CWE-862— Missing Authorization
The product does not perform an authorization check when an actor attempts to access a resource or perform an action.— MITRE CWE catalog
8,530 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-862page 86 of 171
- CVE-2024-52382CRITICALCVSS 9.8EG 9.82024-11-14
Missing Authorization vulnerability in medmatech Matix Popup Builder medma-matix allows Privilege Escalation.This issue affects Matix Popup Builder: from n/a through <= 1.0.0.
- CVE-2024-52383HIGHCVSS 7.5EG 7.52024-11-14
Missing Authorization vulnerability in aitool Ai Auto Tool Content Writing Assistant (Gemini Writer, ChatGPT ) All in One ai-auto-tool allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ai Auto Tool …
- CVE-2024-52391MEDIUMCVSS 5.3EG 5.32024-12-09
Missing Authorization vulnerability in Genetech Pie Register Premium.This issue affects Pie Register Premium: from n/a before 3.8.3.3.
- CVE-2024-52395MEDIUMCVSS 5.3EG 5.32024-11-19
Missing Authorization vulnerability in QuantumCloud Floating Buttons for WooCommerce shop-assistant-for-woocommerce-jarvis allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Floating Buttons for WooC…
- CVE-2024-52416CRITICALCVSS 10.0EG 10.02024-11-16
Missing Authorization vulnerability in Eugen Bobrowski Debug Tool debug-tool allows Upload a Web Shell to a Web Server.This issue affects Debug Tool: from n/a through <= 2.2.
- CVE-2024-5248MEDIUMCVSS 6.5EG 6.52024-06-06
In lunary-ai/lunary version 1.2.5, an improper access control vulnerability exists due to a missing permission check in the `GET /v1/users/me/org` endpoint. The platform's role definitions restrict the `Prompt Editor` role to prompt manage…
- CVE-2024-52480MEDIUMCVSS 5.3EG 5.32024-12-09
Missing Authorization vulnerability in Astoundify Jobify jobify.This issue affects Jobify: from n/a through < 4.3.0.
- CVE-2024-52485MEDIUMCVSS 6.5EG 6.52024-12-18
Missing Authorization vulnerability in Yudiz Solutions Ltd. WP Menu Image wp-menu-image allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Menu Image: from n/a through <= 2.2.
- CVE-2024-52500HIGHCVSS 7.2EG 7.22025-02-14
Missing Authorization vulnerability in monetagwp Monetag Official Plugin monetag-official allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Monetag Official Plugin: from n/a through <= 1.1.3.
- CVE-2024-52549MEDIUMCVSS 4.3EG 4.32024-11-13
Jenkins Script Security Plugin 1367.vdf2fc45f229c and earlier, except 1365.1367.va_3b_b_89f8a_95b_ and 1362.1364.v4cf2dc5d8776, does not perform a permission check in a method implementing form validation, allowing attackers with Overall/R…
- CVE-2024-52554HIGHCVSS 8.8EG 8.82024-11-13
Jenkins Shared Library Version Override Plugin 17.v786074c9fce7 and earlier declares folder-scoped library overrides as trusted, so that they're not executed in the Script Security sandbox, allowing attackers with Item/Configure permission…
- CVE-2024-52921MEDIUMCVSS 5.3EG 5.32024-11-18
In Bitcoin Core before 25.0, a peer can affect the download state of other peers by sending a mutated block.
- CVE-2024-5309MEDIUMCVSS 5.4EG 5.42024-09-05
The Form Vibes – Database Manager for Forms plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on the fv_export_csv, reset_settings, save_settings, save_columns_se…
- CVE-2024-5318MEDIUMCVSS 4.0EG 4.02024-05-24
An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.11 prior to 16.10.6, starting from 16.11 prior to 16.11.3, and starting from 17.0 prior to 17.0.1. A Guest user can view dependency lists of private proje…
- CVE-2024-5324HIGHCVSS 8.8EG 8.82024-06-06
Multiple plugins for WordPress utilizing the XootiX Framework are vulnerable to unauthorized modification of data due to a missing capability check on the 'import_settings' function in various versions. This makes it possible for authentic…
- CVE-2024-53258MEDIUMCVSS 5.3EG 5.32024-11-25
Autolab is a course management service that enables auto-graded programming assignments. From Autolab versions v.3.0.0 onward students can download all assignments from another student, as long as they are logged in, using the download_all…
- CVE-2024-5326HIGHCVSS 8.8EG 8.82024-05-30
The Post Grid Gutenberg Blocks and WordPress Blog Plugin – PostX plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'postx_presets_callback' function in all versions up to, an…
- CVE-2024-53298CRITICALCVSS 9.8EG 9.82025-06-20
Dell PowerScale OneFS, versions 9.5.0.0 through 9.10.0.1, contains a missing authorization vulnerability in the NFS export. An unauthenticated attacker with remote access could potentially exploit this vulnerability leading to unauthorized…
- CVE-2024-5331MEDIUMCVSS 4.3EG 4.32024-08-01
The Breakdance plugin for WordPress is vulnerable to unauthorized access of data in all versions up to, and including, 1.7.2. This makes it possible for authenticated attackers, with Contributor-level access and above, to export form submi…
- CVE-2024-53473HIGHCVSS 7.5EG 7.52024-12-07
WeGIA 3.2.0 before 3998672 does not verify permission to change a password.
- CVE-2024-53591CRITICALCVSS 9.8EG 9.82025-04-18
An issue in the login page of Seclore v3.27.5.0 allows attackers to bypass authentication via a brute force attack.
- CVE-2024-53605HIGHCVSS 7.5EG 7.52024-12-02
Incorrect access control in the component content://com.handcent.messaging.provider.MessageProvider/ of Handcent NextSMS v10.9.9.7 allows attackers to access sensitive data.
- CVE-2024-53708MEDIUMCVSS 5.3EG 5.32024-12-02
Missing Authorization vulnerability in kekotron AI Quiz ai-quiz allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects AI Quiz: from n/a through <= 1.1.
- CVE-2024-53784MEDIUMCVSS 4.3EG 4.32024-12-02
Missing Authorization vulnerability in E-goi Smart Marketing SMS and Newsletters Forms smart-marketing-for-wp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Smart Marketing SMS and Newsletters Fo…
- CVE-2024-53785MEDIUMCVSS 4.3EG 4.32024-12-09
Missing Authorization vulnerability in Alexander Volkov Chatter.This issue affects Chatter: from n/a through 1.0.1.
- CVE-2024-53795MEDIUMCVSS 5.3EG 5.32024-12-06
Missing Authorization vulnerability in andy_moyle Church Admin church-admin allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Church Admin: from n/a through <= 5.0.8.
- CVE-2024-53798MEDIUMCVSS 5.4EG 5.42024-12-09
Missing Authorization vulnerability in BAKKBONE Australia FloristPress bakkbone-florist-companion.This issue affects FloristPress: from n/a through <= 7.3.0.
- CVE-2024-53799MEDIUMCVSS 4.3EG 4.32024-12-06
Missing Authorization vulnerability in BAKKBONE Australia FloristPress bakkbone-florist-companion allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects FloristPress: from n/a through <= 7.3.0.
- CVE-2024-53803MEDIUMCVSS 6.5EG 6.52024-12-06
Missing Authorization vulnerability in brandtoss WP Mailster wp-mailster allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Mailster: from n/a through <= 1.8.16.0.
- CVE-2024-53805HIGHCVSS 7.5EG 7.52024-12-06
Missing Authorization vulnerability in brandtoss WP Mailster wp-mailster allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Mailster: from n/a through <= 1.8.16.0.
- CVE-2024-53806MEDIUMCVSS 5.4EG 5.42024-12-06
Missing Authorization vulnerability in yonifre Maspik – Spam blacklist contact-forms-anti-spam allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Maspik – Spam blacklist: from n/a through <= 2.2.…
- CVE-2024-53810CRITICALCVSS 9.1EG 9.12024-12-06
Missing Authorization vulnerability in N-Media Simple User Registration wp-registration allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Simple User Registration: from n/a through <= 5.5.
- CVE-2024-53813MEDIUMCVSS 6.5EG 6.52024-12-06
Missing Authorization vulnerability in WP Travel WP Travel wp-travel allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Travel: from n/a through <= 9.6.0.
- CVE-2024-53816MEDIUMCVSS 4.3EG 4.32024-12-09
Missing Authorization vulnerability in Themeum Tutor LMS Elementor Addons tutor-lms-elementor-addons.This issue affects Tutor LMS Elementor Addons: from n/a through <= 2.1.5.
- CVE-2024-53819MEDIUMCVSS 5.3EG 5.32024-12-09
Missing Authorization vulnerability in BoldGrid Client Invoicing by Sprout Invoices sprout-invoices.This issue affects Client Invoicing by Sprout Invoices: from n/a through <= 20.8.0.
- CVE-2024-5382MEDIUMCVSS 6.5EG 6.52024-06-07
The Master Addons – Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ma-template' REST API route i…
- CVE-2024-53825MEDIUMCVSS 4.7EG 4.72024-12-06
Missing Authorization vulnerability in Ninja Team Filebird filebird allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Filebird: from n/a through <= 6.3.2.
- CVE-2024-53826MEDIUMCVSS 5.3EG 5.32024-12-06
Missing Authorization vulnerability in WPSight WPCasa wpcasa allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WPCasa: from n/a through <= 1.2.13.
- CVE-2024-53938HIGHCVSS 8.8EG 8.82024-12-02
An issue was discovered in Victure RX1800 WiFi 6 Router (software EN_V1.0.0_r12_110933, hardware 1.0) devices. The TELNET service is enabled by default and exposed over the LAN. The root account is accessible without a password, allowing a…
- CVE-2024-54020LOWCVSS 2.3EG 2.32025-05-28
A missing authorization in Fortinet FortiManager versions 7.2.0 through 7.2.1, and versions 7.0.0 through 7.0.7 may allow an authenticated attacker to overwrite global threat feeds via crafted update requests.
- CVE-2024-54153LOWCVSS 3.1EG 3.12024-12-04
In JetBrains YouTrack before 2024.3.51866 unauthenticated database backup download was possible via vulnerable query parameter
- CVE-2024-54155LOWCVSS 3.7EG 3.72024-12-04
In JetBrains YouTrack before 2024.3.51866 improper access control allowed listing of project names during app import without authentication
- CVE-2024-54217MEDIUMCVSS 5.4EG 5.42024-12-09
Missing Authorization vulnerability in reputeinfosystems ARForms arforms.This issue affects ARForms: from n/a through <= 6.4.1.
- CVE-2024-54218MEDIUMCVSS 6.5EG 6.52024-12-09
Missing Authorization vulnerability in thehp AIO Contact aio-contact.This issue affects AIO Contact: from n/a through <= 2.8.1.
- CVE-2024-54222MEDIUMCVSS 4.3EG 4.32026-02-20
Missing Authorization vulnerability in Seraphinite Solutions Seraphinite Accelerator seraphinite-accelerator allows Retrieve Embedded Sensitive Data.This issue affects Seraphinite Accelerator: from n/a through <= 2.22.15.
- CVE-2024-54227MEDIUMCVSS 4.3EG 4.32024-12-09
Missing Authorization vulnerability in Dotstore Minimum and Maximum Quantity for WooCommerce min-and-max-quantity-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Minimum and Maximu…
- CVE-2024-54239CRITICALCVSS 9.8EG 9.82024-12-13
Missing Authorization vulnerability in dugudlabs Eyewear prescription form eyewear-prescription-form allows Privilege Escalation.This issue affects Eyewear prescription form: from n/a through <= 4.0.18.
- CVE-2024-54241MEDIUMCVSS 6.5EG 6.52024-12-13
Missing Authorization vulnerability in Appsbd Elite Notification – Sales Popup, Social Proof, FOMO & WooCommerce Notification allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Elite Notification �…
- CVE-2024-54242MEDIUMCVSS 6.5EG 6.52024-12-13
Missing Authorization vulnerability in appsbd Simple Notification simple-notification allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simple Notification: from n/a through <= 1.3.
- CVE-2024-54251MEDIUMCVSS 6.5EG 6.52024-12-09
Missing Authorization vulnerability in prodigycommerce Prodigy Commerce prodigy-commerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Prodigy Commerce: from n/a through <= 3.1.2.
Map vulnerabilities like CWE-862 to your infrastructure
EchelonGraph correlates every CVE — across CWE-862 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →