3EG 5.32025-11-03
Missing Authorization vulnerability in d3wp WP Snow Effect wp-snow-effect allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WP Snow Effect: from n/a through <= 1.1.19.
- CVE-2025-64296MEDIUMCVSS 5.3EG 5.32025-10-29
Missing Authorization vulnerability in Facebook Facebook for WooCommerce facebook-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Facebook for WooCommerce: from n/a through <= 3.5.…
- CVE-2025-64323MEDIUMCVSS 5.3EG 5.32025-11-07
kgateway is a Cloud-Native API and AI Gateway. Versions 2.0.4 and below and 2.1.0-agw-cel-rbac through 2.1.0-rc.2 lack authentication, allowing any client with unrestricted network access to the xDS port to retrieve potentially sensitive c…
- CVE-2025-64348HIGHCVSS 7.1EG 7.12025-10-31
ELOG allows an authenticated user to modify or overwrite the configuration file, resulting in denial of service. If the execute facility is specifically enabled with the "-x" command line flag, attackers could execute OS commands on the ho…
- CVE-2025-64349HIGHCVSS 8.8EG 8.82025-10-31
ELOG allows an authenticated user to modify another user's profile. An attacker can edit a target user's email address, then request a password reset, and take control of the target account. By default, ELOG is not configured to allow self…
- CVE-2025-64350LOWCVSS 3.8EG 3.82025-10-31
Missing Authorization vulnerability in Rank Math SEO Rank Math SEO seo-by-rank-math allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Rank Math SEO: from n/a through <= 1.0.252.1.
- CVE-2025-64352LOWCVSS 2.7EG 2.72025-10-31
Missing Authorization vulnerability in WPDeveloper Essential Addons for Elementor essential-addons-for-elementor-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Essential Addons for Elementor…
- CVE-2025-64356MEDIUMCVSS 4.3EG 4.32025-10-31
Missing Authorization vulnerability in f1logic Insert PHP Code Snippet insert-php-code-snippet allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Insert PHP Code Snippet: from n/a through <= 1.4.3.
- CVE-2025-64358MEDIUMCVSS 4.3EG 4.32025-10-31
Missing Authorization vulnerability in WebToffee Smart Coupons for WooCommerce wt-smart-coupons-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Smart Coupons for WooCommerce: from …
- CVE-2025-64369MEDIUMCVSS 6.5EG 6.52025-11-13
Missing Authorization vulnerability in codepeople Contact Form Email contact-form-to-email allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Contact Form Email: from n/a through <= 1.3.58.
- CVE-2025-64370MEDIUMCVSS 5.3EG 5.32025-11-13
Missing Authorization vulnerability in YOP YOP Poll yop-poll allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects YOP Poll: from n/a through <= 6.5.38.
- CVE-2025-64375MEDIUMCVSS 6.5EG 6.52025-12-18
Missing Authorization vulnerability in Mahmudul Hasan Arif WP Social Ninja wp-social-reviews allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Social Ninja: from n/a through <= 3.20.1.
- CVE-2025-64378HIGHCVSS 7.1EG 7.52025-12-18
Missing Authorization vulnerability in CridioStudio ListingPro listingpro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ListingPro: from n/a through < 2.9.10.
- CVE-2025-64379MEDIUMCVSS 4.3EG 4.32025-11-13
Missing Authorization vulnerability in Pluggabl Booster for WooCommerce woocommerce-jetpack allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Booster for WooCommerce: from n/a through <= 7.4.0.
- CVE-2025-64382MEDIUMCVSS 4.3EG 4.32025-11-13
Missing Authorization vulnerability in WebToffee Order Export & Order Import for WooCommerce order-import-export-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Order Export & Orde…
- CVE-2025-64384MEDIUMCVSS 5.3EG 6.32025-11-13
Missing Authorization vulnerability in jetmonsters JetFormBuilder jetformbuilder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JetFormBuilder: from n/a through <= 3.5.3.
- CVE-2025-64401HIGHCVSS 7.5EG 7.52025-11-12
Apache OpenOffice documents can contain links. A missing Authorization vulnerability in Apache OpenOffice allowed an attacker to craft a document that would cause external links to be loaded without prompt. In the affected versions of A…
- CVE-2025-64402MEDIUMCVSS 6.5EG 6.52025-11-12
Apache OpenOffice documents can contain links. A missing Authorization vulnerability in Apache OpenOffice allowed an attacker to craft a document that would cause external links to be loaded without prompt. In the affected versions of Apa…
- CVE-2025-64403HIGHCVSS 8.1EG 8.12025-11-12
Apache OpenOffice Calc spreadsheet can contain links to other files, in the form of "external data sources". A missing Authorization vulnerability in Apache OpenOffice allowed an attacker to craft a document that would cause such links to…
- CVE-2025-64404HIGHCVSS 7.5EG 7.52025-11-12
Apache OpenOffice documents can contain links to other files. A missing Authorization vulnerability in Apache OpenOffice allowed an attacker to craft a document that would cause external links to be loaded without prompt. In the affected …
- CVE-2025-64405HIGHCVSS 7.5EG 7.52025-11-12
Apache OpenOffice documents can contain links. A missing Authorization vulnerability in Apache OpenOffice allowed an attacker to craft a document that would cause external links to be loaded without prompt. In the affected versions of Apa…
- CVE-2025-64407MEDIUMCVSS 5.3EG 5.32025-11-12
Apache OpenOffice documents can contain links. A missing Authorization vulnerability in Apache OpenOffice allowed an attacker to craft a document that would cause external links to be loaded without prompt. Such links could also be used t…
- CVE-2025-6441CRITICALCVSS 9.8EG 9.82025-07-24
The Webinar Solution: Create live/evergreen/automated/instant webinars, stream & Zoom Meetings | WebinarIgnition plugin for WordPress is vulnerable to unauthenticated login token generation due to a missing capability check on the `webinar…
- CVE-2025-64520MEDIUMCVSS 6.5EG 6.52025-12-16
GLPI is a free asset and IT management software package. Starting in version 9.1.0 and prior to version 10.0.21, an unauthorized user with an API access can read all knowledge base entries. Users should upgrade to 10.0.21 to receive a patc…
- CVE-2025-64630MEDIUMCVSS 4.9EG 4.72025-12-16
Missing Authorization vulnerability in Strategy11 Team Business Directory business-directory-plugin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Business Directory: from n/a through <= 6.4.19.
- CVE-2025-64631MEDIUMCVSS 4.9EG 5.02025-12-16
Missing Authorization vulnerability in WC Lovers WCFM Marketplace wc-multivendor-marketplace allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WCFM Marketplace: from n/a through <= 3.7.1.
- CVE-2025-64632MEDIUMCVSS 5.3EG 5.32025-12-16
Missing Authorization vulnerability in Auctollo Google XML Sitemaps google-sitemap-generator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Google XML Sitemaps: from n/a through <= 4.1.22.
- CVE-2025-64634MEDIUMCVSS 5.3EG 8.82025-12-16
Missing Authorization vulnerability in ThemeFusion Avada avada allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Avada: from n/a through <= 7.13.2.
- CVE-2025-64635MEDIUMCVSS 5.3EG 5.42025-12-16
Missing Authorization vulnerability in Syed Balkhi Feeds for YouTube feeds-for-youtube allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Feeds for YouTube: from n/a through <= 2.4.0.
- CVE-2025-64636MEDIUMCVSS 5.3EG 5.32026-06-26
Unauthenticated Broken Access Control in Donation Thermometer <= 2.2.7 versions.
- CVE-2025-64638MEDIUMCVSS 5.3EG 5.32025-12-16
Missing Authorization vulnerability in OnPay.io OnPay.io for WooCommerce onpay-io-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects OnPay.io for WooCommerce: from n/a through <= 1.0.…
- CVE-2025-64639MEDIUMCVSS 5.3EG 5.32025-12-16
Missing Authorization vulnerability in WP Compress WP Compress for MainWP wp-compress-mainwp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Compress for MainWP: from n/a through <= 6.50.17.
- CVE-2025-64681LOWCVSS 3.7EG 2.72025-11-10
In JetBrains Hub before 2025.3.104992 a race condition allowed bypass of the user limit via invitations
- CVE-2025-64684HIGHCVSS 7.5EG 4.32025-11-10
In JetBrains YouTrack before 2025.3.104432 information disclosure was possible via the feedback form
- CVE-2025-64729HIGHCVSS 8.1EG 8.12026-01-16
The vulnerability, if exploited, could allow an authenticated miscreant (OS Standard User) to tamper with Process Optimization project files, embed code, and escalate their privileges to the identity of a victim user who subsequently in…
- CVE-2025-6476MEDIUMCVSS 4.3EG 4.32025-06-22
A vulnerability was found in SourceCodester Gym Management System 1.0. It has been classified as problematic. Affected is an unknown function. The manipulation leads to cross-site request forgery. It is possible to launch the attack remote…
- CVE-2025-6478MEDIUMCVSS 4.3EG 4.32025-06-22
A vulnerability was found in CodeAstro Expense Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation leads to cross-site request forgery. The attack may be launched …
- CVE-2025-65020MEDIUMCVSS 6.5EG 6.52025-11-19
Rallly is an open-source scheduling and collaboration tool. Prior to version 4.5.4, an Insecure Direct Object Reference (IDOR) vulnerability in the poll duplication endpoint (/api/trpc/polls.duplicate) allows any authenticated user to dupl…
Map vulnerabilities like CWE-862 to your infrastructure
EchelonGraph correlates every CVE — across CWE-862 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →