CWE-862— Missing Authorization
The product does not perform an authorization check when an actor attempts to access a resource or perform an action.— MITRE CWE catalog
8,585 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-862page 132 of 172
- CVE-2025-66122MEDIUMCVSS 5.3EG 5.42025-12-16
Missing Authorization vulnerability in Design Stylish Price List stylish-price-list allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Stylish Price List: from n/a through <= 7.2.2.
- CVE-2025-66124MEDIUMCVSS 5.3EG 5.32025-12-16
Missing Authorization vulnerability in ZEEN101 Leaky Paywall leaky-paywall allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Leaky Paywall: from n/a through <= 4.22.6.
- CVE-2025-66127MEDIUMCVSS 5.3EG 5.42025-12-16
Missing Authorization vulnerability in g5theme Essential Real Estate essential-real-estate allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Essential Real Estate: from n/a through <= 5.3.2.
- CVE-2025-66128MEDIUMCVSS 5.3EG 5.32025-12-16
Missing Authorization vulnerability in Brevo Sendinblue for WooCommerce woocommerce-sendinblue-newsletter-subscription allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sendinblue for WooCommerce: f…
- CVE-2025-66129MEDIUMCVSS 5.3EG 5.32025-12-16
Missing Authorization vulnerability in wppochipp Pochipp pochipp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Pochipp: from n/a through <= 1.18.0.
- CVE-2025-66130MEDIUMCVSS 5.3EG 5.32025-12-16
Missing Authorization vulnerability in etruel WP Views Counter wpecounter allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Views Counter: from n/a through <= 2.1.2.
- CVE-2025-66131MEDIUMCVSS 5.3EG 9.12025-12-16
Missing Authorization vulnerability in yaadsarig Yaad Sarig Payment Gateway For WC yaad-sarig-payment-gateway-for-wc allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Yaad Sarig Payment Gateway For …
- CVE-2025-66133MEDIUMCVSS 5.3EG 5.32025-12-16
Missing Authorization vulnerability in WP Legal Pages WP Cookie Notice for GDPR, CCPA & ePrivacy Consent gdpr-cookie-consent allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Cookie Notice for GD…
- CVE-2025-66134MEDIUMCVSS 5.4EG 5.42025-12-16
Missing Authorization vulnerability in NinjaTeam FileBird Pro filebird-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects FileBird Pro: from n/a through <= 6.5.1.
- CVE-2025-66135MEDIUMCVSS 5.4EG 8.82026-01-22
Missing Authorization vulnerability in merkulove Imager for Elementor imager-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Imager for Elementor: from n/a through <= 2.0.4.
- CVE-2025-66136MEDIUMCVSS 5.4EG 8.82026-01-22
Missing Authorization vulnerability in merkulove Carter for Elementor carter-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Carter for Elementor: from n/a through <= 1.0.2.
- CVE-2025-66137MEDIUMCVSS 5.4EG 8.82026-01-22
Missing Authorization vulnerability in merkulove Searcher for Elementor searcher-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Searcher for Elementor: from n/a through <= 1.0.3.
- CVE-2025-66138MEDIUMCVSS 5.4EG 8.82026-01-22
Missing Authorization vulnerability in merkulove Motionger for Elementor motionger-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Motionger for Elementor: from n/a through <= 2.0.4.
- CVE-2025-66139MEDIUMCVSS 5.4EG 5.42026-01-22
Missing Authorization vulnerability in merkulove Audier For Elementor audier-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Audier For Elementor: from n/a through <= 1.0.9.
- CVE-2025-66140MEDIUMCVSS 5.4EG 5.42026-01-22
Missing Authorization vulnerability in merkulove Uper for Elementor uper-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Uper for Elementor: from n/a through <= 1.0.5.
- CVE-2025-66141MEDIUMCVSS 5.4EG 5.42026-01-22
Missing Authorization vulnerability in merkulove Scroller scroller allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Scroller: from n/a through <= 2.0.2.
- CVE-2025-66142MEDIUMCVSS 5.4EG 5.42026-01-22
Missing Authorization vulnerability in merkulove Comparimager for Elementor comparimager-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Comparimager for Elementor: from n/a through <= 1…
- CVE-2025-66143MEDIUMCVSS 5.4EG 5.42026-01-22
Missing Authorization vulnerability in merkulove Crumber crumber-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Crumber: from n/a through <= 1.0.10.
- CVE-2025-66144MEDIUMCVSS 5.4EG 5.42025-12-31
Missing Authorization vulnerability in merkulove Worker for Elementor worker-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Worker for Elementor: from n/a through <= 1.0.10.
- CVE-2025-66145MEDIUMCVSS 5.4EG 5.42025-12-31
Missing Authorization vulnerability in merkulove Worker for WPBakery worker-wpbakery allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Worker for WPBakery: from n/a through <= 1.1.1.
- CVE-2025-66146MEDIUMCVSS 5.4EG 5.42025-12-31
Missing Authorization vulnerability in merkulove Logger for Elementor logger-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Logger for Elementor: from n/a through <= 1.0.9.
- CVE-2025-66147MEDIUMCVSS 5.4EG 5.42025-12-16
Missing Authorization vulnerability in merkulove Coder for Elementor coder-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Coder for Elementor: from n/a through <= 1.0.13.
- CVE-2025-66148MEDIUMCVSS 5.4EG 5.42025-12-31
Missing Authorization vulnerability in merkulove Conformer for Elementor conformer-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Conformer for Elementor: from n/a through <= 1.0.7.
- CVE-2025-66149MEDIUMCVSS 5.4EG 5.42025-12-31
Missing Authorization vulnerability in merkulove UnGrabber ungrabber allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects UnGrabber: from n/a through <= 3.1.3.
- CVE-2025-66150MEDIUMCVSS 5.4EG 5.42025-12-31
Missing Authorization vulnerability in merkulove Appender appender allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Appender: from n/a through <= 1.1.1.
- CVE-2025-66151MEDIUMCVSS 5.4EG 5.42025-12-31
Missing Authorization vulnerability in merkulove Countdowner for Elementor countdowner-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Countdowner for Elementor: from n/a through <= 1.0.…
- CVE-2025-66152MEDIUMCVSS 5.4EG 5.42025-12-31
Missing Authorization vulnerability in merkulove Criptopayer for Elementor criptopayer-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Criptopayer for Elementor: from n/a through <= 1.0.…
- CVE-2025-66153MEDIUMCVSS 5.4EG 5.42025-12-31
Missing Authorization vulnerability in merkulove Headinger for Elementor headinger-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Headinger for Elementor: from n/a through <= 1.1.4.
- CVE-2025-66154MEDIUMCVSS 5.4EG 5.42025-12-31
Missing Authorization vulnerability in merkulove Couponer for Elementor couponer-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Couponer for Elementor: from n/a through <= 1.1.7.
- CVE-2025-66155MEDIUMCVSS 5.4EG 5.42025-12-31
Missing Authorization vulnerability in merkulove Questionar for Elementor questionar-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Questionar for Elementor: from n/a through <= 1.1.7.
- CVE-2025-66156MEDIUMCVSS 5.4EG 5.42025-12-31
Missing Authorization vulnerability in merkulove Watcher for Elementor watcher-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Watcher for Elementor: from n/a through <= 1.0.9.
- CVE-2025-66157MEDIUMCVSS 5.4EG 5.42025-12-31
Missing Authorization vulnerability in merkulove Sliper for Elementor sliper-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sliper for Elementor: from n/a through <= 1.0.10.
- CVE-2025-66158MEDIUMCVSS 5.4EG 5.42025-12-31
Missing Authorization vulnerability in merkulove Gmaper for Elementor gmaper-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Gmaper for Elementor: from n/a through <= 1.0.9.
- CVE-2025-66159MEDIUMCVSS 5.4EG 5.42025-12-31
Missing Authorization vulnerability in merkulove Walker for Elementor walker-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Walker for Elementor: from n/a through <= 1.1.6.
- CVE-2025-66160MEDIUMCVSS 5.4EG 5.42025-12-31
Missing Authorization vulnerability in merkulove Select Graphist for Elementor Graphist for Elementor graphist-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Select Graphist for Elemen…
- CVE-2025-66161MEDIUMCVSS 5.4EG 5.42025-12-16
Missing Authorization vulnerability in merkulove Grider for Elementor grider-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Grider for Elementor: from n/a through <= 1.0.8.
- CVE-2025-66162MEDIUMCVSS 5.4EG 5.42025-12-16
Missing Authorization vulnerability in merkulove Spoter for Elementor spoter-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Spoter for Elementor: from n/a through <= 1.04.
- CVE-2025-66163MEDIUMCVSS 5.4EG 5.42025-12-16
Missing Authorization vulnerability in merkulove Masker for Elementor masker-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Masker for Elementor: from n/a through <= 1.1.4.
- CVE-2025-66164MEDIUMCVSS 5.4EG 5.42025-12-16
Missing Authorization vulnerability in merkulove Laser laser allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Laser: from n/a through <= 1.1.1.
- CVE-2025-66165MEDIUMCVSS 5.4EG 5.42025-12-16
Missing Authorization vulnerability in merkulove Lottier for WPBakery lottier-wpbakery allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Lottier for WPBakery: from n/a through <= 1.1.7.
- CVE-2025-66166MEDIUMCVSS 5.4EG 5.42025-12-16
Missing Authorization vulnerability in merkulove Lottier for Elementor lottier-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Lottier for Elementor: from n/a through <= 1.0.9.
- CVE-2025-66167MEDIUMCVSS 5.4EG 5.42025-12-16
Missing Authorization vulnerability in merkulove Lottier lottier-gutenberg allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Lottier: from n/a through <= 1.1.1.
- CVE-2025-66402MEDIUMCVSS 6.5EG 6.52025-12-16
Misskey is an open source, federated social media platform. Starting in version 13.0.0-beta.16 and prior to version 2025.12.0, an actor who does not have permission to view favorites or clips can can export the posts and view the contents.…
- CVE-2025-66525MEDIUMCVSS 4.3EG 4.32025-12-09
Missing Authorization vulnerability in Elastic Email Elastic Email Sender elastic-email-sender allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Elastic Email Sender: from n/a through <= 1.2.20.
- CVE-2025-66526MEDIUMCVSS 4.3EG 4.32025-12-09
Missing Authorization vulnerability in Essekia Tablesome tablesome allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tablesome: from n/a through <= 1.1.34.
- CVE-2025-66527MEDIUMCVSS 4.3EG 4.32025-12-09
Missing Authorization vulnerability in VanKarWai Lobo lobo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Lobo: from n/a through <= 2.8.6.
- CVE-2025-66528MEDIUMCVSS 4.3EG 8.12025-12-09
Missing Authorization vulnerability in VillaTheme Thank You Page Customizer for WooCommerce woo-thank-you-page-customizer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Thank You Page Customizer …
- CVE-2025-66530MEDIUMCVSS 4.3EG 8.82025-12-09
Missing Authorization vulnerability in Webba Appointment Booking Webba Booking webba-booking-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Webba Booking: from n/a through <= 6.2.1.
- CVE-2025-66532MEDIUMCVSS 4.3EG 8.82025-12-09
Missing Authorization vulnerability in Mikado-Themes Powerlift powerlift allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Powerlift: from n/a through < 3.2.1.
- CVE-2025-66534MEDIUMCVSS 4.3EG 8.82025-12-09
Missing Authorization vulnerability in Elated-Themes The Aisle theaisle allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects The Aisle: from n/a through <= 2.9.
Map vulnerabilities like CWE-862 to your infrastructure
EchelonGraph correlates every CVE — across CWE-862 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →