CWE-862— Missing Authorization
The product does not perform an authorization check when an actor attempts to access a resource or perform an action.— MITRE CWE catalog
8,516 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-862page 58 of 171
- CVE-2023-51494MEDIUMCVSS 5.3EG 5.32024-06-09
Missing Authorization vulnerability in Woo WooCommerce Product Vendors.This issue affects WooCommerce Product Vendors: from n/a through 2.2.1.
- CVE-2023-51495MEDIUMCVSS 6.5EG 6.52024-06-14
Missing Authorization vulnerability in Woo WooCommerce Warranty Requests.This issue affects WooCommerce Warranty Requests: from n/a through 2.2.7.
- CVE-2023-51496MEDIUMCVSS 5.3EG 5.32024-06-14
Missing Authorization vulnerability in Woo WooCommerce Warranty Requests.This issue affects WooCommerce Warranty Requests: from n/a through 2.2.7.
- CVE-2023-51497MEDIUMCVSS 5.4EG 5.42024-06-14
Missing Authorization vulnerability in Woo WooCommerce Ship to Multiple Addresses.This issue affects WooCommerce Ship to Multiple Addresses: from n/a through 3.8.9.
- CVE-2023-51498MEDIUMCVSS 5.3EG 5.32024-06-11
Missing Authorization vulnerability in Woo WooCommerce Canada Post Shipping.This issue affects WooCommerce Canada Post Shipping: from n/a through 2.8.3.
- CVE-2023-51499MEDIUMCVSS 4.3EG 4.32024-04-12
Missing Authorization vulnerability in WooCommerce WooCommerce Shipping Per Product.This issue affects WooCommerce Shipping Per Product: from n/a through 2.5.4.
- CVE-2023-51500HIGHCVSS 7.7EG 7.72024-04-17
Missing Authorization vulnerability in Undsgn Uncode Core.This issue affects Uncode Core: from n/a through 2.8.8.
- CVE-2023-51507MEDIUMCVSS 5.3EG 5.32024-06-14
Missing Authorization vulnerability in ExpressTech Quiz And Survey Master.This issue affects Quiz And Survey Master: from n/a through 8.1.16.
- CVE-2023-51515HIGHCVSS 8.8EG 8.82024-04-12
Missing Authorization vulnerability in Undsgn Uncode Core allows Privilege Escalation.This issue affects Uncode Core: from n/a through 2.8.8.
- CVE-2023-51516MEDIUMCVSS 5.4EG 5.42024-06-14
Missing Authorization vulnerability in Business Directory Team Business Directory Plugin.This issue affects Business Directory Plugin: from n/a through 6.3.9.
- CVE-2023-51519MEDIUMCVSS 4.3EG 4.32024-06-11
Missing Authorization vulnerability in Soliloquy Team Slider by Soliloquy.This issue affects Slider by Soliloquy: from n/a through 2.7.2.
- CVE-2023-51523MEDIUMCVSS 4.3EG 4.32024-06-14
Missing Authorization vulnerability in WriterSystem WooCommerce Easy Duplicate Product.This issue affects WooCommerce Easy Duplicate Product: from n/a through 0.3.0.7.
- CVE-2023-51524MEDIUMCVSS 4.3EG 4.32024-06-12
Missing Authorization vulnerability in weForms.This issue affects weForms: from n/a through 1.6.18.
- CVE-2023-51526MEDIUMCVSS 4.3EG 4.32024-06-12
Missing Authorization vulnerability in Brett Shumaker Simple Staff List.This issue affects Simple Staff List: from n/a through 2.2.4.
- CVE-2023-51537MEDIUMCVSS 5.3EG 5.32024-06-12
Missing Authorization vulnerability in Awesome Support Team Awesome Support.This issue affects Awesome Support: from n/a through 6.1.5.
- CVE-2023-5165HIGHCVSS 8.8EG 7.12023-09-25
Docker Desktop before 4.23.0 allows an unprivileged user to bypass Enhanced Container Isolation (ECI) restrictions via the debug shell which remains accessible for a short time window after launching Docker Desktop. The affected functional…
- CVE-2023-51650HIGHCVSS 7.5EG 7.52023-12-22
Hertzbeat is an open source, real-time monitoring system. Prior to version 1.4.1, Spring Boot permission configuration issues caused unauthorized access vulnerabilities to three interfaces. This could result in disclosure of sensitive serv…
- CVE-2023-51670MEDIUMCVSS 4.3EG 4.32024-06-12
Missing Authorization vulnerability in FunnelKit FunnelKit Checkout.This issue affects FunnelKit Checkout: from n/a through 3.10.3.
- CVE-2023-51671MEDIUMCVSS 5.4EG 5.42024-06-12
Missing Authorization vulnerability in FunnelKit FunnelKit Checkout.This issue affects FunnelKit Checkout: from n/a through 3.10.3.
- CVE-2023-51672HIGHCVSS 7.5EG 7.52024-04-11
Missing Authorization vulnerability in FunnelKit FunnelKit Checkout.This issue affects FunnelKit Checkout: from n/a through 3.10.3.
- CVE-2023-51679MEDIUMCVSS 5.4EG 5.42024-06-12
Missing Authorization vulnerability in BulkGate BulkGate SMS Plugin for WooCommerce.This issue affects BulkGate SMS Plugin for WooCommerce: from n/a through 3.0.2.
- CVE-2023-51680MEDIUMCVSS 4.3EG 4.32024-06-12
Missing Authorization vulnerability in TechnoVama Quotes for WooCommerce.This issue affects Quotes for WooCommerce: from n/a through 2.0.1.
- CVE-2023-51682MEDIUMCVSS 5.3EG 5.32024-06-11
Missing Authorization vulnerability in ibericode MC4WP.This issue affects MC4WP: from n/a through 4.9.9.
- CVE-2023-51692MEDIUMCVSS 4.3EG 4.32024-02-28
Missing Authorization vulnerability in CusRev Customer Reviews for WooCommerce.This issue affects Customer Reviews for WooCommerce: from n/a through 5.38.1.
- CVE-2023-52117MEDIUMCVSS 4.3EG 4.32024-06-12
Missing Authorization vulnerability in Metagauss ProfileGrid.This issue affects ProfileGrid: from n/a through 5.6.6.
- CVE-2023-52163HIGHCVSS 8.8EG 9.0⚠ KEV2025-02-03
Digiever DS-2105 Pro 3.1.0.71-11 devices allow time_tzsetup.cgi Command Injection. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
- CVE-2023-52177MEDIUMCVSS 5.4EG 5.42024-06-12
Missing Authorization vulnerability in SoftLab Integrate Google Drive.This issue affects Integrate Google Drive: from n/a through 1.3.3.
- CVE-2023-52179MEDIUMCVSS 5.4EG 5.42024-06-11
Missing Authorization vulnerability in WebCodingPlace Product Expiry for WooCommerce.This issue affects Product Expiry for WooCommerce: from n/a through 2.5.
- CVE-2023-52183MEDIUMCVSS 5.4EG 5.42024-06-11
Missing Authorization vulnerability in WebToffee WordPress Backup & Migration.This issue affects WordPress Backup & Migration: from n/a through 1.4.3.
- CVE-2023-52186MEDIUMCVSS 5.3EG 5.32024-06-11
Missing Authorization vulnerability in Woo WooCommerce Product Vendors.This issue affects WooCommerce Product Vendors: from n/a through 2.2.2.
- CVE-2023-52199MEDIUMCVSS 6.5EG 6.52024-06-11
Missing Authorization vulnerability in Matthias Pfefferle & Automattic ActivityPub.This issue affects ActivityPub: from n/a through 1.0.5.
- CVE-2023-52211MEDIUMCVSS 5.3EG 5.32024-04-12
Missing Authorization vulnerability in Automattic WP Job Manager.This issue affects WP Job Manager: from n/a through 2.0.0.
- CVE-2023-52214MEDIUMCVSS 4.3EG 4.32024-03-26
Missing Authorization vulnerability in voidCoders Void Contact Form 7 Widget For Elementor Page Builder.This issue affects Void Contact Form 7 Widget For Elementor Page Builder: from n/a through 2.3.
- CVE-2023-52217MEDIUMCVSS 4.3EG 4.32024-06-11
Missing Authorization vulnerability in weDevs WooCommerce Conversion Tracking.This issue affects WooCommerce Conversion Tracking: from n/a through 2.0.11.
- CVE-2023-52220MEDIUMCVSS 4.3EG 4.32024-04-25
Missing Authorization vulnerability in MonsterInsights Google Analytics by Monster Insights.This issue affects Google Analytics by Monster Insights: from n/a through 8.21.0.
- CVE-2023-52224MEDIUMCVSS 4.3EG 4.32024-06-11
Missing Authorization vulnerability in Revolut Revolut Gateway for WooCommerce.This issue affects Revolut Gateway for WooCommerce: from n/a through 4.9.7.
- CVE-2023-52227MEDIUMCVSS 4.3EG 4.32024-06-11
Missing Authorization vulnerability in MailerLite MailerLite – WooCommerce integration.This issue affects MailerLite – WooCommerce integration: from n/a through 2.0.8.
- CVE-2023-52229MEDIUMCVSS 6.5EG 6.52024-03-20
Missing Authorization vulnerability in Save as PDF plugin by Pdfcrowd Word Replacer Pro.This issue affects Word Replacer Pro: from n/a through 1.0.
- CVE-2023-52230MEDIUMCVSS 6.5EG 6.52024-06-09
Missing Authorization vulnerability in Pluggabl LLC Booster Plus for WooCommerce.This issue affects Booster Plus for WooCommerce: from n/a before 7.1.3.
- CVE-2023-52232MEDIUMCVSS 6.5EG 6.52024-06-09
Missing Authorization vulnerability in Pluggabl LLC Booster Plus for WooCommerce.This issue affects Booster Plus for WooCommerce: from n/a before 7.1.2.
- CVE-2023-52233HIGHCVSS 8.6EG 8.62024-06-11
Missing Authorization vulnerability in Post SMTP Post SMTP Mailer/Email Log.This issue affects Post SMTP Mailer/Email Log: from n/a through 2.8.6.
- CVE-2023-52275LOWCVSS 2.1EG 2.12023-12-31
Gallery3d on Tecno Camon X CA7 devices allows attackers to view hidden images by navigating to data/com.android.gallery3d/.privatealbum/.encryptfiles and guessing the correct image file extension.
- CVE-2023-52352MEDIUMCVSS 5.5EG 5.52024-04-08
In Network Adapter Service, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges needed
- CVE-2023-5251MEDIUMCVSS 5.4EG 5.42023-10-30
The Grid Plus plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the 'grid_plus_save_layout_callback' and 'grid_plus_delete_callback' functions in versions up to, a…
- CVE-2023-52541HIGHCVSS 7.5EG 7.52024-04-08
Authentication vulnerability in the API for app pre-loading. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
- CVE-2023-52642HIGHCVSS 7.8EG 7.82024-04-17
In the Linux kernel, the following vulnerability has been resolved: media: rc: bpf attach/detach requires write permission Note that bpf attach/detach also requires CAP_NET_ADMIN.
- CVE-2023-52713HIGHCVSS 7.7EG 7.72024-04-07
Vulnerability of improper permission control in the window management module. Impact: Successful exploitation of this vulnerability will affect availability and confidentiality.
- CVE-2023-5311HIGHCVSS 8.8EG 8.82023-10-25
The WP EXtra plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the register() function in versions up to, and including, 6.2. This makes it possible for authenticated attackers, wi…
- CVE-2023-5314MEDIUMCVSS 4.3EG 4.32023-11-22
The WP EXtra plugin for WordPress is vulnerable to unauthorized access to restricted functionality due to a missing capability check on the 'test-email' section of the register() function in versions up to, and including, 6.2. This makes i…
- CVE-2023-5321MEDIUMCVSS 5.5EG 5.12023-09-30
Missing Authorization in GitHub repository hamza417/inure prior to build94.
Map vulnerabilities like CWE-862 to your infrastructure
EchelonGraph correlates every CVE — across CWE-862 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →