CWE-862— Missing Authorization
The product does not perform an authorization check when an actor attempts to access a resource or perform an action.— MITRE CWE catalog
8,515 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-862page 47 of 171
- CVE-2023-37886MEDIUMCVSS 5.4EG 5.42024-03-25
Missing Authorization vulnerability in InspiryThemes RealHomes.This issue affects RealHomes: from n/a through 4.0.2.
- CVE-2023-37887MEDIUMCVSS 6.5EG 6.52024-12-13
Missing Authorization vulnerability in WPSchoolPress Team WPSchoolPress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPSchoolPress: from n/a through 2.2.7.
- CVE-2023-37890MEDIUMCVSS 4.3EG 4.32023-11-30
Missing Authorization vulnerability in WPOmnia KB Support – WordPress Help Desk and Knowledge Base allows Accessing Functionality Not Properly Constrained by ACLs. Users with a role as low as a subscriber can view other customers.This i…
- CVE-2023-37910HIGHCVSS 8.1EG 8.12023-10-25
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Starting with the introduction of attachment move support in version 14.0-rc-1 and prior to versions 14.4.8, 14.10.4, and 15.0-rc-1, a…
- CVE-2023-37944MEDIUMCVSS 6.5EG 6.52023-07-12
A missing permission check in Jenkins Datadog Plugin 5.4.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturin…
- CVE-2023-37945MEDIUMCVSS 4.3EG 4.32023-07-12
A missing permission check in Jenkins SAML Single Sign On(SSO) Plugin 2.1.0 through 2.3.0 (both inclusive) allows attackers with Overall/Read permission to download a string representation of the current security realm.
- CVE-2023-37949HIGHCVSS 7.1EG 7.12023-07-12
A missing permission check in Jenkins Orka by MacStadium Plugin 1.33 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method…
- CVE-2023-37950MEDIUMCVSS 4.3EG 4.32023-07-12
A missing permission check in Jenkins mabl Plugin 0.0.46 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.
- CVE-2023-37953MEDIUMCVSS 6.5EG 6.52023-07-12
A missing permission check in Jenkins mabl Plugin 0.0.46 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing …
- CVE-2023-37956MEDIUMCVSS 6.5EG 6.52023-07-12
A missing permission check in Jenkins Test Results Aggregator Plugin 1.2.13 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials.
- CVE-2023-37959MEDIUMCVSS 6.5EG 6.52023-07-12
A missing permission check in Jenkins Sumologic Publisher Plugin 2.2.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL.
- CVE-2023-37963MEDIUMCVSS 5.4EG 5.42023-07-12
A missing permission check in Jenkins Benchmark Evaluator Plugin 1.0.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL and to check for the existence of directories, `.csv`, and `.ycsb` fil…
- CVE-2023-37965HIGHCVSS 7.1EG 4.32023-07-12
A missing permission check in Jenkins ElasticBox CI Plugin 5.0.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, ca…
- CVE-2023-37967MEDIUMCVSS 6.5EG 6.52024-12-13
Missing Authorization vulnerability in Designinvento DirectoryPress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects DirectoryPress: from n/a through 3.6.2.
- CVE-2023-37969MEDIUMCVSS 5.3EG 5.32024-12-13
Missing Authorization vulnerability in The African Boss Checkout with Zelle on Woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Checkout with Zelle on Woocommerce: from n/a through 3.1.
- CVE-2023-37971MEDIUMCVSS 6.5EG 6.52024-12-13
Missing Authorization vulnerability in MultiVendorX WooCommerce Product Stock Alert allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WooCommerce Product Stock Alert: from n/a through 2.0.1.
- CVE-2023-37984MEDIUMCVSS 4.3EG 4.32024-12-13
Missing Authorization vulnerability in ExpressTech Quiz And Survey Master allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Quiz And Survey Master: from n/a through 8.1.10.
- CVE-2023-37987MEDIUMCVSS 6.5EG 6.52024-12-13
Missing Authorization vulnerability in miniOrange YourMembership Single Sign On allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects YourMembership Single Sign On: from n/a through 1.1.3.
- CVE-2023-37989MEDIUMCVSS 5.4EG 5.42024-12-13
Missing Authorization vulnerability in Easyship Easyship WooCommerce Shipping Rates allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easyship WooCommerce Shipping Rates: from n/a through 0.9.0.
- CVE-2023-38102HIGHCVSS 8.8EG 8.82024-05-03
NETGEAR ProSAFE Network Management System createUser Missing Authorization Privilege Escalation Vulnerability. This vulnerability allows remote attackers to escalate privileges on affected installations of NETGEAR ProSAFE Network Managemen…
- CVE-2023-38383MEDIUMCVSS 5.4EG 5.42024-12-13
Missing Authorization vulnerability in OnTheGoSystems Language allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Language: from n/a through 1.2.1.
- CVE-2023-38385HIGHCVSS 8.3EG 8.32024-12-13
Missing Authorization vulnerability in Artbees JupiterX Core allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JupiterX Core: from 3.0.0 through 3.3.0.
- CVE-2023-38386HIGHCVSS 7.6EG 7.62024-06-19
Missing Authorization vulnerability in Saturday Drive Ninja Forms.This issue affects Ninja Forms: from n/a through 3.6.25.
- CVE-2023-38393HIGHCVSS 7.6EG 7.62024-06-19
Missing Authorization vulnerability in Saturday Drive Ninja Forms.This issue affects Ninja Forms: from n/a through 3.6.25.
- CVE-2023-38394MEDIUMCVSS 5.4EG 5.42024-06-19
Missing Authorization vulnerability in Artbees JupiterX Core.This issue affects JupiterX Core: from 3.0.0 through 3.3.0.
- CVE-2023-38395MEDIUMCVSS 5.4EG 5.42024-06-12
Missing Authorization vulnerability in Afzal Multani WP Clone Menu.This issue affects WP Clone Menu: from n/a through 1.0.1.
- CVE-2023-38436MEDIUMCVSS 5.5EG 5.52023-09-04
In vowifiservice, there is a possible missing permission check.This could lead to local information disclosure with no additional execution privileges
- CVE-2023-38437MEDIUMCVSS 5.5EG 5.52023-09-04
In vowifiservice, there is a possible missing permission check.This could lead to local information disclosure with no additional execution privileges
- CVE-2023-38438MEDIUMCVSS 5.5EG 5.52023-09-04
In vowifiservice, there is a possible missing permission check.This could lead to local information disclosure with no additional execution privileges
- CVE-2023-38439MEDIUMCVSS 5.5EG 5.52023-09-04
In vowifiservice, there is a possible missing permission check.This could lead to local information disclosure with no additional execution privileges
- CVE-2023-38440MEDIUMCVSS 5.5EG 5.52023-09-04
In vowifiservice, there is a possible missing permission check.This could lead to local information disclosure with no additional execution privileges
- CVE-2023-38441MEDIUMCVSS 5.5EG 5.52023-09-04
In vowifiservice, there is a possible missing permission check.This could lead to local information disclosure with no additional execution privileges
- CVE-2023-38442MEDIUMCVSS 5.5EG 5.52023-09-04
In vowifiservice, there is a possible missing permission check.This could lead to local information disclosure with no additional execution privileges
- CVE-2023-38443HIGHCVSS 7.8EG 7.82023-09-04
In vowifiservice, there is a possible missing permission check.This could lead to local escalation of privilege with no additional execution privileges
- CVE-2023-38444HIGHCVSS 7.8EG 7.82023-09-04
In vowifiservice, there is a possible missing permission check.This could lead to local escalation of privilege with no additional execution privileges
- CVE-2023-38445MEDIUMCVSS 5.5EG 5.52023-09-04
In vowifiservice, there is a possible missing permission check.This could lead to local denial of service with no additional execution privileges
- CVE-2023-38446MEDIUMCVSS 5.5EG 5.52023-09-04
In vowifiservice, there is a possible missing permission check.This could lead to local denial of service with no additional execution privileges
- CVE-2023-38447MEDIUMCVSS 5.5EG 5.52023-09-04
In vowifiservice, there is a possible missing permission check.This could lead to local denial of service with no additional execution privileges
- CVE-2023-38448MEDIUMCVSS 5.5EG 5.52023-09-04
In vowifiservice, there is a possible missing permission check.This could lead to local denial of service with no additional execution privileges
- CVE-2023-38449HIGHCVSS 7.8EG 7.82023-09-04
In vowifiservice, there is a possible missing permission check.This could lead to local escalation of privilege with no additional execution privileges
- CVE-2023-38450HIGHCVSS 7.8EG 7.82023-09-04
In vowifiservice, there is a possible missing permission check.This could lead to local escalation of privilege with no additional execution privileges
- CVE-2023-38451HIGHCVSS 7.8EG 7.82023-09-04
In vowifiservice, there is a possible missing permission check.This could lead to local escalation of privilege with no additional execution privileges
- CVE-2023-38452HIGHCVSS 7.8EG 7.82023-09-04
In vowifiservice, there is a possible missing permission check.This could lead to local escalation of privilege with no additional execution privileges
- CVE-2023-38453HIGHCVSS 7.8EG 7.82023-09-04
In vowifiservice, there is a possible missing permission check.This could lead to local escalation of privilege with no additional execution privileges
- CVE-2023-38454MEDIUMCVSS 5.5EG 5.52023-09-04
In vowifi service, there is a possible missing permission check.This could lead to local information disclosure with no additional execution privileges
- CVE-2023-38455HIGHCVSS 7.8EG 7.82023-09-04
In vowifiservice, there is a possible missing permission check.This could lead to local escalation of privilege with no additional execution privileges
- CVE-2023-38456HIGHCVSS 7.8EG 7.82023-09-04
In vowifiservice, there is a possible missing permission check.This could lead to local escalation of privilege with no additional execution privileges
- CVE-2023-38457MEDIUMCVSS 5.5EG 5.52023-09-04
In vowifiservice, there is a possible missing permission check.This could lead to local denial of service with no additional execution privileges
- CVE-2023-38458HIGHCVSS 7.8EG 7.82023-09-04
In vowifiservice, there is a possible missing permission check.This could lead to local escalation of privilege with no additional execution privileges
- CVE-2023-38459HIGHCVSS 7.8EG 7.82023-09-04
In vowifiservice, there is a possible missing permission check.This could lead to local escalation of privilege with no additional execution privileges
Map vulnerabilities like CWE-862 to your infrastructure
EchelonGraph correlates every CVE — across CWE-862 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →