CWE-862— Missing Authorization
The product does not perform an authorization check when an actor attempts to access a resource or perform an action.— MITRE CWE catalog
8,528 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-862page 79 of 171
- CVE-2024-37363MEDIUMCVSS 6.5EG 6.52025-02-20
The product does not perform an authorization check when an actor attempts to access a resource or perform an action. (CWE-862) Hitachi Vantara Pentaho Business Analytics Server versions before 10.2.0.0 and 9.3.0.8, including 8.3.x…
- CVE-2024-37411MEDIUMCVSS 5.3EG 5.32024-11-01
Missing Authorization vulnerability in Progress Planner Progress Planner progress-planner.This issue affects Progress Planner: from n/a through <= 0.9.1.
- CVE-2024-37415MEDIUMCVSS 5.4EG 5.42024-11-01
Missing Authorization vulnerability in E2Pdf e2pdf e2pdf.This issue affects e2pdf: from n/a through <= 1.20.27.
- CVE-2024-37425MEDIUMCVSS 5.4EG 5.42024-11-01
Missing Authorization vulnerability in Automattic Newspack Blocks newspack-blocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Newspack Blocks: from n/a through 3.0.8.
- CVE-2024-37427MEDIUMCVSS 5.3EG 5.32024-11-01
Missing Authorization vulnerability in Arraytics Timetics allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Timetics: from n/a through 1.0.21.
- CVE-2024-37439MEDIUMCVSS 5.4EG 5.42024-11-01
Missing Authorization vulnerability in Uncanny Owl Uncanny Toolkit Pro for LearnDash allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Uncanny Toolkit Pro for LearnDash: from n/a through 4.1.4.0
- CVE-2024-37440MEDIUMCVSS 4.3EG 4.32024-11-01
Missing Authorization vulnerability in andy_moyle Church Admin church-admin.This issue affects Church Admin: from n/a through <= 4.4.4.
- CVE-2024-37443MEDIUMCVSS 4.3EG 4.32024-11-01
Missing Authorization vulnerability in Automattic WP Job Manager - Resume Manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Job Manager - Resume Manager: from n/a through 2.1.0.
- CVE-2024-37444MEDIUMCVSS 5.3EG 5.32024-11-01
Missing Authorization vulnerability in WPMU DEV - Your All-in-One WordPress Platform Defender Security defender-security.This issue affects Defender Security: from n/a through <= 4.7.1.
- CVE-2024-37453MEDIUMCVSS 4.3EG 4.32024-11-01
Missing Authorization vulnerability in ProfileGrid User Profiles ProfileGrid allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ProfileGrid: from n/a through 5.8.7.
- CVE-2024-37456MEDIUMCVSS 5.3EG 5.32024-11-01
Missing Authorization vulnerability in Noptin Newsletter Noptin allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Noptin: from n/a through 3.4.2.
- CVE-2024-37463MEDIUMCVSS 5.3EG 5.32024-11-01
Missing Authorization vulnerability in CRM Perks CRM Perks Forms allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects CRM Perks Forms: from n/a through 1.1.5.
- CVE-2024-37468MEDIUMCVSS 5.3EG 5.32024-11-01
Missing Authorization vulnerability in blazethemes Newsmatic allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Newsmatic: from n/a through 1.3.1.
- CVE-2024-37470HIGHCVSS 8.2EG 8.22024-11-01
Missing Authorization vulnerability in WofficeIO Woffice Core allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Woffice Core: from n/a through 5.4.8.
- CVE-2024-37475MEDIUMCVSS 5.3EG 5.32024-11-01
Missing Authorization vulnerability in Automattic Newspack Newsletters allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Newspack Newsletters: from n/a through 2.13.2.
- CVE-2024-37477MEDIUMCVSS 6.5EG 6.52024-11-01
Missing Authorization vulnerability in Automattic Newspack Content Converter allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Newspack Content Converter: from n/a through 0.1.5.
- CVE-2024-37481MEDIUMCVSS 6.5EG 6.52024-11-01
Missing Authorization vulnerability in RadiusTheme The Post Grid the-post-grid.This issue affects The Post Grid: from n/a through <= 7.7.4.
- CVE-2024-37482MEDIUMCVSS 4.3EG 4.32024-11-01
Missing Authorization vulnerability in RadiusTheme The Post Grid the-post-grid.This issue affects The Post Grid: from n/a through <= 7.7.4.
- CVE-2024-37483MEDIUMCVSS 5.4EG 5.42024-11-01
Missing Authorization vulnerability in RadiusTheme The Post Grid the-post-grid.This issue affects The Post Grid: from n/a through <= 7.7.4.
- CVE-2024-37496MEDIUMCVSS 4.3EG 4.32026-06-17
Missing Authorization vulnerability in Rara Themes Metro Magazine allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Metro Magazine: from n/a through 1.3.7.
- CVE-2024-3750HIGHCVSS 8.8EG 8.82024-05-16
The Visualizer: Tables and Charts Manager for WordPress plugin for WordPress is vulnerable to unauthorized modification and retrieval of data due to a missing capability check on the getQueryData() function in all versions up to, and inclu…
- CVE-2024-37505MEDIUMCVSS 4.3EG 4.32024-11-01
Missing Authorization vulnerability in Rara Themes Business One Page allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Business One Page: from n/a through 1.2.9.
- CVE-2024-37506MEDIUMCVSS 5.3EG 5.32024-11-01
Missing Authorization vulnerability in Charitable Donations & Fundraising Team Charitable allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Charitable: from n/a through 1.8.1.7.
- CVE-2024-37510MEDIUMCVSS 6.5EG 6.52024-11-01
Missing Authorization vulnerability in Charitable Donations & Fundraising Team Charitable allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Charitable: from n/a through 1.8.1.7.
- CVE-2024-37516MEDIUMCVSS 6.3EG 6.32024-11-01
Missing Authorization vulnerability in fifu.App Featured Image from URL allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Featured Image from URL: from n/a through 4.8.2.
- CVE-2024-37517MEDIUMCVSS 4.3EG 4.32024-11-01
Missing Authorization vulnerability in Brainstorm Force Spectra allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Spectra: from n/a through 2.13.7.
- CVE-2024-37542MEDIUMCVSS 5.4EG 5.42024-07-06
Missing Authorization vulnerability in WpDevArt Responsive Image Gallery, Gallery Album.This issue affects Responsive Image Gallery, Gallery Album: from n/a through 2.0.3.
- CVE-2024-37544MEDIUMCVSS 4.3EG 4.32024-07-12
Missing Authorization vulnerability in Saleswonder Team: Tobias Get Better Reviews for WooCommerce more-better-reviews-for-woocommerce.This issue affects Get Better Reviews for WooCommerce: from n/a through <= 4.0.6.
- CVE-2024-3761HIGHCVSS 7.5EG 9.12024-05-20
In lunary-ai/lunary version 1.2.2, the DELETE endpoint located at `packages/backend/src/api/v1/datasets` is vulnerable to unauthorized dataset deletion due to missing authorization and authentication mechanisms. This vulnerability allows a…
- CVE-2024-37898MEDIUMCVSS 4.3EG 4.32024-07-31
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. When a user has view but not edit right on a page in XWiki, that user can delete the page and replace it by a page with new content wi…
- CVE-2024-37901CRITICALCVSS 9.9EG 9.92024-07-31
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user with edit right on any page can perform arbitrary remote code execution by adding instances of `XWiki.SearchSuggestConfig` an…
- CVE-2024-37903HIGHCVSS 8.2EG 8.22024-07-05
Mastodon is a self-hosted, federated microblogging platform. Starting in version 2.6.0 and prior to versions 4.1.18 and 4.2.10, by crafting specific activities, an attacker can extend the audience of a post they do not own to other Mastodo…
- CVE-2024-37921MEDIUMCVSS 5.3EG 5.32024-11-01
Missing Authorization vulnerability in Kiboko Labs Chained Quiz allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Chained Quiz: from n/a through 1.3.2.8.
- CVE-2024-37926MEDIUMCVSS 5.3EG 5.32024-11-01
Missing Authorization vulnerability in Alex Volkov WP Accessibility Helper (WAH) allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WP Accessibility Helper (WAH): from n/a through 0.6.2.9.
- CVE-2024-37929MEDIUMCVSS 6.3EG 6.32024-11-01
Missing Authorization vulnerability in solwin User Activity Log Pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects User Activity Log Pro: from n/a through 2.3.4.
- CVE-2024-37930MEDIUMCVSS 5.3EG 5.32024-08-12
Insertion of Sensitive Information into Log File vulnerability in ThemeSphere SmartMag smartmag-responsive-retina-wordpress-magazine.This issue affects SmartMag: from n/a through < 10.1.0.
- CVE-2024-37935HIGHCVSS 7.5EG 7.52024-08-13
Missing Authorization vulnerability in anhvnit Woocommerce OpenPos allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Woocommerce OpenPos: from n/a through 6.4.4.
- CVE-2024-38002CRITICALCVSS 9.0EG 9.02024-10-22
The workflow component in Liferay Portal 7.3.2 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, 7.4 GA through update 92 and 7.3 GA through update 36 does not properly check user permissions befo…
- CVE-2024-38179HIGHCVSS 8.8EG 8.82024-10-08
Azure Stack Hyperconverged Infrastructure (HCI) Elevation of Privilege Vulnerability
- CVE-2024-38190HIGHCVSS 8.6EG 8.62024-10-15
Missing authorization in Power Platform allows an unauthenticated attacker to view sensitive information through a network attack vector.
- CVE-2024-3821HIGHCVSS 7.3EG 7.32024-06-01
The wpDataTables – WordPress Data Table, Dynamic Tables & Table Charts Plugin plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several functions in the wdt_ajax_actions.php file in all versio…
- CVE-2024-38353MEDIUMCVSS 5.3EG 5.32024-07-10
CodiMD allows realtime collaborative markdown notes on all platforms. CodiMD before 2.5.4 is missing authentication and access control vulnerability allowing an unauthenticated attacker to gain unauthorised access to image data uploaded to…
- CVE-2024-38504MEDIUMCVSS 4.3EG 4.32024-06-18
In JetBrains YouTrack before 2024.2.34646 the Guest User Account was enabled for attaching files to articles
- CVE-2024-38506MEDIUMCVSS 6.3EG 6.32024-06-18
In JetBrains YouTrack before 2024.2.34646 user without appropriate permissions could enable the auto-attach option for workflows
- CVE-2024-3869MEDIUMCVSS 4.3EG 4.32024-04-16
The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'woocommerce_json_search_coupons' function . This makes it possible for attackers with subscrib…
- CVE-2024-38690MEDIUMCVSS 5.3EG 5.32024-11-01
Missing Authorization vulnerability in Avirtum iPanorama 360 WordPress Virtual Tour Builder allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects iPanorama 360 WordPress Virtual Tour Builder: from n/a through 1…
- CVE-2024-38695MEDIUMCVSS 4.3EG 4.32024-11-01
Missing Authorization vulnerability in Martin Gibson WP GoToWebinar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP GoToWebinar: from n/a through 15.6.
- CVE-2024-38699HIGHCVSS 7.5EG 7.52024-08-13
Missing Authorization vulnerability in WP Swings Wallet System for WooCommerce allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Wallet System for WooCommerce: from n/a through 2.5.13.
- CVE-2024-38702MEDIUMCVSS 5.3EG 5.32024-11-01
Missing Authorization vulnerability in Tyche Softwares Product Delivery Date for WooCommerce – Lite allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Product Delivery Date for WooCommerce – Lite: from n…
- CVE-2024-38707MEDIUMCVSS 6.3EG 6.32024-11-01
Missing Authorization vulnerability in WPDeveloper EmbedPress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects EmbedPress: from n/a through 4.0.4.
Map vulnerabilities like CWE-862 to your infrastructure
EchelonGraph correlates every CVE — across CWE-862 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →