CWE-862— Missing Authorization
The product does not perform an authorization check when an actor attempts to access a resource or perform an action.— MITRE CWE catalog
8,527 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-862page 76 of 171
- CVE-2024-33635HIGHCVSS 7.5EG 7.52024-04-29
Missing Authorization vulnerability in Piotnet Piotnet Addons For Elementor Pro.This issue affects Piotnet Addons For Elementor Pro: from n/a through 7.1.17.
- CVE-2024-33636MEDIUMCVSS 5.4EG 5.42024-04-29
Missing Authorization vulnerability in Mahesh Vora WP Page Post Widget Clone.This issue affects WP Page Post Widget Clone: from n/a through 1.0.1.
- CVE-2024-33652MEDIUMCVSS 5.3EG 5.32024-04-29
Missing Authorization vulnerability in Real Big Plugins Client Dash.This issue affects Client Dash: from n/a through 2.2.1.
- CVE-2024-33667MEDIUMCVSS 6.5EG 6.52024-04-26
An issue was discovered in Zammad before 6.3.0. An authenticated agent could perform a remote Denial of Service attack by calling an endpoint that accepts a generic method name, which was not properly sanitized against an allowlist.
- CVE-2024-33684MEDIUMCVSS 6.5EG 6.52024-04-29
Missing Authorization vulnerability in Pdfcrowd Save as PDF plugin by Pdfcrowd allows Stored XSS.This issue affects Save as PDF plugin by Pdfcrowd: from n/a through 3.2.0.
- CVE-2024-33685MEDIUMCVSS 4.3EG 4.32026-06-17
Missing Authorization vulnerability in Jegstudio Startupzy startupzy allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Startupzy: from n/a through 1.1.1.
- CVE-2024-33686MEDIUMCVSS 4.3EG 4.32024-04-29
Missing Authorization vulnerability in Extend Themes Pathway, Extend Themes Hugo WP, Extend Themes Althea WP, Extend Themes Elevate WP, Extend Themes Brite, Extend Themes Colibri WP, Extend Themes Vertice.This issue affects Pathway: from n…
- CVE-2024-33907MEDIUMCVSS 5.3EG 5.32024-05-06
Missing Authorization vulnerability in Michael Nelson Print My Blog print-my-blog.This issue affects Print My Blog: from n/a through <= 3.26.2.
- CVE-2024-33908MEDIUMCVSS 5.3EG 5.32024-05-06
Missing Authorization vulnerability in Themesgrove WidgetKit.This issue affects WidgetKit: from n/a through 2.5.0.
- CVE-2024-33909MEDIUMCVSS 5.3EG 5.32026-06-17
Missing Authorization vulnerability in Avirtum iPages Flipbook allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects iPages Flipbook: from n/a through 1.5.1.
- CVE-2024-33910MEDIUMCVSS 5.3EG 5.32024-05-06
Missing Authorization vulnerability in Supsystic Digital Publications by Supsystic.This issue affects Digital Publications by Supsystic: from n/a through 1.7.7.
- CVE-2024-33912HIGHCVSS 7.1EG 7.12024-05-06
Missing Authorization vulnerability in Academy LMS.This issue affects Academy LMS: from n/a through 1.9.16.
- CVE-2024-33914MEDIUMCVSS 4.3EG 4.32024-05-03
Missing Authorization vulnerability in Exclusive Addons Exclusive Addons Elementor.This issue affects Exclusive Addons Elementor: from n/a through 2.6.9.1.
- CVE-2024-33915MEDIUMCVSS 4.3EG 4.32024-05-03
Missing Authorization vulnerability in Bowo Debug Log Manager.This issue affects Debug Log Manager: from n/a through 2.3.1.
- CVE-2024-33919MEDIUMCVSS 6.5EG 6.52024-05-03
Missing Authorization vulnerability in Rometheme RomethemeKit For Elementor.This issue affects RomethemeKit For Elementor: from n/a through 1.4.1.
- CVE-2024-33920MEDIUMCVSS 5.3EG 5.32024-05-03
Missing Authorization vulnerability in Kama Democracy Poll.This issue affects Democracy Poll: from n/a through 6.0.3.
- CVE-2024-33923MEDIUMCVSS 6.3EG 6.32024-05-03
Missing Authorization vulnerability in Smartypants SP Project & Document Manager.This issue affects SP Project & Document Manager : from n/a through 4.69.
- CVE-2024-33925MEDIUMCVSS 4.3EG 4.32024-05-03
Missing Authorization vulnerability in Adrian Mörchen Embed Google Fonts.This issue affects Embed Google Fonts: from n/a through 3.1.0.
- CVE-2024-33929MEDIUMCVSS 5.3EG 5.32024-05-03
Missing Authorization vulnerability in wpWax Directorist.This issue affects Directorist: from n/a through 7.8.6.
- CVE-2024-33931MEDIUMCVSS 6.5EG 6.52024-05-03
Missing Authorization vulnerability in ilGhera JW Player for WordPress.This issue affects JW Player for WordPress: from n/a through 2.3.3.
- CVE-2024-33937MEDIUMCVSS 4.3EG 4.32024-05-03
Missing Authorization vulnerability in Nico Martin Progressive WordPress (PWA).This issue affects Progressive WordPress (PWA): from n/a through 2.1.13.
- CVE-2024-33938MEDIUMCVSS 6.5EG 6.52024-05-14
Missing Authorization vulnerability in codename065 Sliding Widgets allows Cross-Site Scripting (XSS).This issue affects Sliding Widgets: from n/a through 1.5.0.
- CVE-2024-33941MEDIUMCVSS 5.3EG 5.32024-05-03
Missing Authorization vulnerability in Avirtum iPanorama 360 WordPress Virtual Tour Builder.This issue affects iPanorama 360 WordPress Virtual Tour Builder: from n/a through 1.8.1.
- CVE-2024-33942MEDIUMCVSS 4.3EG 4.32024-05-14
Missing Authorization vulnerability in Eric Alli Google Typography.This issue affects Google Typography: from n/a through 1.1.2.
- CVE-2024-33944MEDIUMCVSS 6.5EG 6.52024-05-02
Missing Authorization vulnerability in Kestrel WooCommerce AWeber Newsletter Subscription.This issue affects WooCommerce AWeber Newsletter Subscription: from n/a through 4.0.2.
- CVE-2024-33956MEDIUMCVSS 4.3EG 4.32024-05-14
Missing Authorization vulnerability in ThemeLocation Custom WooCommerce Checkout Fields Editor.This issue affects Custom WooCommerce Checkout Fields Editor: from n/a through 1.3.0.
- CVE-2024-34146MEDIUMCVSS 6.5EG 6.52024-05-02
Jenkins Git server Plugin 114.v068a_c7cc2574 and earlier does not perform a permission check for read access to a Git repository over SSH, allowing attackers with a previously configured SSH public key but lacking Overall/Read permission t…
- CVE-2024-34371MEDIUMCVSS 4.3EG 4.32024-05-06
Missing Authorization vulnerability in Hamid Alinia Login with phone number login-with-phone-number.This issue affects Login with phone number: from n/a through <= 1.7.18.
- CVE-2024-34372MEDIUMCVSS 5.3EG 5.32024-05-06
Missing Authorization vulnerability in AddonMaster Post Grid Master.This issue affects Post Grid Master: from n/a through 3.4.7.
- CVE-2024-34377MEDIUMCVSS 4.3EG 4.32024-05-06
Missing Authorization vulnerability in A WP Life Video Gallery – Api Gallery, YouTube and Vimeo, Link Gallery.This issue affects Video Gallery – Api Gallery, YouTube and Vimeo, Link Gallery: from n/a through 1.5.3.
- CVE-2024-34378HIGHCVSS 8.6EG 8.62024-05-06
Missing Authorization vulnerability in LeadConnector.This issue affects LeadConnector: from n/a through 1.7.
- CVE-2024-34387MEDIUMCVSS 4.3EG 4.32024-05-06
Missing Authorization vulnerability in AF themes WP Post Author.This issue affects WP Post Author: from n/a through 3.6.4.
- CVE-2024-34389MEDIUMCVSS 4.3EG 4.32024-05-06
Missing Authorization vulnerability in AF themes WP Post Author.This issue affects WP Post Author: from n/a through 3.6.4.
- CVE-2024-34435MEDIUMCVSS 4.3EG 4.32024-06-09
Missing Authorization vulnerability in CodeRevolution Aiomatic.This issue affects Aiomatic: from n/a through 1.9.3.
- CVE-2024-34438MEDIUMCVSS 5.3EG 5.32026-02-20
Missing Authorization vulnerability in Anssi Laitila Shared Files shared-files.This issue affects Shared Files: from n/a through <= 1.7.19.
- CVE-2024-34442MEDIUMCVSS 5.3EG 5.32024-06-11
Missing Authorization vulnerability in weDevs weDocs.This issue affects weDocs: from n/a through 2.1.4.
- CVE-2024-34444HIGHCVSS 7.1EG 7.12024-06-19
Missing Authorization vulnerability in ThemePunch OHG Slider Revolution.This issue affects Slider Revolution: from n/a before 6.7.0.
- CVE-2024-34690MEDIUMCVSS 5.4EG 5.42024-06-11
SAP Student Life Cycle Management (SLcM) fails to conduct proper authorization checks for authenticated users, leading to the potential escalation of privileges. On successful exploitation it could allow an attacker to access and edit non-…
- CVE-2024-34691MEDIUMCVSS 6.5EG 6.52024-06-11
Manage Incoming Payment Files (F1680) of SAP S/4HANA does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. As a result, it has high impact on integrity and no impact on the confid…
- CVE-2024-34719HIGHCVSS 7.8EG 8.42024-11-13
In multiple locations, there is a possible permissions bypass due to a missing null check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
- CVE-2024-34753MEDIUMCVSS 5.3EG 5.32024-06-11
Missing Authorization vulnerability in SoftLab Radio Player.This issue affects Radio Player: from n/a through 2.0.73.
- CVE-2024-34758MEDIUMCVSS 5.3EG 5.32024-06-11
Missing Authorization vulnerability in Wpmet WP Fundraising Donation and Crowdfunding Platform.This issue affects WP Fundraising Donation and Crowdfunding Platform: from n/a through 1.6.4.
- CVE-2024-34763MEDIUMCVSS 5.3EG 5.32024-06-11
Missing Authorization vulnerability in Saleswonder Team: Tobias Builder for WooCommerce reviews shortcodes – ReviewShort woo-product-reviews-shortcode.This issue affects Builder for WooCommerce reviews shortcodes – ReviewShort: from n/…
- CVE-2024-34768MEDIUMCVSS 5.3EG 5.32024-06-11
Missing Authorization vulnerability in Fastly.This issue affects Fastly: from n/a through 1.2.25.
- CVE-2024-34799MEDIUMCVSS 6.5EG 6.52024-06-11
Missing Authorization vulnerability in Repute Infosystems BookingPress.This issue affects BookingPress: from n/a through 1.0.82.
- CVE-2024-34800HIGHCVSS 7.6EG 7.62024-06-10
Missing Authorization vulnerability in Crafthemes Crafthemes Demo Import crafthemes-demo-import allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Crafthemes Demo Import: from n/a through <= 3.3.
- CVE-2024-34802MEDIUMCVSS 5.3EG 5.32024-06-09
Missing Authorization vulnerability in AdFoxly AdFoxly – Ad Manager, AdSense Ads & Ads.Txt.This issue affects AdFoxly – Ad Manager, AdSense Ads & Ads.Txt: from n/a through 1.8.5.
- CVE-2024-34803MEDIUMCVSS 4.3EG 4.32024-06-03
Missing Authorization vulnerability in Fastly.This issue affects Fastly: from n/a through 1.2.25.
- CVE-2024-34804MEDIUMCVSS 5.4EG 5.42024-06-11
Missing Authorization vulnerability in Tagembed.This issue affects Tagembed: from n/a through 5.8.
- CVE-2024-34813MEDIUMCVSS 5.3EG 5.32024-06-11
Missing Authorization vulnerability in Moreconvert Team MC Woocommerce Wishlist smart-wishlist-for-more-convert.This issue affects MC Woocommerce Wishlist: from n/a through <= 1.7.8.
Map vulnerabilities like CWE-862 to your infrastructure
EchelonGraph correlates every CVE — across CWE-862 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →