CWE-862: Missing Authorization
The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
Yearly Trend
Top Affected Vendors
All Missing Authorization CVEs (3,053)
NVIDIA AIStore has an authentication vulnerability (CWE-862: Missing Authorization) that allows unauthenticated attackers to access sensitive informat...
Nov 11, 2025The Find Unused Images WordPress plugin has an authorization bypass vulnerability that allows unauthenticated attackers to delete all image attachment...
Nov 11, 2025The Add Multiple Marker WordPress plugin has missing capability checks in two functions, allowing unauthenticated attackers to reset maps and update m...
Nov 11, 2025The Course Booking System WordPress plugin allows unauthenticated attackers to directly access a CSV export file and download all booking data. This a...
Nov 8, 2025kgateway versions 2.0.4 and below and 2.1.0-agw-cel-rbac through 2.1.0-rc.2 lack authentication on the xDS port, allowing any client with network acce...
Nov 7, 2025This CVE describes a missing authorization vulnerability in the Kallyas WordPress theme that allows unauthorized users to access functionality or data...
Nov 6, 2025This CVE describes a Missing Authorization vulnerability in the Jthemes imEvent WordPress theme that allows attackers to access functionality not prop...
Nov 6, 2025This vulnerability in the Paid Membership Subscriptions WordPress plugin allows unauthenticated attackers to trigger stored auto-renew charges for arb...
Nov 5, 2025The DominoKit WordPress plugin has an authentication bypass vulnerability that allows unauthenticated attackers to modify plugin settings via an AJAX ...
Nov 4, 2025The Simple User Capabilities WordPress plugin has an authentication bypass vulnerability that allows unauthenticated attackers to reset any user's cap...
Nov 4, 2025This CVE describes a missing authorization vulnerability in the WP Snow Effect WordPress plugin that allows attackers to dismiss admin notices without...
Nov 3, 2025This vulnerability in the WP Legal Pages WordPress plugin allows unauthenticated attackers to disconnect a WordPress site from its API plan by exploit...
Nov 1, 2025The ERI File Library WordPress plugin up to version 1.1.0 has an authorization bypass vulnerability that allows unauthenticated attackers to download ...
Oct 31, 2025The RealPress WordPress plugin before version 1.1.0 has missing authorization checks in its REST API endpoints. This allows unauthenticated attackers ...
Oct 31, 2025This CVE describes a missing authorization vulnerability in the Masterstudy Elementor Widgets WordPress plugin that allows attackers to access functio...
Oct 29, 2025This CVE describes a missing authorization vulnerability in the WpEstate wpresidence WordPress theme that allows attackers to bypass access controls. ...
Oct 29, 2025This CVE describes a missing authorization vulnerability in the solwin Blog Designer PRO WordPress plugin that allows attackers to access functionalit...
Oct 29, 2025This CVE describes a missing authorization vulnerability in Facebook for WooCommerce plugin that allows attackers to exploit incorrectly configured ac...
Oct 29, 2025This CVE describes a missing authorization vulnerability in the Joovii Sendle Shipping WordPress plugin that allows attackers to access functionality ...
Oct 27, 2025This CVE describes a Missing Authorization vulnerability in the ζ²δΉζΆ ηΎεΊ¦η«ιΏSEOει WordPress plugin (also known as baiduseo). It allows a...
Oct 27, 2025This CVE describes a Missing Authorization vulnerability in the Link Whisper Free WordPress plugin that allows attackers to bypass access controls. It...
Oct 27, 2025This CVE describes a missing authorization vulnerability in the BuddyForms WordPress plugin that allows attackers to access functionality not properly...
Oct 27, 2025This vulnerability allows unauthorized users to access administrative functionality in the Coupon Affiliates WordPress plugin. Attackers can exploit m...
Oct 27, 2025The Social Feed Gallery WordPress plugin versions β€4.9.2 have an authorization bypass vulnerability that allows unauthenticated attackers to access ...
Oct 25, 2025The Product Filter by WBW WordPress plugin up to version 3.0.0 has a missing capability check on the 'approveNotice' action, allowing unauthenticated ...
Oct 25, 2025This vulnerability in Tutor LMS WordPress plugin allows unauthenticated attackers to bypass payment verification by forging webhook requests with 'rec...
Oct 25, 2025This vulnerability allows unauthenticated attackers to access the User Feedback plugin's onboarding wizard page in WordPress, exposing configuration i...
Oct 25, 2025The BackWPup WordPress plugin up to version 5.5.0 has an authorization vulnerability where authenticated users with Subscriber-level access or higher ...
Oct 25, 2025This vulnerability allows remote attackers to access Liferay's OpenAPI YAML file through a crafted URL, potentially exposing API documentation and int...
Oct 23, 2025This CVE describes a missing authorization vulnerability in the CoSchedule WordPress plugin that allows attackers to bypass access controls. Attackers...
Oct 22, 2025This vulnerability allows unauthorized users to access functionality that should be restricted by proper access controls in the Whydonate WordPress pl...
Oct 22, 2025This CVE describes a Missing Authorization vulnerability in the StellarWP WPComplete plugin for WordPress that allows attackers to access functionalit...
Oct 22, 2025The Zip Attachments plugin for WordPress has an authorization vulnerability that allows unauthenticated attackers to delete arbitrary files from the W...
Oct 15, 2025The Zip Attachments plugin for WordPress has an authorization bypass vulnerability that allows unauthenticated attackers to download attachments from ...
Oct 15, 2025The YourMembership SSO Login WordPress plugin has an authorization vulnerability that allows unauthenticated attackers to access profile data from the...
Oct 15, 2025This vulnerability allows unauthenticated attackers to delete data from the WhyDonate WordPress plugin's database table. It affects all WordPress site...
Oct 15, 2025PowerJob versions up to 5.1.2 have an authorization bypass vulnerability in the OpenAPIController's /openApi/runJob endpoint. This allows remote attac...
Oct 10, 2025PowerJob versions up to 5.1.2 have a missing authorization vulnerability in the /user/list endpoint that allows unauthorized access to user informatio...
Oct 10, 2025This CVE describes a missing authorization vulnerability in the WP Virtual Assistant WordPress plugin that allows attackers to bypass intended access ...
Sep 26, 2025This CVE describes a Missing Authorization vulnerability in the Yext WordPress plugin that allows attackers to access functionality not properly restr...
Sep 26, 2025This CVE describes a missing authorization vulnerability in the WEDOS Global WordPress plugin that allows attackers to access functionality not proper...
Sep 26, 2025This CVE describes a missing authorization vulnerability in the WP Directory Kit WordPress plugin that allows attackers to bypass access controls. It ...
Sep 26, 2025A missing authorization vulnerability in Ex-Themes WooEvents WordPress plugin allows attackers to bypass intended access controls. This affects all Wo...
Sep 26, 2025This CVE describes a Missing Authorization vulnerability in the guihom Wide Banner WordPress plugin that allows attackers to bypass access controls. A...
Sep 26, 2025The Featured Image from URL (FIFU) WordPress plugin has an authorization bypass vulnerability that allows unauthenticated attackers to read private an...
Sep 26, 2025This CVE describes a missing authorization vulnerability in the WordPress Custom Login URL plugin that allows attackers to bypass intended access cont...
Sep 22, 2025This CVE describes a Missing Authorization vulnerability in the Cecabank WooCommerce Plugin for WordPress. It allows attackers to exploit incorrectly ...
Sep 22, 2025This CVE describes a Missing Authorization vulnerability in the AppMySite WordPress plugin that allows attackers to bypass access controls. It affects...
Sep 22, 2025This CVE describes a Missing Authorization vulnerability in the Easy Quotes WordPress plugin that allows attackers to bypass intended access controls....
Sep 22, 2025This CVE describes a missing authorization vulnerability in the TI WooCommerce Wishlist WordPress plugin that allows attackers to bypass access contro...
Sep 22, 2025About Missing Authorization (CWE-862)
The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
Our database tracks 3,053 CVEs classified as CWE-862, with 228 rated critical and 859 rated high severity. The average CVSS score for Missing Authorization vulnerabilities is 6.3.
External reference: View CWE-862 on MITRE CWE →
Monitor Missing Authorization Vulnerabilities
Get alerted when new Missing Authorization CVEs affect your infrastructure.
Start Monitoring Free