CWE-862— Missing Authorization
The product does not perform an authorization check when an actor attempts to access a resource or perform an action.— MITRE CWE catalog
8,529 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-862page 82 of 171
- CVE-2024-4317LOWCVSS 3.1EG 3.12024-05-14
Missing authorization in PostgreSQL built-in views pg_stats_ext and pg_stats_ext_exprs allows an unprivileged database user to read most common values and other statistics from CREATE STATISTICS commands of other users. The most common val…
- CVE-2024-4319MEDIUMCVSS 5.3EG 5.32024-06-11
The Advanced Contact form 7 DB plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'vsz_cf7_export_to_excel' function in versions up to, and including, 2.0.2. This makes it possible fo…
- CVE-2024-43208MEDIUMCVSS 4.3EG 4.32024-11-01
Missing Authorization vulnerability in Matt Miller Send Emails with Mandrill send-emails-with-mandrill allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Send Emails with Mandrill: from n/a through <…
- CVE-2024-43209MEDIUMCVSS 6.5EG 6.52024-11-01
Missing Authorization vulnerability in Bitly allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Bitly: from n/a through 2.7.2.
- CVE-2024-43212HIGHCVSS 7.5EG 7.52024-11-01
Missing Authorization vulnerability in MagePeople Team WpTravelly allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WpTravelly: from n/a through 1.7.7.
- CVE-2024-43214MEDIUMCVSS 5.3EG 5.32024-08-26
Missing Authorization vulnerability in Saad Iqbal myCred mycred.This issue affects myCred: from n/a through <= 2.7.2.
- CVE-2024-43215MEDIUMCVSS 4.3EG 4.32024-11-01
Missing Authorization vulnerability in creativemotion Social Slider Feed allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Social Slider Feed: from n/a through 2.2.2.
- CVE-2024-43219MEDIUMCVSS 5.3EG 5.32024-11-01
Missing Authorization vulnerability in ووکامرس فارسی Persian WooCommerce allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Persian WooCommerce: from n/a through 7.1.6.
- CVE-2024-43222CRITICALCVSS 9.8EG 9.82024-12-09
Missing Authorization vulnerability in SeventhQueen Sweet Date sweetdate allows Privilege Escalation.This issue affects Sweet Date: from n/a through <= 3.7.3.
- CVE-2024-43223MEDIUMCVSS 4.3EG 4.32024-11-01
Missing Authorization vulnerability in EventPrime Events EventPrime allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects EventPrime: from n/a through 4.0.3.2.
- CVE-2024-43228MEDIUMCVSS 5.3EG 5.32026-02-20
Missing Authorization vulnerability in SecuPress SecuPress Free secupress.This issue affects SecuPress Free: from n/a through <= 2.2.5.3.
- CVE-2024-43229MEDIUMCVSS 4.3EG 4.32024-11-01
Missing Authorization vulnerability in Cornel Raiu WP Search Analytics search-analytics.This issue affects WP Search Analytics: from n/a through <= 1.4.9.
- CVE-2024-43235HIGHCVSS 7.1EG 7.12024-11-01
Missing Authorization vulnerability in MetaBox.Io Meta Box – WordPress Custom Fields Framework allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Meta Box – WordPress Custom Fields Framework: fro…
- CVE-2024-43247HIGHCVSS 8.8EG 8.82024-08-19
Missing Authorization vulnerability in creativeon WHMpress allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WHMpress: from n/a through 6.2-revision-5.
- CVE-2024-43253MEDIUMCVSS 5.3EG 5.32024-11-01
Missing Authorization vulnerability in ZAYTECH Smart Online Order for Clover clover-online-orders.This issue affects Smart Online Order for Clover: from n/a through <= 1.5.6.
- CVE-2024-43254MEDIUMCVSS 4.3EG 4.32024-11-01
Missing Authorization vulnerability in ZAYTECH Smart Online Order for Clover clover-online-orders.This issue affects Smart Online Order for Clover: from n/a through <= 1.5.6.
- CVE-2024-43256HIGHCVSS 7.1EG 7.12024-08-19
Missing Authorization vulnerability in nouthemes Leopard - WordPress offload media allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Leopard - WordPress offload media: from n/a through 2.0.36.
- CVE-2024-43260MEDIUMCVSS 5.4EG 5.42024-11-01
Missing Authorization vulnerability in Creative Motion Clearfy Cache allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Clearfy Cache: from n/a through 2.2.4.
- CVE-2024-43268MEDIUMCVSS 5.4EG 5.42024-11-01
Access Control vulnerability in WPBackItUp Backup and Restore WordPress allows . This issue affects Backup and Restore WordPress: from n/a through 1.50.
- CVE-2024-43270MEDIUMCVSS 5.3EG 5.32024-11-01
Missing Authorization vulnerability in WPBackItUp Backup and Restore WordPress allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Backup and Restore WordPress: from n/a through 1.50.
- CVE-2024-43273MEDIUMCVSS 5.4EG 5.42024-11-01
Missing Authorization vulnerability in icegram Icegram Collect plugin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Icegram Collect plugin: from n/a through 1.3.14.
- CVE-2024-43274MEDIUMCVSS 5.8EG 5.82024-11-01
Missing Authorization vulnerability in JS Help Desk JS Help Desk – Best Help Desk & Support Plugin allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects JS Help Desk – Best Help Desk & Support Plugin: from …
- CVE-2024-43277MEDIUMCVSS 5.3EG 5.32024-11-01
Missing Authorization vulnerability in AyeCode Ltd UsersWP allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects UsersWP: from n/a through 1.2.15.
- CVE-2024-43285MEDIUMCVSS 6.3EG 6.32024-11-01
Missing Authorization vulnerability in Presto Made, Inc Presto Player allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Presto Player: from n/a through 3.0.2.
- CVE-2024-43290MEDIUMCVSS 5.3EG 5.32024-11-01
Missing Authorization vulnerability in Vito Peleg Atarim atarim-visual-collaboration.This issue affects Atarim: from n/a through <= 4.0.1.
- CVE-2024-43293MEDIUMCVSS 4.3EG 4.32024-11-01
Missing Authorization vulnerability in WPZOOM Recipe Card Blocks for Gutenberg & Elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Recipe Card Blocks for Gutenberg & Elementor: from n/a th…
- CVE-2024-43296MEDIUMCVSS 4.3EG 4.32024-11-01
Missing Authorization vulnerability in bPlugins LLC Flash & HTML5 Video allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Flash & HTML5 Video: from n/a through 2.5.30.
- CVE-2024-43297MEDIUMCVSS 4.3EG 4.32024-11-01
Missing Authorization vulnerability in Migrate Clone allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Clone: from n/a through 2.4.5.
- CVE-2024-43298MEDIUMCVSS 4.3EG 4.32024-11-01
Missing Authorization vulnerability in Migrate Clone allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Clone: from n/a through 2.4.5.
- CVE-2024-43302MEDIUMCVSS 4.3EG 4.32024-11-01
Missing Authorization vulnerability in Fonts Plugin Fonts allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Fonts: from n/a through 3.7.7.
- CVE-2024-43310MEDIUMCVSS 6.5EG 6.52024-11-01
Missing Authorization vulnerability in UkrSolution Print Barcode Labels for your WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Print Barcode Labels for your WooCommerce products/orde…
- CVE-2024-43312MEDIUMCVSS 5.4EG 5.42024-11-01
Missing Authorization vulnerability in WPClever WPC Frequently Bought Together for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPC Frequently Bought Together for WooCommerce: from …
- CVE-2024-43314MEDIUMCVSS 4.3EG 4.32024-11-01
Missing Authorization vulnerability in Gabe Livan Asset CleanUp: Page Speed Booster allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Asset CleanUp: Page Speed Booster: from n/a through 1.3.9.3.
- CVE-2024-43323MEDIUMCVSS 5.3EG 5.32024-11-01
Missing Authorization vulnerability in ReviewX ReviewX allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ReviewX: from n/a through 1.6.28.
- CVE-2024-43326MEDIUMCVSS 5.4EG 5.42024-08-19
Missing Authorization vulnerability in Jamie Bergen Plugin Notes Plus allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Plugin Notes Plus: from n/a through 1.2.7.
- CVE-2024-43331MEDIUMCVSS 5.3EG 5.32024-08-22
Missing Authorization vulnerability in VeronaLabs WP SMS.This issue affects WP SMS: from n/a through 6.9.3.
- CVE-2024-43332MEDIUMCVSS 4.3EG 4.32024-11-01
Missing Authorization vulnerability in Jordy Meow Photo Engine allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Photo Engine: from n/a through 6.4.0.
- CVE-2024-43341MEDIUMCVSS 6.5EG 6.52024-11-01
Missing Authorization vulnerability in CozyThemes Hello Agency allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Hello Agency: from n/a through 1.0.5.
- CVE-2024-43343MEDIUMCVSS 4.3EG 4.32024-11-01
Missing Authorization vulnerability in Etoile Web Design Order Tracking allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Order Tracking: from n/a through 3.3.12.
- CVE-2024-43355MEDIUMCVSS 4.3EG 4.32024-11-01
Missing Authorization vulnerability in BearDev JoomSport allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JoomSport: from n/a through 5.3.0.
- CVE-2024-43401CRITICALCVSS 9.0EG 9.02024-08-19
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. A user without script/programming right can trick a user with elevated rights to edit a content with a malicious payload using a WYSIW…
- CVE-2024-4341MEDIUMCVSS 6.5EG 7.22024-07-08
Authorization Bypass Through User-Controlled Key, Missing Authorization vulnerability in ExtremePacs Extreme XDS allows Collect Data as Provided by Users. This issue affects Extreme XDS: before 3928.
- CVE-2024-43431HIGHCVSS 7.5EG 7.52024-11-07
A vulnerability was found in Moodle. Insufficient capability checks made it possible to delete badges that a user does not have permission to access.
- CVE-2024-4351HIGHCVSS 8.8EG 8.82024-05-16
The Tutor LMS Pro plugin for WordPress is vulnerable to unauthorized access of data, modification of data, loss of data due to a missing capability check on the 'authenticate' function in all versions up to, and including, 2.7.0. This make…
- CVE-2024-4352HIGHCVSS 8.8EG 8.82024-05-16
The Tutor LMS Pro plugin for WordPress is vulnerable to unauthorized access of data, modification of data, loss of data due to a missing capability check on the 'get_calendar_materials' function. The plugin is also vulnerable to SQL Inject…
- CVE-2024-4355MEDIUMCVSS 4.3EG 4.32024-05-30
The Block Bad Bots and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the stopbadbots_get_ajax_data() function in all versi…
- CVE-2024-43662MEDIUMCVSS 5.3EG 5.32025-01-09
The <redacted>.exe or <redacted>.exe CGI binary can be used to upload arbitrary files to /tmp/upload/ or /tmp/ respectively as any user, although the user interface for uploading files is only shown to the iocadmin user. This issue affect…
- CVE-2024-43919MEDIUMCVSS 5.3EG 5.32024-11-01
Access Control vulnerability in YARPP YARPP allows . This issue affects YARPP: from n/a through 5.30.10.
- CVE-2024-43923MEDIUMCVSS 5.3EG 5.32024-11-01
Missing Authorization vulnerability in Arraytics Timetics allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Timetics: from n/a through 1.0.23.
- CVE-2024-43924MEDIUMCVSS 5.3EG 5.32024-10-23
Missing Authorization vulnerability in dFactory Responsive Lightbox allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Responsive Lightbox: from n/a through 2.4.7.
Map vulnerabilities like CWE-862 to your infrastructure
EchelonGraph correlates every CVE — across CWE-862 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →