CWE-862— Missing Authorization
The product does not perform an authorization check when an actor attempts to access a resource or perform an action.— MITRE CWE catalog
8,512 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-862page 40 of 171
- CVE-2023-2480HIGHCVSS 7.5EG 7.52023-05-25
Missing access permissions checks in M-Files Client before 23.5.12598.0 (excluding 23.2 SR2 and newer) allows elevation of privilege via UI extension applications
- CVE-2023-2494MEDIUMCVSS 4.6EG 4.62023-05-24
The Go Pricing - WordPress Responsive Pricing Tables plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'process_postdata' function in versions up to, and including, 3.3.19. Thi…
- CVE-2023-25014HIGHCVSS 8.6EG 8.62023-02-02
An issue was discovered in the femanager extension before 5.5.3, 6.x before 6.3.4, and 7.x before 7.1.0 for TYPO3. Missing access checks in the InvitationController allow an unauthenticated user to delete all frontend users.
- CVE-2023-25026MEDIUMCVSS 4.3EG 4.32024-12-09
Missing Authorization vulnerability in PayPal PayPal Brasil para WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PayPal Brasil para WooCommerce: from n/a through 1.4.2.
- CVE-2023-25030MEDIUMCVSS 4.3EG 4.32024-06-12
Missing Authorization vulnerability in Buy Me a Coffee.This issue affects Buy Me a Coffee: from n/a through 3.7.
- CVE-2023-25035MEDIUMCVSS 6.5EG 6.52024-12-09
Missing Authorization vulnerability in Fullworks Quick Contact Form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Quick Contact Form : from n/a through 8.0.3.1.
- CVE-2023-25037MEDIUMCVSS 4.3EG 4.32024-12-09
Missing Authorization vulnerability in CodePeople Booking Calendar Contact Form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Booking Calendar Contact Form: from n/a through 1.2.34.
- CVE-2023-25039MEDIUMCVSS 4.3EG 4.32024-03-25
Missing Authorization vulnerability in CodePeople Google Maps CP.This issue affects Google Maps CP: from n/a through 1.0.43.
- CVE-2023-25048MEDIUMCVSS 5.3EG 5.32024-12-09
Missing Authorization vulnerability in Fantastic Plugins Fantastic Content Protector Free allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Fantastic Content Protector Free: from n/a through 2.6.
- CVE-2023-25060MEDIUMCVSS 5.3EG 5.32024-12-09
Missing Authorization vulnerability in WP OnlineSupport, Essential Plugin Album and Image Gallery plus Lightbox allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Album and Image Gallery plus Lightbo…
- CVE-2023-25067MEDIUMCVSS 4.3EG 4.32024-12-09
Missing Authorization vulnerability in Noah Hearle, Design Extreme We’re Open! allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects We’re Open!: from n/a through 1.45.
- CVE-2023-25068MEDIUMCVSS 4.3EG 4.32025-12-21
Missing Authorization vulnerability in Mapro Collins Magazine Edge allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Magazine Edge: from n/a through 1.13.
- CVE-2023-25445MEDIUMCVSS 5.4EG 5.42025-12-21
Missing Authorization vulnerability in HappyFiles HappyFiles Pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects HappyFiles Pro: from n/a through 1.8.1.
- CVE-2023-25446HIGHCVSS 7.7EG 7.72025-12-21
Missing Authorization vulnerability in HappyFiles HappyFiles Pro happyfiles-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects HappyFiles Pro: from n/a through 1.8.1.
- CVE-2023-2545HIGHCVSS 8.1EG 8.12023-05-31
The Feather Login Page plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'getListOfUsers' function in versions starting from 1.0.7 up to, and including, 1.1.1. This makes it possible…
- CVE-2023-25454MEDIUMCVSS 6.5EG 6.52024-12-09
Missing Authorization vulnerability in Nate Reist Protected Posts Logout Button allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Protected Posts Logout Button: from n/a through 1.4.5.
- CVE-2023-25455MEDIUMCVSS 5.3EG 5.32024-12-09
Missing Authorization vulnerability in miniOrange WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WordPress Social Login an…
- CVE-2023-25457MEDIUMCVSS 5.3EG 5.32024-05-03
Missing Authorization vulnerability in Richteam Slider Carousel – Responsive Image Slider.This issue affects Slider Carousel – Responsive Image Slider: from n/a through 1.5.1.
- CVE-2023-25469MEDIUMCVSS 5.4EG 5.42024-12-09
Missing Authorization vulnerability in Magazine3 Easy Table of Contents allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Table of Contents: from n/a through 2.0.45.2.
- CVE-2023-2547MEDIUMCVSS 5.4EG 5.42023-05-31
The Feather Login Page plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'deleteUser' function in versions starting from 1.0.7 up to, and including, 1.1.1. This makes it possible for a…
- CVE-2023-25486MEDIUMCVSS 4.3EG 4.32024-12-09
Missing Authorization vulnerability in Migrate Clone allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Clone: from n/a through 2.3.7.
- CVE-2023-2555MEDIUMCVSS 4.3EG 4.32023-06-09
The WPCS – WordPress Currency Switcher Professional plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the create function in versions up to, and including, 1.1.9. This makes it p…
- CVE-2023-25552HIGHCVSS 8.1EG 8.12023-04-18
A CWE-862: Missing Authorization vulnerability exists that could allow viewing of unauthorized content, changes or deleting of content, or performing unauthorized functions when tampering the Device File Transfer settings on DCE endpoin…
- CVE-2023-2556MEDIUMCVSS 4.3EG 4.32023-06-09
The WPCS – WordPress Currency Switcher Professional plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the anonymous function for the wpcs_sd_delete action in versions up to, and …
- CVE-2023-2557MEDIUMCVSS 4.3EG 4.32023-06-09
The WPCS – WordPress Currency Switcher Professional plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save function in versions up to, and including, 1.1.9. This makes it pos…
- CVE-2023-25573HIGHCVSS 8.6EG 9.02023-03-09
metersphere is an open source continuous testing platform. In affected versions an improper access control vulnerability exists in `/api/jmeter/download/files`, which allows any user to download any file without authentication. This issue …
- CVE-2023-2561MEDIUMCVSS 4.3EG 4.32023-07-12
The Gallery Metabox for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the gallery_remove function in versions up to, and including, 1.5. This makes it possible for subscriber-level attack…
- CVE-2023-2562MEDIUMCVSS 4.3EG 4.32023-07-12
The Gallery Metabox for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the refresh_metabox function in versions up to, and including, 1.5. This makes it possible for subscriber-level attackers t…
- CVE-2023-25703MEDIUMCVSS 5.3EG 5.32024-12-09
Missing Authorization vulnerability in WP OnlineSupport, Essential Plugin Meta slider and carousel with lightbox allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Meta slider and carousel with light…
- CVE-2023-25714HIGHCVSS 7.5EG 7.52024-12-09
Missing Authorization vulnerability in Fullworks Quick Paypal Payments allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Quick Paypal Payments: from n/a through 5.7.25.
- CVE-2023-25715MEDIUMCVSS 5.4EG 5.42023-12-19
Missing Authorization vulnerability in GamiPress GamiPress – The #1 gamification plugin to reward points, achievements, badges & ranks in WordPress.This issue affects GamiPress – The #1 gamification plugin to reward points, achievement…
- CVE-2023-25766MEDIUMCVSS 4.3EG 4.32023-02-15
A missing permission check in Jenkins Azure Credentials Plugin 253.v887e0f9e898b and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.
- CVE-2023-25768MEDIUMCVSS 6.5EG 6.52023-02-15
A missing permission check in Jenkins Azure Credentials Plugin 253.v887e0f9e898b and earlier allows attackers with Overall/Read permission to connect to an attacker-specified web server.
- CVE-2023-25785MEDIUMCVSS 5.3EG 5.32024-04-24
Missing Authorization vulnerability in Shoaib Saleem WP Post Rating allows Functionality Misuse.This issue affects WP Post Rating: from n/a through 2.5.
- CVE-2023-25791MEDIUMCVSS 5.4EG 5.42024-12-09
Missing Authorization vulnerability in Cadus Pro Fontiran allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Fontiran: from n/a through 2.1.
- CVE-2023-25799HIGHCVSS 8.3EG 8.32024-06-11
Missing Authorization vulnerability in Themeum Tutor LMS.This issue affects Tutor LMS: from n/a through 2.1.8.
- CVE-2023-2590LOWCVSS 3.5EG 3.52023-05-09
Missing Authorization in GitHub repository answerdev/answer prior to 1.0.9.
- CVE-2023-25959MEDIUMCVSS 5.4EG 5.42024-12-09
Missing Authorization vulnerability in Apollo13Themes Apollo13 Framework Extensions allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Apollo13 Framework Extensions: from n/a through 1.8.10.
- CVE-2023-25966MEDIUMCVSS 5.5EG 5.52024-12-09
Missing Authorization vulnerability in Ninja Team Filebird allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Filebird: from n/a through 5.1.4.
- CVE-2023-25969MEDIUMCVSS 5.4EG 5.42026-06-11
Missing Authorization vulnerability in ThemeHunk Contact Form & Lead Form Elementor Builder allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Contact Form & Lead Form Elementor Builder: from n/a t…
- CVE-2023-25988HIGHCVSS 7.5EG 7.52024-12-13
Missing Authorization vulnerability in Video Gallery by Total-Soft Video Gallery – YouTube Gallery allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Video Gallery – YouTube Gallery: from n/a thr…
- CVE-2023-25993MEDIUMCVSS 4.3EG 4.32024-12-09
Missing Authorization vulnerability in WebberZone Top 10 allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Top 10: from n/a through 3.2.3.
- CVE-2023-25997MEDIUMCVSS 6.5EG 6.52025-06-06
Missing Authorization vulnerability in SolaPlugins Sola Support Ticket allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Sola Support Ticket: from n/a through 3.17.
- CVE-2023-26002MEDIUMCVSS 4.3EG 4.32025-06-06
Missing Authorization vulnerability in 6Storage 6Storage Rentals allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects 6Storage Rentals: from n/a through 2.19.5.
- CVE-2023-26035HIGHCVSS 7.2EG 7.22023-02-25
ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 and 1.37.33 are vulnerable to Unauthenticated Remote Code Execution via Missing…
- CVE-2023-26269HIGHCVSS 7.8EG 7.82023-04-03
Apache James server version 3.7.3 and earlier provides a JMX management service without authentication by default. This allows privilege escalation by a malicious local user. Administrators are advised to disable JMX, or set up a JMX pas…
- CVE-2023-26301CRITICALCVSS 9.8EG 9.82023-07-21
Certain HP LaserJet Pro print products are potentially vulnerable to an Elevation of Privilege and/or Information Disclosure related to a lack of authentication with certain endpoints.
- CVE-2023-26510MEDIUMCVSS 5.7EG 5.72023-03-05
Ghost 5.35.0 allows authorization bypass: contributors can view draft posts of other users, which is arguably inconsistent with a security policy in which a contributor's draft can only be read by editors until published by an editor. NOTE…
- CVE-2023-26520MEDIUMCVSS 5.3EG 5.32024-12-09
Missing Authorization vulnerability in Max Chirkov Advanced Text Widget allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Advanced Text Widget : from n/a through 2.1.2.
- CVE-2023-26521MEDIUMCVSS 4.3EG 4.32024-06-03
Missing Authorization vulnerability in CodePeople Search in Place allows Functionality Misuse.This issue affects Search in Place: from n/a through 1.0.104.
Map vulnerabilities like CWE-862 to your infrastructure
EchelonGraph correlates every CVE — across CWE-862 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →