CWE-862— Missing Authorization
The product does not perform an authorization check when an actor attempts to access a resource or perform an action.— MITRE CWE catalog
8,527 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-862page 77 of 171
- CVE-2024-34815MEDIUMCVSS 5.4EG 5.42024-06-11
Missing Authorization vulnerability in Javier Carazo Import and export users and customers import-users-from-csv-with-meta.This issue affects Import and export users and customers: from n/a through <= 1.26.5.
- CVE-2024-34819MEDIUMCVSS 5.3EG 5.32024-06-11
Missing Authorization vulnerability in Moreconvert Team MC Woocommerce Wishlist smart-wishlist-for-more-convert.This issue affects MC Woocommerce Wishlist: from n/a through <= 1.7.2.
- CVE-2024-34820MEDIUMCVSS 6.5EG 6.52024-06-11
Missing Authorization vulnerability in If So Plugin If-So Dynamic Content Personalization.This issue affects If-So Dynamic Content Personalization: from n/a through 1.7.1.
- CVE-2024-34821MEDIUMCVSS 5.3EG 5.32024-06-11
Missing Authorization vulnerability in Anssi Laitila Contact List contact-list.This issue affects Contact List: from n/a through <= 2.9.87.
- CVE-2024-34822MEDIUMCVSS 5.3EG 5.32024-06-11
Missing Authorization vulnerability in weDevs weMail.This issue affects weMail: from n/a through 1.14.2.
- CVE-2024-34824MEDIUMCVSS 4.3EG 4.32024-06-11
Missing Authorization vulnerability in ThemeBoy SportsPress – Sports Club & League Manager.This issue affects SportsPress – Sports Club & League Manager: from n/a through 2.7.20.
- CVE-2024-34826MEDIUMCVSS 6.3EG 6.32024-06-11
Missing Authorization vulnerability in Saleswonder Team: Tobias CF7 WOW Styler cf7-styler.This issue affects CF7 WOW Styler: from n/a through <= 1.6.4.
- CVE-2024-35168MEDIUMCVSS 4.3EG 4.32024-06-11
Missing Authorization vulnerability in Discourse WP Discourse.This issue affects WP Discourse: from n/a through 2.5.1.
- CVE-2024-35174MEDIUMCVSS 5.3EG 5.32024-05-17
Missing Authorization vulnerability in Flothemes Flo Forms.This issue affects Flo Forms: from n/a through 1.0.42.
- CVE-2024-3520MEDIUMCVSS 4.3EG 4.32024-05-02
The Country State City Dropdown CF7 plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the tc_csca_patch_settings function in all versions up to, and including, 2.7.1. This makes it…
- CVE-2024-35237HIGHCVSS 7.5EG 7.52024-05-27
MIT IdentiBot is an open-source Discord bot written in Node.js that verifies individuals' affiliations with MIT, grants them roles in a Discord server, and stores information about them in a database backend. A vulnerability that exists pr…
- CVE-2024-3546MEDIUMCVSS 4.3EG 4.32024-05-02
The WordPress Backup & Migration plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the wp_mgdp_populate_popup function in all versions up to, and including, 1.4.8. This makes it possible…
- CVE-2024-3553MEDIUMCVSS 6.5EG 6.52024-05-02
The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the hide_notices function in all versions up to, and including, 2.6.2. This…
- CVE-2024-3555HIGHCVSS 7.2EG 7.22024-06-04
The Social Link Pages: link-in-bio landing pages for your social media profiles plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the import_link_pages() function in all versions up to, and incl…
- CVE-2024-35628MEDIUMCVSS 4.3EG 4.32024-06-11
Missing Authorization vulnerability in Photo Gallery Team Photo Gallery by 10Web.This issue affects Photo Gallery by 10Web: from n/a through 1.8.25.
- CVE-2024-35659MEDIUMCVSS 5.3EG 5.32024-06-08
Missing Authorization vulnerability in Iqonic Design KiviCare kivicare-clinic-management-system allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects KiviCare: from n/a through <= 3.6.6.
- CVE-2024-35660MEDIUMCVSS 6.5EG 6.52024-06-09
Missing Authorization vulnerability in Jewel Theme Master Addons for Elementor.This issue affects Master Addons for Elementor: from n/a through 2.0.5.4.1.
- CVE-2024-35661MEDIUMCVSS 5.3EG 5.32024-06-09
Missing Authorization vulnerability in SoftLab Upload Fields for WPForms.This issue affects Upload Fields for WPForms: from n/a through 1.0.2.
- CVE-2024-35662MEDIUMCVSS 5.4EG 5.42024-06-09
Missing Authorization vulnerability in Andreas Sofantzis Simple COD Fees for WooCommerce.This issue affects Simple COD Fees for WooCommerce: from n/a through 2.0.2.
- CVE-2024-35663MEDIUMCVSS 5.4EG 5.42024-06-11
Missing Authorization vulnerability in HahnCreativeGroup WP Translate.This issue affects WP Translate: from n/a through 5.3.0.
- CVE-2024-35665MEDIUMCVSS 5.3EG 5.32024-06-11
Missing Authorization vulnerability in namithjawahar Insert Post Ads.This issue affects Insert Post Ads: from n/a through 1.3.2.
- CVE-2024-35667MEDIUMCVSS 5.3EG 5.32024-06-11
Missing Authorization vulnerability in WP EasyCart.This issue affects WP EasyCart: from n/a through 5.5.19.
- CVE-2024-35669MEDIUMCVSS 4.3EG 4.32024-06-09
Missing Authorization vulnerability in Bowo Debug Log Manager.This issue affects Debug Log Manager: from n/a through 2.3.1.
- CVE-2024-35671MEDIUMCVSS 4.3EG 4.32024-06-11
Missing Authorization vulnerability in Minoji MJ Update History.This issue affects MJ Update History: from n/a through 1.0.4.
- CVE-2024-35672HIGHCVSS 7.5EG 7.52024-06-04
Missing Authorization vulnerability in Netgsm.This issue affects Netgsm: from n/a through 2.9.19.
- CVE-2024-35674MEDIUMCVSS 4.3EG 4.32024-06-05
Missing Authorization vulnerability in Unlimited Elements Unlimited Elements For Elementor (Free Widgets, Addons, Templates) unlimited-elements-for-elementor.This issue affects Unlimited Elements For Elementor (Free Widgets, Addons, Templa…
- CVE-2024-35683MEDIUMCVSS 5.3EG 5.32024-06-11
Missing Authorization vulnerability in Teplitsa of social technologies Leyka.This issue affects Leyka: from n/a through 3.31.1.
- CVE-2024-35685MEDIUMCVSS 5.3EG 5.32024-06-11
Missing Authorization vulnerability in Anders Norén Radcliffe 2.This issue affects Radcliffe 2: from n/a through 2.0.17.
- CVE-2024-35686MEDIUMCVSS 5.3EG 5.32024-08-18
Missing Authorization vulnerability in Automattic Sensei LMS, Automattic Sensei Pro (WC Paid Courses).This issue affects Sensei LMS: from n/a through 4.23.1; Sensei Pro (WC Paid Courses): from n/a through 4.23.1.1.23.1.
- CVE-2024-35692MEDIUMCVSS 5.3EG 5.32024-06-11
Missing Authorization vulnerability in Termly Cookie Consent.This issue affects Cookie Consent: from n/a through 3.2.
- CVE-2024-35716MEDIUMCVSS 6.5EG 6.52024-06-11
Missing Authorization vulnerability in Copymatic Copymatic – AI Content Writer & Generator.This issue affects Copymatic – AI Content Writer & Generator: from n/a through 1.9.
- CVE-2024-35717MEDIUMCVSS 4.3EG 4.32024-06-10
Missing Authorization vulnerability in A WP Life Media Slider – Photo Sleder, Video Slider, Link Slider, Carousal Slideshow.This issue affects Media Slider – Photo Sleder, Video Slider, Link Slider, Carousal Slideshow: from n/a through…
- CVE-2024-35720MEDIUMCVSS 4.3EG 4.32024-06-10
Missing Authorization vulnerability in A WP Life Album Gallery – WordPress Gallery.This issue affects Album Gallery – WordPress Gallery: from n/a through 1.5.7.
- CVE-2024-35721MEDIUMCVSS 4.3EG 4.32024-06-10
Missing Authorization vulnerability in A WP Life Image Gallery – Lightbox Gallery, Responsive Photo Gallery, Masonry Gallery.This issue affects Image Gallery – Lightbox Gallery, Responsive Photo Gallery, Masonry Gallery: from n/a throu…
- CVE-2024-35722MEDIUMCVSS 4.3EG 4.32024-06-10
Missing Authorization vulnerability in A WP Life Slider Responsive Slideshow – Image slider, Gallery slideshow.This issue affects Slider Responsive Slideshow – Image slider, Gallery slideshow: from n/a through 1.4.0.
- CVE-2024-35723MEDIUMCVSS 4.3EG 4.32024-06-10
Missing Authorization vulnerability in Andrew Dashboard To-Do List dashboard-to-do-list.This issue affects Dashboard To-Do List: from n/a through <= 1.2.0.
- CVE-2024-35724MEDIUMCVSS 4.3EG 4.32024-06-10
Missing Authorization vulnerability in Bosa Themes Bosa Elementor Addons and Templates for WooCommerce.This issue affects Bosa Elementor Addons and Templates for WooCommerce: from n/a through 1.0.12.
- CVE-2024-35725MEDIUMCVSS 4.3EG 4.32024-06-10
Missing Authorization vulnerability in LA-Studio LA-Studio Element Kit for Elementor.This issue affects LA-Studio Element Kit for Elementor: from n/a through 1.3.6.
- CVE-2024-35726MEDIUMCVSS 4.3EG 4.32024-06-10
Missing Authorization vulnerability in ThemeKraft WooBuddy.This issue affects WooBuddy: from n/a through 3.4.19.
- CVE-2024-35727MEDIUMCVSS 4.3EG 4.32024-06-10
Missing Authorization vulnerability in actpro Extra Product Options for WooCommerce.This issue affects Extra Product Options for WooCommerce: from n/a through 3.0.6.
- CVE-2024-35729MEDIUMCVSS 5.3EG 5.32024-06-10
Missing Authorization vulnerability in Tickera Tickera tickera-event-ticketing-system allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tickera: from n/a through <= 3.5.2.6.
- CVE-2024-35735MEDIUMCVSS 5.3EG 5.32024-06-10
Missing Authorization vulnerability in CodePeople WP Time Slots Booking Form.This issue affects WP Time Slots Booking Form: from n/a through 1.2.11.
- CVE-2024-35741MEDIUMCVSS 4.3EG 4.32024-06-10
Missing Authorization vulnerability in Awesome Support Team Awesome Support.This issue affects Awesome Support: from n/a through 6.1.7.
- CVE-2024-35742MEDIUMCVSS 5.3EG 5.32024-06-10
Missing Authorization vulnerability in Code Parrots Easy Forms for Mailchimp.This issue affects Easy Forms for Mailchimp: from n/a through 6.9.0.
- CVE-2024-35748MEDIUMCVSS 5.3EG 5.32024-06-09
Missing Authorization vulnerability in OPMC WooCommerce Dropshipping.This issue affects WooCommerce Dropshipping: from n/a through 5.0.4.
- CVE-2024-3581MEDIUMCVSS 4.3EG 4.32024-05-02
The MaxGalleria plugin for WordPress is vulnerable to unauthorized image upload due to a missing capability check on the add_media_library_images_to_gallery function in all versions up to, and including, 6.4.2. This makes it possible for a…
- CVE-2024-3585MEDIUMCVSS 5.3EG 5.32024-05-02
The Send PDF for Contact Form 7 plugin for WordPress is vulnerable to unauthorized access of form submissions due to a missing capability check on the hooks function in all versions up to, and including, 1.0.2.3. This makes it possible for…
- CVE-2024-3599MEDIUMCVSS 5.3EG 5.32024-05-02
The WP Cookie Consent ( for GDPR, CCPA & ePrivacy ) plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the gdpr_policy_process_delete() function in all versions up to, and including, 3.0.2.…
- CVE-2024-3600HIGHCVSS 7.2EG 7.22024-04-19
The Poll Maker – Best WordPress Poll Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting due to a missing capability check on the ays_poll_maker_quick_start AJAX action in addition to insufficient escaping and saniti…
- CVE-2024-3601MEDIUMCVSS 5.3EG 5.32024-05-02
The Poll Maker – Best WordPress Poll Plugin plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the ays_poll_create_author function in all versions up to, and including, 5.1.8. This make…
Map vulnerabilities like CWE-862 to your infrastructure
EchelonGraph correlates every CVE — across CWE-862 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →