CWE-862— Missing Authorization
The product does not perform an authorization check when an actor attempts to access a resource or perform an action.— MITRE CWE catalog
8,528 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-862page 78 of 171
- CVE-2024-3602MEDIUMCVSS 4.3EG 4.32024-06-20
The Pop ups, Exit intent popups, email popups, banners, bars, countdowns and cart savers – Promolayer plugin for WordPress is vulnerable to unauthorized plugin settings update due to a missing capability check on the disconnect_promolaye…
- CVE-2024-36036MEDIUMCVSS 4.2EG 4.22024-05-27
Zoho ManageEngine ADAudit Plus versions 7260 and below allows unauthorized local agent machine users to access sensitive information and modifying the agent configuration.
- CVE-2024-3606MEDIUMCVSS 4.3EG 4.32024-05-02
The ProfileGrid – User Profiles, Memberships, Groups and Communities plugin for WordPress is vulnerable to unauthorized deletion of data due to a missing capability check on the pm_upload_cover_image function in all versions up to, and i…
- CVE-2024-3607MEDIUMCVSS 4.3EG 4.32024-05-02
The PropertyHive plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the delete_key_date() function in all versions up to, and including, 2.0.12. This makes it possible for authenticated att…
- CVE-2024-3608MEDIUMCVSS 5.3EG 5.32024-07-09
The Product Designer plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the product_designer_ajax_delete_attach_id() function in all versions up to, and including, 1.0.33. This makes it pos…
- CVE-2024-3609MEDIUMCVSS 4.3EG 4.32024-05-16
The ReviewX – Multi-criteria Rating & Reviews for WooCommerce plugin for WordPress is vulnerable to unauthorized deletion of data due to a missing capability check on the reviewx_remove_guest_image function in all versions up to, and inc…
- CVE-2024-3610MEDIUMCVSS 5.3EG 5.32024-06-21
The WP Child Theme Generator plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wctg_easy_child_theme() function in all versions up to, and including, 1.1.1. This makes it possi…
- CVE-2024-36113MEDIUMCVSS 4.9EG 4.92024-07-03
Discourse is an open-source discussion platform. Prior to version 3.2.3 on the `stable` branch, version 3.3.0.beta3 on the `beta` branch, and version 3.3.0.beta4-dev on the `tests-passed` branch, a rogue staff user could suspend other staf…
- CVE-2024-36246CRITICALCVSS 9.8EG 9.82024-05-31
Missing authorization vulnerability exists in Unifier and Unifier Cast. If this vulnerability is exploited, arbitrary code may be executed with LocalSystem privilege. As a result, a malicious program may be installed, data may be altered o…
- CVE-2024-3626MEDIUMCVSS 4.3EG 4.32024-05-23
The Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the get_template_conte…
- CVE-2024-3627MEDIUMCVSS 5.4EG 5.42024-06-20
The Wheel of Life: Coaching and Assessment Tool for Life Coach plugin for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check on several functions in the AjaxFunctions.php file in all ver…
- CVE-2024-36326HIGHCVSS 8.4EG 8.42025-09-06
Missing authorization in AMD RomArmor could allow an attacker to bypass ROMArmor protections during system resume from a standby state, potentially resulting in a loss of confidentiality and integrity.
- CVE-2024-36377MEDIUMCVSS 6.5EG 6.52024-05-29
In JetBrains TeamCity before 2024.03.2 certain TeamCity API endpoints did not check user permissions
- CVE-2024-3662MEDIUMCVSS 4.3EG 4.32024-04-13
The WPZOOM Social Feed Widget & Block plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the wpzoom_instagram_clear_data() function in all versions up to, and including, 2.1.13. This makes it pos…
- CVE-2024-3663MEDIUMCVSS 4.3EG 4.32024-05-22
The WP Scraper plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the wp_scraper_multi_scrape_action() function in all versions up to, and including, 5.7. This makes it possible for authenticated…
- CVE-2024-3664MEDIUMCVSS 4.3EG 4.32024-04-23
The Quick Featured Images plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the set_thumbnail and delete_thumbnail functions in all versions up to, and including, 13.7.0. This make…
- CVE-2024-3678MEDIUMCVSS 5.3EG 5.32024-04-26
The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.4.2. This makes it possible for unauthenticated attackers to view limited info…
- CVE-2024-36995MEDIUMCVSS 5.4EG 5.42024-07-01
In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200 and 9.1.2308.207, a low-privileged user that does not hold the admin or power Splunk roles could create experimental items.
- CVE-2024-37094HIGHCVSS 8.2EG 8.22024-11-01
Missing Authorization vulnerability in StylemixThemes MasterStudy LMS allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects MasterStudy LMS: from n/a through 3.2.12.
- CVE-2024-37095MEDIUMCVSS 4.3EG 4.32024-11-01
Missing Authorization vulnerability in Envira Gallery Team Envira Photo Gallery allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Envira Photo Gallery: from n/a through 1.8.7.3.
- CVE-2024-37096MEDIUMCVSS 4.3EG 4.32024-11-01
Missing Authorization vulnerability in Popup Box Team Popup allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Popup box: from n/a through 4.5.1.
- CVE-2024-37106HIGHCVSS 8.2EG 8.22024-11-01
Missing Authorization vulnerability in WishList Products WishList Member X allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WishList Member X: from n/a through 3.26.6
- CVE-2024-3711MEDIUMCVSS 4.3EG 4.32024-05-23
The Brizy – Page Builder plugin for WordPress is vulnerable to unauthorized plugin setting update due to a missing capability check on the functions action_request_disable, action_change_template, and action_request_enable in all version…
- CVE-2024-37111HIGHCVSS 7.5EG 7.52024-06-24
Missing Authorization vulnerability in Membership Software WishList Member X.This issue affects WishList Member X: from n/a before 3.26.7.
- CVE-2024-37119MEDIUMCVSS 5.3EG 5.32024-11-01
Missing Authorization vulnerability in Uncanny Owl Uncanny Automator Pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Uncanny Automator Pro: from n/a through 5.3.0.0.
- CVE-2024-37123MEDIUMCVSS 5.3EG 5.32024-11-01
Missing Authorization vulnerability in VowelWeb Ibtana allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ibtana: from n/a through 1.2.3.3.
- CVE-2024-37172MEDIUMCVSS 5.4EG 5.42024-07-09
SAP S/4HANA Finance (Advanced Payment Management) does not perform necessary authorization check for an authenticated user, resulting in escalation of privileges. As a result, it has a low impact to confidentiality and availability but the…
- CVE-2024-37175MEDIUMCVSS 4.3EG 4.32024-07-09
SAP CRM WebClient does not perform necessary authorization check for an authenticated user, resulting in escalation of privileges. This could allow an attacker to access some sensitive information.
- CVE-2024-37176MEDIUMCVSS 5.5EG 5.52024-06-11
SAP BW/4HANA Transformation and Data Transfer Process (DTP) allows an authenticated attacker to gain higher access levels than they should have by exploiting improper authorization checks. This results in escalation of privileges. It has n…
- CVE-2024-37201MEDIUMCVSS 4.3EG 4.32024-11-01
Missing Authorization vulnerability in javmah Woocommerce Customers Order History allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Woocommerce Customers Order History: from n/a through 5.2.2.
- CVE-2024-37202MEDIUMCVSS 6.5EG 6.52024-07-12
Missing Authorization vulnerability in BinaryCarpenter Ultimate Custom Add To Cart Button (Ajax) For WooCommerce by Binary Carpenter custom-add-to-cart-button-for-woocommerce.This issue affects Ultimate Custom Add To Cart Button (Ajax) For…
- CVE-2024-37203MEDIUMCVSS 4.3EG 4.32024-11-01
Missing Authorization vulnerability in Laybuy Laybuy Payment Extension for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Laybuy Payment Extension for WooCommerce: from n/a through 5.…
- CVE-2024-37204MEDIUMCVSS 4.3EG 4.32024-11-01
Missing Authorization vulnerability in PropertyHive PropertyHive allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PropertyHive: from n/a through 2.0.9.
- CVE-2024-37207MEDIUMCVSS 5.4EG 5.42024-11-01
Missing Authorization vulnerability in Theme4Press Demo Awesome allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Demo Awesome: from n/a through 1.0.2.
- CVE-2024-37209MEDIUMCVSS 6.5EG 6.52024-11-01
Access Control vulnerability in Prism IT Systems User Rights Access Manager allows . This issue affects User Rights Access Manager: from n/a through 1.1.2.
- CVE-2024-37210MEDIUMCVSS 6.5EG 6.52026-06-17
Missing Authorization vulnerability in ali2woo AliNext allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects AliNext: from n/a through 3.3.5.
- CVE-2024-37214MEDIUMCVSS 6.5EG 6.52024-11-01
Missing Authorization vulnerability in Dropshipping Guru Ali2Woo Lite Exploiting Incorrectly Configured Access Control Security Levels, Stored XSS.This issue affects Ali2Woo Lite: from n/a through 3.3.5.
- CVE-2024-37218MEDIUMCVSS 4.3EG 4.32024-11-01
Missing Authorization vulnerability in WordPress Page Builder Sandwich Team Page Builder Sandwich – Front-End Page Builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Page Builder Sandwich �…
- CVE-2024-37220MEDIUMCVSS 5.3EG 5.32024-11-01
Missing Authorization vulnerability in OptinlyHQ Optinly allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Optinly: from n/a through 1.0.18.
- CVE-2024-37226MEDIUMCVSS 5.3EG 5.32024-11-01
Missing Authorization vulnerability in Kanban for WordPress Kanban Boards for WordPress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Kanban Boards for WordPress: from n/a through 2.5.21.
- CVE-2024-37232HIGHCVSS 8.8EG 8.82024-11-01
Missing Authorization vulnerability in Hercules Design Hercules Core allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Hercules Core: from n/a through 6.5.
- CVE-2024-37249MEDIUMCVSS 4.3EG 4.32024-11-01
Missing Authorization vulnerability in WPEngine Inc. Advanced Custom Fields PRO allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Advanced Custom Fields PRO: from n/a through 6.3.1.
- CVE-2024-37250MEDIUMCVSS 5.4EG 5.42024-11-01
Missing Authorization vulnerability in WPEngine Inc. Advanced Custom Fields PRO allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Advanced Custom Fields PRO: from n/a through 6.3.1.
- CVE-2024-37254MEDIUMCVSS 4.3EG 4.32024-11-01
Missing Authorization vulnerability in mndpsingh287 File Manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects File Manager: from n/a through 7.2.7.
- CVE-2024-37255MEDIUMCVSS 5.3EG 5.32024-11-01
Missing Authorization vulnerability in Roxnor ElementsKit Elementor addons Lite elementskit-lite.This issue affects ElementsKit Elementor addons Lite: from n/a through <= 3.1.4.
- CVE-2024-37269MEDIUMCVSS 5.3EG 5.32024-11-01
Missing Authorization vulnerability in StylemixThemes Masterstudy Elementor Widgets allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Masterstudy Elementor Widgets: from n/a through 1.2.2.
- CVE-2024-37276MEDIUMCVSS 5.3EG 5.32024-11-01
Missing Authorization vulnerability in fifu.App Featured Image from URL allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Featured Image from URL: from n/a through 4.8.1.
- CVE-2024-37296MEDIUMCVSS 5.3EG 5.32024-06-11
The Aimeos HTML client provides Aimeos HTML components for e-commerce projects. Starting in version 2020.04.1 and prior to versions 2020.10.27, 2021.10.21, 2022.10.12, 2023.10.14, and 2024.04.5, digital downloads sold in online shops can b…
- CVE-2024-37314LOWCVSS 3.5EG 3.52024-06-14
Nextcloud Photos is a photo management app. Users can remove photos from the album of registered users. It is recommended that the Nextcloud Server is upgraded to 25.0.7 or 26.0.2 and the Nextcloud Enterprise Server is upgraded to 25.0.7 o…
- CVE-2024-37317MEDIUMCVSS 4.6EG 4.62024-06-14
The Nextcloud Notes app is a distraction free notes taking app for Nextcloud. If an attacker managed to share a folder called `Notes/` with a newly created user before they logged in, the Notes app would use that folder store the personal …
Map vulnerabilities like CWE-862 to your infrastructure
EchelonGraph correlates every CVE — across CWE-862 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →