CWE-862— Missing Authorization
The product does not perform an authorization check when an actor attempts to access a resource or perform an action.— MITRE CWE catalog
8,528 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-862page 80 of 171
- CVE-2024-38714MEDIUMCVSS 4.3EG 4.32024-11-01
Missing Authorization vulnerability in Epsiloncool WP Fast Total Search fulltext-search.This issue affects WP Fast Total Search: from n/a through <= 1.68.232.
- CVE-2024-38719MEDIUMCVSS 4.3EG 4.32024-11-01
Missing Authorization vulnerability in Creative Motion Auto Featured Image (Auto Post Thumbnail) allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Auto Featured Image (Auto Post Thumbnail): from n/a…
- CVE-2024-38721HIGHCVSS 7.1EG 7.12024-11-01
Missing Authorization vulnerability in spider-themes EazyDocs allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects EazyDocs: from n/a through 2.5.0.
- CVE-2024-38726HIGHCVSS 7.5EG 7.52024-11-01
Missing Authorization vulnerability in PickPlugins Product Designer allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Product Designer: from n/a through 1.0.33.
- CVE-2024-38727MEDIUMCVSS 4.3EG 4.32024-11-01
Missing Authorization vulnerability in Seraphinite Solutions Seraphinite Post .DOCX Source allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Seraphinite Post .DOCX Source: from n/a through 2.16.9.
- CVE-2024-38733MEDIUMCVSS 5.4EG 5.42024-11-01
Missing Authorization vulnerability in Meks Meks Video Importer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Meks Video Importer: from n/a through 1.0.12.
- CVE-2024-38737MEDIUMCVSS 5.4EG 5.42024-11-01
Missing Authorization vulnerability in Reservation Diary ReDi Restaurant Reservation allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects ReDi Restaurant Reservation: from n/a through 24.0422.
- CVE-2024-38740MEDIUMCVSS 5.4EG 5.42024-11-01
Missing Authorization vulnerability in Packlink Shipping S.L. Packlink PRO shipping module allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Packlink PRO shipping module: from n/a through 3.4.6.
- CVE-2024-38743MEDIUMCVSS 5.3EG 5.32024-11-01
Access Control vulnerability in Upqode Plum: Spin Wheel & Email Pop-up allows . This issue affects Plum: Spin Wheel & Email Pop-up: from n/a through 2.0.
- CVE-2024-38744HIGHCVSS 8.3EG 8.32024-11-01
Missing Authorization vulnerability in Upqode Plum: Spin Wheel & Email Pop-up allows Accessing Functionality Not Properly Constrained by ACLs, Stored XSS.This issue affects Plum: Spin Wheel & Email Pop-up: from n/a through 2.0.
- CVE-2024-38745MEDIUMCVSS 5.3EG 5.32024-11-01
Missing Authorization vulnerability in Rymera Web Co Wholesale Suite allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Wholesale Suite: from n/a through 2.1.12.
- CVE-2024-38748MEDIUMCVSS 5.3EG 5.32024-11-01
Access Control vulnerability in TheInnovs EleForms allows . This issue affects EleForms: from n/a through 2.9.9.9.
- CVE-2024-38769MEDIUMCVSS 5.3EG 5.32024-11-01
Missing Authorization vulnerability in Tyche Softwares Arconix Shortcodes allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Arconix Shortcodes: from n/a through 2.1.11.
- CVE-2024-38771MEDIUMCVSS 6.5EG 6.52024-11-01
Missing Authorization vulnerability in Vito Peleg Atarim atarim-visual-collaboration.This issue affects Atarim: from n/a through <= 4.0.
- CVE-2024-38774MEDIUMCVSS 5.4EG 5.42024-11-01
Missing Authorization vulnerability in SiteGround SiteGround Security allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SiteGround Security: from n/a through 1.5.0.
- CVE-2024-38777MEDIUMCVSS 6.5EG 6.52024-11-01
Missing Authorization vulnerability in CreativeMotion Titan Anti-spam & Security allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Titan Anti-spam & Security: from n/a through 7.3.6.
- CVE-2024-38783MEDIUMCVSS 5.3EG 5.32024-11-01
Missing Authorization vulnerability in Tyche Softwares Arconix FAQ allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Arconix FAQ: from n/a through 1.9.4.
- CVE-2024-38792MEDIUMCVSS 5.3EG 5.32024-11-01
Missing Authorization vulnerability in ConveyThis Translate Team Language Translate Widget for WordPress – ConveyThis allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Language Translate Widget for WordPr…
- CVE-2024-38794MEDIUMCVSS 5.3EG 5.32024-11-01
Missing Authorization vulnerability in MediaRon LLC Custom Query Blocks allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Custom Query Blocks: from n/a through 5.2.0.
- CVE-2024-38810MEDIUMCVSS 6.5EG 6.52024-08-20
Missing Authorization When Using @AuthorizeReturnObject in Spring Security 6.3.0 and 6.3.1 allows attacker to render security annotations inaffective.
- CVE-2024-3893MEDIUMCVSS 4.3EG 5.32024-04-25
The Classified Listing – Classified ads & Business Directory Plugin plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the rtcl_fb_gallery_image_delete AJAX action in all versions up to, …
- CVE-2024-3895HIGHCVSS 8.8EG 8.82024-05-02
The WP Datepicker plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wpdp_add_new_datepicker_ajax() function in all versions up to, and including, 2.1.0. This makes it possible …
- CVE-2024-3897MEDIUMCVSS 5.3EG 5.32024-05-02
The Popup Box – Best WordPress Popup Plugin plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the ays_pb_create_author AJAX action in all versions up to, and including, 4.3.6. This mak…
- CVE-2024-3915MEDIUMCVSS 5.3EG 5.32024-05-14
The Swift Framework plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the sf_edit_directory_item() function in all versions up to, and including, 2.7.31. This makes it possible for…
- CVE-2024-3932LOWCVSS 3.1EG 4.32024-04-18
A vulnerability classified as problematic has been found in Totara LMS up to 18.7. This affects an unknown part of the component User Selector. The manipulation leads to cross-site request forgery. It is possible to initiate the attack rem…
- CVE-2024-3936MEDIUMCVSS 4.3EG 4.32024-05-02
The The Post Grid – Shortcode, Gutenberg Blocks and Elementor Addon for Post Grid plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the rtTPGSaveSettings function in all versions…
- CVE-2024-3942MEDIUMCVSS 6.3EG 6.32024-05-02
The MasterStudy LMS WordPress Plugin – for Online Courses and Education plugin for WordPress is vulnerable to unauthorized access, modification, and loss of data due to a missing capability check on several functions in versions up to, a…
- CVE-2024-39546HIGHCVSS 7.3EG 7.32024-07-11
A Missing Authorization vulnerability in the Socket Intercept (SI) command file interface of Juniper Networks Junos OS Evolved allows an authenticated, low-privilege local attacker to modify certain files, allowing the attacker to cause an…
- CVE-2024-39591MEDIUMCVSS 4.3EG 4.32024-08-13
SAP Document Builder does not perform necessary authorization checks for one of the function modules resulting in escalation of privileges causing low impact on confidentiality of the application.
- CVE-2024-39592HIGHCVSS 7.7EG 7.72024-07-09
Elements of PDCE does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. This allows an attacker to read sensitive information causing high impact on the confidentiality of the a…
- CVE-2024-39596MEDIUMCVSS 4.3EG 4.32024-07-09
Due to missing authorization checks, SAP Enable Now allows an author to escalate privileges to access information which should otherwise be restricted. On successful exploitation, the attacker can cause limited impact on confidentiality of…
- CVE-2024-3961MEDIUMCVSS 5.3EG 5.32024-06-21
The ConvertKit – Email Newsletter, Email Marketing, Subscribers and Landing Pages plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the tag_subscriber function in all versions up…
- CVE-2024-39625MEDIUMCVSS 5.3EG 5.32024-11-01
Missing Authorization vulnerability in icegram Icegram allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Icegram: from n/a through 3.1.24.
- CVE-2024-39635MEDIUMCVSS 5.4EG 5.42024-11-01
Missing Authorization vulnerability in KaineLabs Youzify allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Youzify: from n/a through 1.2.6.
- CVE-2024-39640MEDIUMCVSS 6.5EG 6.52024-11-01
Missing Authorization vulnerability in QuadLayers WP Social Feed Gallery allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Social Feed Gallery: from n/a through 4.3.9.
- CVE-2024-39650HIGHCVSS 7.3EG 7.32024-11-01
Missing Authorization vulnerability in WPWeb Elite WooCommerce PDF Vouchers allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WooCommerce PDF Vouchers: from n/a through 4.9.4.
- CVE-2024-39654MEDIUMCVSS 5.3EG 5.32024-11-01
Missing Authorization vulnerability in Fetch Designs Sign-up Sheets sign-up-sheets.This issue affects Sign-up Sheets: from n/a through <= 2.2.12.
- CVE-2024-39664HIGHCVSS 7.3EG 7.32024-11-01
Missing Authorization vulnerability in YMC Filter & Grids allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Filter & Grids: from n/a through 2.8.33.
- CVE-2024-3976MEDIUMCVSS 6.5EG 6.52025-02-05
An issue has been discovered in GitLab CE/EE affecting all versions starting from 14.0 prior to 16.9.7, starting from 16.10 prior to 16.10.5, and starting from 16.11 prior to 16.11.2. It was possible to disclose via the UI the confidential…
- CVE-2024-39823MEDIUMCVSS 4.9EG 4.92024-08-14
Missing authorization in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow a privileged user to conduct an information disclosure via network access.
- CVE-2024-39824MEDIUMCVSS 4.9EG 4.92024-08-14
Missing authorization in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow a privileged user to conduct an information disclosure via network access.
- CVE-2024-4010HIGHCVSS 8.8EG 8.82024-05-15
The Email Subscribers by Icegram Express plugin for WordPress is vulnerable to unauthorized access of data, modification of data, and loss of data due to a missing capability check on the handle_ajax_request function in all versions up to,…
- CVE-2024-40650HIGHCVSS 7.8EG 7.82024-09-11
In wifi_item_edit_content of styles.xml , there is a possible FRP bypass due to Missing check for FRP state. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed fo…
- CVE-2024-40652HIGHCVSS 7.8EG 7.32024-09-11
In onCreate of SettingsHomepageActivity.java, there is a possible way to access the Settings app while the device is provisioning due to a missing permission check. This could lead to local escalation of privilege with no additional execut…
- CVE-2024-40661HIGHCVSS 7.8EG 7.82024-11-13
In mayAdminGrantPermission of AdminRestrictedPermissionsUtils.java, there is a possible way to access the microphone due to a missing permission check. This could lead to local escalation of privilege with no additional execution privilege…
- CVE-2024-40671HIGHCVSS 7.8EG 7.82024-11-13
In DevmemIntChangeSparse2 of devicemem_server.c, there is a possible way to achieve arbitrary code execution due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed…
- CVE-2024-40677HIGHCVSS 8.4EG 8.42025-01-28
In shouldSkipForInitialSUW of AdvancedPowerUsageDetail.java, there is a possible way to bypass factory reset protections due to a missing permission check. This could lead to local escalation of privilege with no additional execution privi…
- CVE-2024-40709HIGHCVSS 7.8EG 7.82024-09-07
A missing authorization vulnerability allows a local low-privileged user on the machine to escalate their privileges to root level.
- CVE-2024-40834MEDIUMCVSS 4.4EG 4.42024-07-29
This issue was addressed by adding an additional prompt for user consent. This issue is fixed in macOS Monterey 12.7.6, macOS Sonoma 14.6, macOS Ventura 13.6.8. A shortcut may be able to bypass sensitive Shortcuts app settings.
- CVE-2024-40839LOWCVSS 2.4EG 2.42025-01-15
This issue was addressed through improved state management. This issue is fixed in iOS 17.5 and iPadOS 17.5. An attacker with physical access to an iOS device may be able to view notification contents from the Lock Screen.
Map vulnerabilities like CWE-862 to your infrastructure
EchelonGraph correlates every CVE — across CWE-862 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →