CWE-862— Missing Authorization
The product does not perform an authorization check when an actor attempts to access a resource or perform an action.— MITRE CWE catalog
8,515 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-862page 44 of 171
- CVE-2023-32506MEDIUMCVSS 6.5EG 6.52024-12-13
Missing Authorization vulnerability in Link Whisper Link Whisper Free allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Link Whisper Free: from n/a through 0.6.3.
- CVE-2023-32507HIGHCVSS 7.3EG 7.32024-12-13
Missing Authorization vulnerability in wp3sixty Woo Custom Emails allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Woo Custom Emails: from n/a through 2.2.
- CVE-2023-32519MEDIUMCVSS 4.3EG 4.32024-12-13
Missing Authorization vulnerability in Webcodin WCP Contact Form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WCP Contact Form: from n/a through 3.1.0.
- CVE-2023-32520HIGHCVSS 7.5EG 7.52024-12-13
Missing Authorization vulnerability in Webcodin WCP Contact Form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WCP Contact Form: from n/a through 3.1.0.
- CVE-2023-32574MEDIUMCVSS 4.3EG 4.32024-12-13
Missing Authorization vulnerability in Fahad Mahmood Injection Guard allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Injection Guard: from n/a through 1.2.1.
- CVE-2023-32581MEDIUMCVSS 5.4EG 5.42024-12-13
Missing Authorization vulnerability in MobileMonkey WP-Chatbot for Messenger allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP-Chatbot for Messenger: from n/a through 4.7.
- CVE-2023-32585HIGHCVSS 7.5EG 7.52024-12-13
Missing Authorization vulnerability in Total-Soft Portfolio Gallery – Responsive Image Gallery allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Portfolio Gallery – Responsive Image Gallery: fro…
- CVE-2023-32586MEDIUMCVSS 4.3EG 4.32024-12-13
Missing Authorization vulnerability in Thomas Michalak Soundcloud Is Gold allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Soundcloud Is Gold: from n/a through 2.5.1.
- CVE-2023-32593MEDIUMCVSS 5.4EG 5.42024-12-13
Missing Authorization vulnerability in GS Plugins GS Pins for Pinterest allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GS Pins for Pinterest: from n/a through 1.6.7.
- CVE-2023-32599MEDIUMCVSS 4.3EG 4.32024-12-13
Missing Authorization vulnerability in Bill Minozzi reCAPTCHA for all allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects reCAPTCHA for all: from n/a through 1.22.
- CVE-2023-32601MEDIUMCVSS 5.4EG 5.42024-12-13
Missing Authorization vulnerability in Booking Ultra Pro Booking Ultra Pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Booking Ultra Pro: from n/a through 1.1.12.
- CVE-2023-32677LOWCVSS 3.1EG 3.12023-05-19
Zulip is an open-source team collaboration tool with unique topic-based threading. Zulip administrators can configure Zulip to limit who can add users to streams, and separately to limit who can invite users to the organization. In Zulip S…
- CVE-2023-32788MEDIUMCVSS 5.5EG 5.52023-07-12
In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.
- CVE-2023-32789MEDIUMCVSS 5.5EG 5.52023-07-12
In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.
- CVE-2023-32798MEDIUMCVSS 5.3EG 5.32024-12-13
Missing Authorization vulnerability in 10up Simple Page Ordering allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simple Page Ordering: from n/a through 2.5.0.
- CVE-2023-32855MEDIUMCVSS 6.7EG 6.72023-12-04
In aee, there is a possible escalation of privilege due to a missing permission check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALP…
- CVE-2023-32959MEDIUMCVSS 4.3EG 4.32026-06-11
Missing Authorization vulnerability in Sparkle WP MetroStore metrostore allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects MetroStore: from n/a through 1.3.2.
- CVE-2023-32963MEDIUMCVSS 5.3EG 5.32024-12-13
Missing Authorization vulnerability in a3rev Software WooCommerce Predictive Search allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WooCommerce Predictive Search: from n/a through 5.8.0.
- CVE-2023-3300MEDIUMCVSS 5.3EG 5.32023-07-20
HashiCorp Nomad and Nomad Enterprise 0.11.0 up to 1.5.6 and 1.4.1 HTTP search API can reveal names of available CSI plugins to unauthenticated users or users without the plugin:read policy. Fixed in 1.6.0, 1.5.7, and 1.4.1.
- CVE-2023-3315MEDIUMCVSS 4.3EG 4.32023-06-19
Missing permission checks in Jenkins Team Concert Plugin 2.4.1 and earlier allow attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system.
- CVE-2023-33215MEDIUMCVSS 5.4EG 5.42024-12-13
Missing Authorization vulnerability in Taggbox Taggbox taggbox-widget allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Taggbox: from n/a through <= 3.3.
- CVE-2023-33225HIGHCVSS 7.2EG 6.82023-07-26
The SolarWinds Platform was susceptible to the Incorrect Comparison Vulnerability. This vulnerability allows users with administrative access to SolarWinds Web Console to execute arbitrary commands with SYSTEM privileges.
- CVE-2023-33252HIGHCVSS 7.5EG 7.52023-05-21
iden3 snarkjs through 0.6.11 allows double spending because there is no validation that the publicSignals length is less than the field modulus.
- CVE-2023-33265HIGHCVSS 8.8EG 8.82023-07-18
In Hazelcast through 5.0.4, 5.1 through 5.1.6, and 5.2 through 5.2.3, executor services don't check client permissions properly, allowing authenticated users to execute tasks on members without the required permissions granted.
- CVE-2023-33321MEDIUMCVSS 5.3EG 5.32024-05-17
Missing Authorization vulnerability in Metagauss EventPrime allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects EventPrime: from n/a through 2.8.6.
- CVE-2023-33324MEDIUMCVSS 6.5EG 6.52024-12-13
Missing Authorization vulnerability in wppal Easy Captcha allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Captcha: from n/a through 1.0.
- CVE-2023-33477MEDIUMCVSS 6.5EG 6.52023-06-06
In Harmonic NSG 9000-6G devices, an authenticated remote user can obtain source code by directly requesting a special path.
- CVE-2023-3352MEDIUMCVSS 4.3EG 4.32024-06-21
The Smush plugin for WordPress is vulnerable to unauthorized deletion of the resmush list due to a missing capability check on the delete_resmush_list() function. This makes it possible for authenticated attackers, with minimal permissions…
- CVE-2023-3365HIGHCVSS 8.1EG 8.12023-08-07
The MultiParcels Shipping For WooCommerce WordPress plugin before 1.14.14 does not have authorisation when deleting shipment, allowing any authenticated users, such as subscriber to delete arbitrary shipment
- CVE-2023-33879LOWCVSS 3.3EG 3.32023-07-12
In music service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.
- CVE-2023-33880LOWCVSS 3.3EG 3.32023-07-12
In music service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.
- CVE-2023-33881MEDIUMCVSS 5.5EG 5.52023-07-12
In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.
- CVE-2023-33882MEDIUMCVSS 5.5EG 5.52023-07-12
In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.
- CVE-2023-33883MEDIUMCVSS 5.5EG 5.52023-07-12
In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.
- CVE-2023-33884MEDIUMCVSS 5.5EG 5.52023-07-12
In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.
- CVE-2023-33885MEDIUMCVSS 5.5EG 5.52023-07-12
In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.
- CVE-2023-33886MEDIUMCVSS 5.5EG 5.52023-07-12
In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.
- CVE-2023-33887MEDIUMCVSS 5.5EG 5.52023-07-12
In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.
- CVE-2023-33888MEDIUMCVSS 5.5EG 5.52023-07-12
In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.
- CVE-2023-33889MEDIUMCVSS 5.5EG 5.52023-07-12
In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.
- CVE-2023-33890MEDIUMCVSS 5.5EG 5.52023-07-12
In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.
- CVE-2023-33891MEDIUMCVSS 5.5EG 5.52023-07-12
In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.
- CVE-2023-33892MEDIUMCVSS 5.5EG 5.52023-07-12
In fastDial service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.
- CVE-2023-33893MEDIUMCVSS 5.5EG 5.52023-07-12
In fastDial service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.
- CVE-2023-33894MEDIUMCVSS 5.5EG 5.52023-07-12
In fastDial service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.
- CVE-2023-33895MEDIUMCVSS 5.5EG 5.52023-07-12
In fastDial service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.
- CVE-2023-33898MEDIUMCVSS 5.5EG 5.52023-07-12
In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.
- CVE-2023-33899MEDIUMCVSS 5.5EG 5.52023-07-12
In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.
- CVE-2023-33900MEDIUMCVSS 5.5EG 5.52023-07-12
In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.
- CVE-2023-33901MEDIUMCVSS 5.5EG 5.52023-07-12
In bluetooth service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.
Map vulnerabilities like CWE-862 to your infrastructure
EchelonGraph correlates every CVE — across CWE-862 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →