CWE-862— Missing Authorization
The product does not perform an authorization check when an actor attempts to access a resource or perform an action.— MITRE CWE catalog
8,588 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-862page 135 of 172
- CVE-2025-68084MEDIUMCVSS 5.4EG 5.42025-12-16
Missing Authorization vulnerability in Nitesh Ultimate Auction ultimate-auction allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ultimate Auction : from n/a through <= 4.3.3.
- CVE-2025-68085MEDIUMCVSS 5.4EG 5.42025-12-16
Missing Authorization vulnerability in merkulove Buttoner for Elementor buttoner-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Buttoner for Elementor: from n/a through <= 1.0.6.
- CVE-2025-68086MEDIUMCVSS 5.4EG 5.42025-12-16
Missing Authorization vulnerability in merkulove Reformer for Elementor reformer-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Reformer for Elementor: from n/a through <= 1.0.6.
- CVE-2025-68087MEDIUMCVSS 5.4EG 5.42025-12-16
Missing Authorization vulnerability in merkulove Modalier for Elementor modalier-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Modalier for Elementor: from n/a through <= 1.0.6.
- CVE-2025-68088MEDIUMCVSS 5.4EG 5.42025-12-16
Missing Authorization vulnerability in merkulove Huger for Elementor huger-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Huger for Elementor: from n/a through <= 1.1.5.
- CVE-2025-6813HIGHCVSS 8.8EG 8.82025-07-18
The aapanel WP Toolkit plugin for WordPress is vulnerable to Privilege Escalation due to missing authorization checks within the auto_login() function in versions 1.0 to 1.1. This makes it possible for authenticated attackers, with Subscri…
- CVE-2025-6814HIGHCVSS 7.5EG 7.52025-07-04
The Booking X plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the export_now() function in versions 1.0 to 1.1.2. This makes it possible for unauthenticated attackers to download all p…
- CVE-2025-68270CRITICALCVSS 9.9EG 9.92025-12-16
The Open edX Platform is a learning management platform. Prior to commit 05d0d0936daf82c476617257aa6c35f0cd4ca060, CourseLimitedStaffRole users are able to access and edit courses in studio if they are granted the role on an org rather tha…
- CVE-2025-68479HIGHCVSS 7.1EG 7.12026-01-28
Discourse is an open source discussion platform. In versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0, some subscription endpoints lack proper checking for ownership before making changes. This issue is patched in versions 3.5.4,…
- CVE-2025-68498MEDIUMCVSS 6.5EG 6.52025-12-30
Missing Authorization vulnerability in Crocoblock JetTabs jet-tabs allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JetTabs: from n/a through <= 2.2.12.
- CVE-2025-68503MEDIUMCVSS 6.5EG 6.52025-12-29
Missing Authorization vulnerability in Crocoblock JetBlog jet-blog allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JetBlog: from n/a through <= 2.4.7.
- CVE-2025-68505MEDIUMCVSS 5.3EG 8.82025-12-24
Missing Authorization vulnerability in icc0rz H5P h5p allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects H5P: from n/a through <= 1.16.1.
- CVE-2025-68507MEDIUMCVSS 6.5EG 6.52026-01-22
Missing Authorization vulnerability in Icegram Icegram icegram allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Icegram: from n/a through <= 3.1.35.
- CVE-2025-68508MEDIUMCVSS 5.3EG 9.12025-12-24
Missing Authorization vulnerability in Brave Brave brave-popup-builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Brave: from n/a through <= 0.8.3.
- CVE-2025-68511MEDIUMCVSS 6.5EG 9.12025-12-24
Missing Authorization vulnerability in Jegstudio Gutenverse Form gutenverse-form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Gutenverse Form: from n/a through <= 2.3.1.
- CVE-2025-68517MEDIUMCVSS 5.4EG 8.12025-12-24
Missing Authorization vulnerability in Essekia Tablesome tablesome allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tablesome: from n/a through <= 1.1.35.1.
- CVE-2025-68521MEDIUMCVSS 5.3EG 8.82025-12-24
Missing Authorization vulnerability in wpstream WpStream wpstream allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WpStream: from n/a through <= 4.9.5.
- CVE-2025-68522MEDIUMCVSS 4.3EG 8.82025-12-24
Missing Authorization vulnerability in wpstream WpStream wpstream allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WpStream: from n/a through <= 4.9.5.
- CVE-2025-68523MEDIUMCVSS 4.3EG 8.12025-12-24
Missing Authorization vulnerability in Spiffy Plugins Spiffy Calendar spiffy-calendar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Spiffy Calendar: from n/a through <= 5.0.7.
- CVE-2025-68534MEDIUMCVSS 6.5EG 6.52026-02-20
Missing Authorization vulnerability in add-ons.org PDF for WPForms pdf-for-wpforms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PDF for WPForms: from n/a through <= 6.3.0.
- CVE-2025-68535MEDIUMCVSS 4.3EG 9.12025-12-24
Missing Authorization vulnerability in sunshinephotocart Sunshine Photo Cart sunshine-photo-cart allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sunshine Photo Cart: from n/a through <= 3.5.7.1.
- CVE-2025-68542MEDIUMCVSS 6.5EG 6.52026-02-20
Missing Authorization vulnerability in vgdevsolutions Checkout Gateway for IRIS checkout-gateway-iris allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Checkout Gateway for IRIS: from n/a through <=…
- CVE-2025-68547HIGHCVSS 7.5EG 7.52026-01-05
Missing Authorization vulnerability in wpweb Follow My Blog Post follow-my-blog-post allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Follow My Blog Post: from n/a through <= 2.4.0.
- CVE-2025-68556MEDIUMCVSS 5.3EG 5.32025-12-23
Missing Authorization vulnerability in VillaTheme HAPPY happy-helpdesk-support-ticket-system allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects HAPPY: from n/a through <= 1.0.9.
- CVE-2025-68557MEDIUMCVSS 4.3EG 4.32025-12-23
Missing Authorization vulnerability in Vikas Ratudi Chakra test chakra-test allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Chakra test: from n/a through <= 1.0.1.
- CVE-2025-68558MEDIUMCVSS 6.5EG 6.52026-01-22
Missing Authorization vulnerability in averta Depicter Slider depicter allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Depicter Slider: from n/a through <= 4.0.4.
- CVE-2025-68564MEDIUMCVSS 6.5EG 6.52026-02-20
Missing Authorization vulnerability in sendy Sendy sendy allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sendy: from n/a through <= 3.4.2.
- CVE-2025-68565MEDIUMCVSS 5.3EG 9.82025-12-24
Missing Authorization vulnerability in JayBee Twitch Player ttv-easy-embed-player allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Twitch Player: from n/a through <= 2.1.3.
- CVE-2025-68568MEDIUMCVSS 5.3EG 7.52025-12-24
Missing Authorization vulnerability in Claspo Popup Builders Claspo – Popups, Spin the Wheel & Email Capture claspo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Claspo – Popups, Spin the Wh…
- CVE-2025-68569MEDIUMCVSS 6.5EG 8.82025-12-24
Missing Authorization vulnerability in codepeople WP Time Slots Booking Form wp-time-slots-booking-form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Time Slots Booking Form: from n/a through…
- CVE-2025-68571MEDIUMCVSS 5.3EG 8.82025-12-24
Missing Authorization vulnerability in SALESmanago SALESmanago & Leadoo salesmanago allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SALESmanago & Leadoo: from n/a through <= 3.9.0.
- CVE-2025-68572MEDIUMCVSS 5.3EG 8.82025-12-24
Missing Authorization vulnerability in Spider Themes BBP Core bbp-core allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects BBP Core: from n/a through <= 1.4.1.
- CVE-2025-68575MEDIUMCVSS 5.3EG 8.82025-12-24
Missing Authorization vulnerability in Wappointment team Wappointment wappointment allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Wappointment: from n/a through <= 2.7.6.
- CVE-2025-68577MEDIUMCVSS 4.3EG 8.82025-12-24
Missing Authorization vulnerability in Virusdie Virusdie virusdie allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Virusdie: from n/a through <= 1.1.6.
- CVE-2025-68578MEDIUMCVSS 5.3EG 8.12025-12-24
Missing Authorization vulnerability in Addonify Addonify addonify-quick-view allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Addonify: from n/a through <= 2.0.4.
- CVE-2025-68579MEDIUMCVSS 5.3EG 8.12025-12-24
Missing Authorization vulnerability in FolioVision FV Simpler SEO fv-all-in-one-seo-pack allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects FV Simpler SEO: from n/a through <= 1.9.6.
- CVE-2025-68581MEDIUMCVSS 5.4EG 8.12025-12-24
Missing Authorization vulnerability in YITHEMES YITH Slider for page builders yith-slider-for-page-builders allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects YITH Slider for page builders: from n/a …
- CVE-2025-68582MEDIUMCVSS 5.3EG 8.82025-12-24
Missing Authorization vulnerability in Funnelforms Funnelforms Free funnelforms-free allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Funnelforms Free: from n/a through <= 3.8.
- CVE-2025-68585LOWCVSS 2.7EG 8.82025-12-24
Missing Authorization vulnerability in Ben Balter WP Document Revisions wp-document-revisions allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Document Revisions: from n/a through <= 3.7.2.
- CVE-2025-68586MEDIUMCVSS 5.3EG 8.82025-12-24
Missing Authorization vulnerability in Gora Tech Cooked cooked allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Cooked: from n/a through <= 1.11.3.
- CVE-2025-68587MEDIUMCVSS 4.3EG 8.12025-12-24
Missing Authorization vulnerability in Bob Watu Quiz watu allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Watu Quiz: from n/a through <= 3.4.5.
- CVE-2025-68588MEDIUMCVSS 4.3EG 8.12025-12-24
Missing Authorization vulnerability in totalsoft TS Poll poll-wp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects TS Poll: from n/a through <= 2.5.5.
- CVE-2025-68589MEDIUMCVSS 5.3EG 8.12025-12-24
Missing Authorization vulnerability in WP Socio WP Telegram Widget and Join Link wptelegram-widget allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Telegram Widget and Join Link: from n/a throug…
- CVE-2025-68591MEDIUMCVSS 5.4EG 8.12025-12-24
Missing Authorization vulnerability in Mitchell Bennis Simple File List simple-file-list allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simple File List: from n/a through <= 6.1.18.
- CVE-2025-68592MEDIUMCVSS 4.3EG 8.82025-12-24
Missing Authorization vulnerability in Liton Arefin WP Adminify adminify allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Adminify: from n/a through <= 4.0.6.1.
- CVE-2025-68593MEDIUMCVSS 5.4EG 8.82025-12-24
Missing Authorization vulnerability in Liton Arefin WP Adminify adminify allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Adminify: from n/a through <= 4.0.6.1.
- CVE-2025-68594MEDIUMCVSS 5.3EG 8.12025-12-24
Missing Authorization vulnerability in Opinion Stage Poll, Survey & Quiz Maker Plugin by Opinion Stage social-polls-by-opinionstage allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Poll, Survey & Q…
- CVE-2025-68595MEDIUMCVSS 5.3EG 8.82025-12-24
Missing Authorization vulnerability in Trustindex Widgets for Social Photo Feed social-photo-feed-widget allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Widgets for Social Photo Feed: from n/a thr…
- CVE-2025-68596MEDIUMCVSS 5.3EG 8.82025-12-24
Missing Authorization vulnerability in Bit Apps Bit Assist bit-assist allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Bit Assist: from n/a through <= 1.5.11.
- CVE-2025-68603MEDIUMCVSS 5.4EG 8.12025-12-24
Missing Authorization vulnerability in Marketing Fire Editorial Calendar editorial-calendar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Editorial Calendar: from n/a through <= 3.8.8.
Map vulnerabilities like CWE-862 to your infrastructure
EchelonGraph correlates every CVE — across CWE-862 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →