CWE-862— Missing Authorization
The product does not perform an authorization check when an actor attempts to access a resource or perform an action.— MITRE CWE catalog
8,515 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-862page 49 of 171
- CVE-2023-40105MEDIUMCVSS 5.5EG 5.52024-02-15
In backupAgentCreated of ActivityManagerService.java, there is a possible way to leak sensitive data due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User in…
- CVE-2023-40108MEDIUMCVSS 5.5EG 5.52025-01-21
In multiple locations, there is a possible way to access media content belonging to another user due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User intera…
- CVE-2023-40113MEDIUMCVSS 5.5EG 5.52024-02-15
In multiple locations, there is a possible way for apps to access cross-user message data due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction i…
- CVE-2023-40203MEDIUMCVSS 4.3EG 4.32024-12-13
Missing Authorization vulnerability in MailMunch MailChimp Forms by MailMunch allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MailChimp Forms by MailMunch: from n/a through 3.1.4.
- CVE-2023-40209MEDIUMCVSS 6.5EG 6.52024-06-12
Missing Authorization vulnerability in Himalaya Saxena Highcompress Image Compressor.This issue affects Highcompress Image Compressor: from n/a through 6.0.0.
- CVE-2023-40213MEDIUMCVSS 4.3EG 4.32024-12-13
Missing Authorization vulnerability in Mateusz Czardybon Justified Gallery allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Justified Gallery: from n/a through 1.7.3.
- CVE-2023-40216MEDIUMCVSS 5.5EG 5.52023-08-10
OpenBSD 7.3 before errata 014 is missing an argument-count bounds check in console terminal emulation. This could cause incorrect memory access and a kernel crash after receiving crafted DCS or CSI terminal escape sequences.
- CVE-2023-4024MEDIUMCVSS 5.3EG 5.32024-08-17
The Radio Player plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the delete_player function in versions up to, and including, 2.0.73. This makes it possible for unauthenticated a…
- CVE-2023-4025MEDIUMCVSS 5.3EG 5.32024-08-17
The Radio Player plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the update_player function in versions up to, and including, 2.0.73. This makes it possible for unauthenticated a…
- CVE-2023-4027MEDIUMCVSS 5.3EG 5.32024-08-17
The Radio Player plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the update_settings function in versions up to, and including, 2.0.73. This makes it possible for unauthenticated…
- CVE-2023-40309CRITICALCVSS 9.8EG 9.82023-09-12
SAP CommonCryptoLib does not perform necessary authentication checks, which may result in missing or wrong authorization checks for an authenticated user, resulting in escalation of privileges. Depending on the application and the level of…
- CVE-2023-40327MEDIUMCVSS 6.5EG 6.52025-01-02
Missing Authorization vulnerability in Putler / Storeapps Putler Connector for WooCommerce.This issue affects Putler Connector for WooCommerce: from n/a through 2.12.0.
- CVE-2023-40331MEDIUMCVSS 4.3EG 4.32024-12-13
Missing Authorization vulnerability in bqworks Accordion Slider allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Accordion Slider: from n/a through 1.9.6.
- CVE-2023-40334MEDIUMCVSS 4.3EG 4.32024-12-13
Missing Authorization vulnerability in RealMag777 HUSKY woocommerce-products-filter allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects HUSKY: from n/a through <= 1.3.4.2.
- CVE-2023-40344MEDIUMCVSS 4.3EG 4.32023-08-16
A missing permission check in Jenkins Delphix Plugin 3.0.2 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.
- CVE-2023-40362MEDIUMCVSS 4.3EG 4.32024-01-12
An issue was discovered in CentralSquare Click2Gov Building Permit before October 2023. Lack of access control protections allows remote attackers to arbitrarily delete the contractors from any user's account when the user ID and contracto…
- CVE-2023-40376MEDIUMCVSS 5.3EG 5.32023-10-04
IBM UrbanCode Deploy (UCD) 7.1 - 7.1.2.12, 7.2 through 7.2.3.5, and 7.3 through 7.3.2.0 under certain configurations could allow an authenticated user to make changes to environment variables due to improper authentication controls. IBM X…
- CVE-2023-4040MEDIUMCVSS 5.3EG 5.32023-08-18
The Stripe Payment Plugin for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the eh_callback_handler function in versions up to, and including, 3.7.9. This makes it …
- CVE-2023-40530MEDIUMCVSS 4.7EG 4.72023-08-25
Improper authorization in handler for custom URL scheme issue in 'Skylark' App for Android 6.2.13 and earlier and 'Skylark' App for iOS 6.2.13 and earlier allows an attacker to lead a user to access an arbitrary website via another applic…
- CVE-2023-4059MEDIUMCVSS 4.3EG 4.32023-09-04
The Profile Builder WordPress plugin before 3.9.8 lacks authorisation and CSRF in its page creation function which allows unauthenticated users to create the register, log-in and edit-profile pages from the plugin on the blog
- CVE-2023-40603MEDIUMCVSS 5.3EG 5.32024-06-12
Missing Authorization vulnerability in Gangesh Matta Simple Org Chart.This issue affects Simple Org Chart: from n/a through 2.3.4.
- CVE-2023-40608HIGHCVSS 8.2EG 8.22024-06-19
Missing Authorization vulnerability in Paid Memberships Pro Paid Memberships Pro CCBill Gateway.This issue affects Paid Memberships Pro CCBill Gateway: from n/a through 0.3.
- CVE-2023-40625MEDIUMCVSS 5.4EG 5.42023-09-12
S4CORE (Manage Purchase Contracts App) - versions 102, 103, 104, 105, 106, 107, does not perform necessary authorization checks for an authenticated user. This could allow an attacker to perform unintended actions resulting in escalation o…
- CVE-2023-40631MEDIUMCVSS 4.4EG 4.42023-10-08
In Dialer, there is a possible missing permission check. This could lead to local information disclosure with System execution privileges needed
- CVE-2023-40633MEDIUMCVSS 5.5EG 5.52023-10-08
In phasecheckserver, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed
- CVE-2023-40634HIGHCVSS 7.8EG 7.82023-10-08
In phasechecksercer, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed
- CVE-2023-40635HIGHCVSS 7.8EG 7.82023-10-08
In linkturbo, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed
- CVE-2023-40636MEDIUMCVSS 4.4EG 4.42023-10-08
In telecom service, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local information disclosure with System execution privileges needed
- CVE-2023-40637MEDIUMCVSS 5.5EG 5.52023-10-08
In telecom service, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges
- CVE-2023-40638MEDIUMCVSS 4.4EG 4.42023-10-08
In Telecom service, there is a possible missing permission check. This could lead to local denial of service with System execution privileges needed
- CVE-2023-40639MEDIUMCVSS 5.5EG 5.52023-10-08
In SoundRecorder service, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges
- CVE-2023-40640MEDIUMCVSS 5.5EG 5.52023-10-08
In SoundRecorder service, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges
- CVE-2023-40641MEDIUMCVSS 5.5EG 5.52023-10-08
In Messaging, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed
- CVE-2023-40642MEDIUMCVSS 5.5EG 5.52023-10-08
In Messaging, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed
- CVE-2023-40643MEDIUMCVSS 5.5EG 5.52023-10-08
In Messaging, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed
- CVE-2023-40644MEDIUMCVSS 5.5EG 5.52023-10-08
In Messaging, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed
- CVE-2023-40645MEDIUMCVSS 5.5EG 5.52023-10-08
In Messaging, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed
- CVE-2023-40646MEDIUMCVSS 5.5EG 5.52023-10-08
In Messaging, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed
- CVE-2023-40647MEDIUMCVSS 5.5EG 5.52023-10-08
In Messaging, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed
- CVE-2023-40648MEDIUMCVSS 5.5EG 5.52023-10-08
In Messaging, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed
- CVE-2023-40649MEDIUMCVSS 5.5EG 5.52023-10-08
In Messaging, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed
- CVE-2023-40650MEDIUMCVSS 5.5EG 5.52023-10-08
In Telecom service, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed
- CVE-2023-40653MEDIUMCVSS 6.7EG 6.72023-10-08
In FW-PackageManager, there is a possible missing permission check. This could lead to local escalation of privilege with System execution privileges needed
- CVE-2023-40654MEDIUMCVSS 6.7EG 6.72023-10-08
In FW-PackageManager, there is a possible missing permission check. This could lead to local escalation of privilege with System execution privileges needed
- CVE-2023-40670MEDIUMCVSS 4.3EG 4.32024-12-13
Missing Authorization vulnerability in ReviewX Team ReviewX allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ReviewX: from n/a through 1.6.17.
- CVE-2023-40672MEDIUMCVSS 5.4EG 5.42024-06-12
Missing Authorization vulnerability in Hardik Chavada Sticky Social Media Icons.This issue affects Sticky Social Media Icons: from n/a through 2.1.
- CVE-2023-40678MEDIUMCVSS 5.4EG 5.42024-12-13
Missing Authorization vulnerability in Andrew Fiebert Simple URLs simple-urls allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simple URLs: from n/a through <= 117.
- CVE-2023-40679MEDIUMCVSS 6.5EG 6.52025-12-24
Missing Authorization vulnerability in Jewel Theme Master Addons for Elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Master Addons for Elementor: from n/a through 2.0.5.3.
- CVE-2023-4104MEDIUMCVSS 5.5EG 5.52023-09-11
An invalid Polkit Authentication check and missing authentication requirements for D-Bus methods allowed any local user to configure arbitrary VPN setups. *This bug only affects Mozilla VPN on Linux. Other operating systems are unaffected.…
- CVE-2023-41046MEDIUMCVSS 6.3EG 6.32023-09-01
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It is possible in XWiki to execute Velocity code without having script right by creating an XClass with a property of type "TextArea" …
Map vulnerabilities like CWE-862 to your infrastructure
EchelonGraph correlates every CVE — across CWE-862 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →