CWE-862: Missing Authorization
The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
Yearly Trend
Top Affected Vendors
All Missing Authorization CVEs (2,994)
This vulnerability in Jenkins allows agents to create arbitrary symbolic links on the controller file system during archive extraction. Attackers with...
Nov 4, 2021This vulnerability in Jenkins allows agents to create arbitrary directories on the controller's filesystem without proper access control. Attackers wi...
Nov 4, 2021This vulnerability in D-Link DIR-823G routers allows attackers to cause denial of service (DoS) by exploiting an unspecified issue in the firmware upl...
Nov 4, 2021BaiCloud-cms v2.5.7 has an arbitrary file deletion vulnerability in /user/ppsave.php, allowing attackers to delete any files on the server. This affec...
Sep 30, 2021CVE-2020-25359 is an arbitrary file deletion vulnerability in rConfig that allows attackers to delete all files with a specific extension in any direc...
Aug 20, 2021CVE-2020-19038 is a file deletion vulnerability in Halo blogging platform that allows attackers to delete arbitrary files on the server via the delBac...
Jul 12, 2021CVE-2018-10866 is an authorization bypass vulnerability in Red Hat Certification 7 that allows unauthenticated attackers to delete system XML files co...
May 26, 2021CVE-2021-28154 is a high-severity vulnerability in Camunda Modeler that allows arbitrary file read/write access through a crafted IPC message. Attacke...
Mar 11, 2021This vulnerability in XWiki allows attackers to gain programming rights through a privilege escalation attack. An attacker with edit rights can create...
Apr 30, 2025In XWiki Platform, users with only edit rights can join realtime editing sessions and insert script rendering macros that execute for users with scrip...
Jan 14, 2025This vulnerability allows remote authenticated users to modify workflow definitions in Liferay Portal/DXP, leading to arbitrary code execution (RCE). ...
Oct 22, 2024The Frontend File Manager WordPress plugin allows unauthenticated attackers to download arbitrary files from vulnerable websites due to missing authen...
Jun 7, 2023CVE-2025-68920 is a critical vulnerability in C-Kermit that allows a remote Kermit system to overwrite files on the local system or retrieve arbitrary...
Dec 24, 2025This vulnerability allows authenticated remote attackers to hijack existing HTML5 connections in Ivanti secure access products. It affects organizatio...
Sep 9, 2025The WowOptin WordPress plugin allows authenticated attackers with Subscriber-level access or higher to install and activate arbitrary plugins without ...
Mar 5, 2026This vulnerability in JetBrains YouTrack allows applications to send unauthorized requests to the app permissions endpoint, potentially enabling privi...
Feb 25, 2026OpenEMR versions before 8.0.0 contain a broken access control vulnerability that allows low-privilege users (like Receptionist role) to add and modify...
Feb 25, 2026Dell Wyse Management Suite versions before 5.5 have a missing authorization vulnerability that allows low-privileged remote attackers to elevate their...
Feb 24, 2026Dell Unisphere for PowerMax versions 10.2 contain a missing authorization vulnerability that allows low-privileged remote attackers to gain unauthoriz...
Feb 19, 2026The WP AUDIO GALLERY WordPress plugin up to version 2.0 allows authenticated attackers with subscriber-level access or higher to overwrite the site's ...
Feb 19, 2026This vulnerability allows authenticated WordPress users with Subscriber-level access or higher to access plugin table data containing email logs. Atta...
Feb 19, 2026Centova Cast 3.2.11 contains an arbitrary file download vulnerability in the server.copyfile API endpoint. Authenticated attackers can exploit this to...
Feb 18, 2026The WowRevenue WordPress plugin allows authenticated attackers with subscriber-level access or higher to install arbitrary plugins due to missing capa...
Feb 16, 2026This vulnerability allows any authenticated low-privileged user in eNet SMART HOME server to reset passwords of any account, including administrators,...
Feb 15, 2026This vulnerability in the Starfish Review Generation & Marketing WordPress plugin allows authenticated attackers with Subscriber-level access or highe...
Feb 13, 2026CVE-2025-15330 is an improper input validation vulnerability in Tanium Deploy that could allow attackers to execute arbitrary code or commands. This a...
Feb 5, 2026This vulnerability in Devtron allows any authenticated user, including low-privileged CI/CD developers, to retrieve the global API token signing key. ...
Feb 4, 2026This vulnerability allows authenticated WordPress users with Subscriber-level access or higher to bypass authentication and gain Administrator privile...
Jan 28, 2026This CVE describes a Missing Authorization vulnerability in the uPress Booter WordPress plugin's bots-crawlers-manager component that allows attackers...
Jan 23, 2026This CVE describes a Missing Authorization vulnerability in the WordPress plugin 'The Grid' that allows attackers to bypass access controls. It affect...
Jan 22, 2026This CVE describes a Missing Authorization vulnerability in the EventPrime WordPress plugin that allows attackers to bypass access controls. It affect...
Jan 22, 2026This CVE describes a Missing Authorization vulnerability in the Roxnor GetGenie WordPress plugin that allows attackers to bypass access controls. Atta...
Jan 22, 2026This CVE describes a Missing Authorization vulnerability in the Quiz And Survey Master WordPress plugin that allows attackers to bypass access control...
Jan 22, 2026This CVE describes a Missing Authorization vulnerability in the Golo WordPress theme that allows attackers to bypass access controls. It affects all v...
Jan 22, 2026This CVE describes a Missing Authorization vulnerability in the BD Courier Order Ratio Checker WordPress plugin that allows attackers to bypass access...
Jan 22, 2026This CVE describes a Missing Authorization vulnerability in the Easy Form Builder WordPress plugin that allows attackers to bypass access controls. It...
Jan 22, 2026This CVE describes a Missing Authorization vulnerability in the merkulove Imager for Elementor WordPress plugin that allows attackers to bypass access...
Jan 22, 2026This CVE describes a missing authorization vulnerability in the Carter for Elementor WordPress plugin that allows attackers to bypass access controls....
Jan 22, 2026This CVE describes a Missing Authorization vulnerability in the Searcher for Elementor WordPress plugin that allows attackers to bypass access control...
Jan 22, 2026This CVE describes a Missing Authorization vulnerability in the Motionger for Elementor WordPress plugin that allows attackers to bypass access contro...
Jan 22, 2026This CVE describes a Missing Authorization vulnerability in the WP-CRM System WordPress plugin that allows attackers to bypass access controls and per...
Jan 22, 2026This CVE describes a Missing Authorization vulnerability in the Bard WordPress theme that allows attackers to bypass access controls. It affects all B...
Jan 22, 2026This CVE describes a missing authorization vulnerability in the Ninetheme Electron WordPress theme that allows attackers to bypass access controls. It...
Jan 22, 2026This CVE describes a Missing Authorization vulnerability in the Jthemes xSmart WordPress theme that allows attackers to bypass access controls. Attack...
Jan 22, 2026This CVE describes a missing authorization vulnerability in the HomeLancer WordPress theme that allows attackers to bypass access controls. Attackers ...
Jan 22, 2026This vulnerability allows authenticated WordPress users with contributor-level access or higher to modify arbitrary WordPress options due to missing c...
Jan 20, 2026This CVE describes a missing authorization vulnerability in the Fluent Support WordPress plugin that allows attackers to bypass access controls. Attac...
Jan 8, 2026This vulnerability allows attackers who convince users to install malicious Chrome extensions to inject scripts or HTML into privileged pages through ...
Jan 7, 2026This CVE describes a Missing Authorization vulnerability in the Eagle Booking WordPress plugin that allows attackers to change plugin settings without...
Dec 30, 2025This CVE describes a Missing Authorization vulnerability in the HomeFix Elementor Portfolio WordPress plugin that allows attackers to bypass access co...
Dec 30, 2025About Missing Authorization (CWE-862)
The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
Our database tracks 2,994 CVEs classified as CWE-862, with 212 rated critical and 816 rated high severity. The average CVSS score for Missing Authorization vulnerabilities is 6.2.
External reference: View CWE-862 on MITRE CWE →
Monitor Missing Authorization Vulnerabilities
Get alerted when new Missing Authorization CVEs affect your infrastructure.
Start Monitoring Free