CWE-862: Missing Authorization
The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
Yearly Trend
Top Affected Vendors
All Missing Authorization CVEs (3,074)
This CVE describes a Missing Authorization vulnerability in the wishfulthemes Email Capture & Lead Generation WordPress plugin that allows attackers t...
Jan 16, 2025This CVE describes a missing authorization vulnerability in the August Infotech AI Responsive Gallery Album WordPress plugin. It allows attackers to b...
Jan 16, 2025This CVE describes a Missing Authorization vulnerability in the SendGrid for WordPress plugin that allows attackers to exploit incorrectly configured ...
Jan 16, 2025This CVE describes a missing authorization vulnerability in the Button Block WordPress plugin that allows attackers to access functionality not proper...
Jan 15, 2025This CVE describes a Missing Authorization vulnerability in the WP News Sliders WordPress plugin that allows attackers to exploit incorrectly configur...
Jan 15, 2025The NitroPack WordPress plugin has an authorization vulnerability that allows authenticated users with subscriber-level access or higher to modify arb...
Jan 15, 2025CVE-2025-0068 is an authorization bypass vulnerability in SAP NetWeaver Application Server ABAP where obsolete functionality lacks proper access contr...
Jan 14, 2025This CVE describes a Missing Authorization vulnerability in the WordPress Title Experiments Free plugin that allows attackers to bypass access control...
Jan 9, 2025This vulnerability allows unauthorized users to manipulate the status of issues in public GitLab projects. It affects GitLab Community Edition (CE) an...
Jan 8, 2025This CVE describes a Missing Authorization vulnerability in the MashShare WordPress plugin that allows unauthorized users to perform actions intended ...
Jan 7, 2025This CVE describes a missing authorization vulnerability in the Lenderd 1003 Mortgage Application WordPress plugin that allows unauthorized users to a...
Jan 7, 2025This CVE describes a Missing Authorization vulnerability in the spacecodes AI for SEO WordPress plugin that allows attackers to exploit incorrectly co...
Jan 7, 2025This CVE describes a missing authorization vulnerability in WPForms Contact Form plugin that allows attackers to bypass access controls and perform un...
Jan 7, 2025This vulnerability allows attackers to bypass authorization controls in the WP SecureSubmit WordPress plugin, potentially accessing functionality or d...
Jan 7, 2025The FancyPost WordPress plugin has an authorization vulnerability that allows authenticated users with Subscriber-level access or higher to export sho...
Jan 7, 2025This CVE describes a missing authorization vulnerability in the 10WebAnalytics WordPress plugin that allows attackers to bypass access controls. It af...
Jan 2, 2025This CVE describes a missing authorization vulnerability in the Gallery Images Ape WordPress plugin that allows attackers to exploit incorrectly confi...
Jan 2, 2025This CVE describes a Missing Authorization vulnerability in the AyeCode Connect WordPress plugin that allows attackers to exploit incorrectly configur...
Jan 2, 2025This CVE describes a Missing Authorization vulnerability in the Hestia Nginx Cache WordPress plugin that allows attackers to exploit incorrectly confi...
Jan 2, 2025This CVE describes a Missing Authorization vulnerability in Flothemes Flo Forms WordPress plugin that allows attackers to bypass access controls. It a...
Jan 2, 2025This CVE describes a missing authorization vulnerability in the WordPress Visitors Traffic Real Time Statistics plugin that allows attackers to bypass...
Jan 2, 2025This CVE describes a Missing Authorization vulnerability in the codedrafty Mediabay WordPress plugin that allows attackers to bypass access controls. ...
Jan 2, 2025This CVE describes a Missing Authorization vulnerability in the WP Word Count WordPress plugin that allows attackers to exploit incorrectly configured...
Jan 2, 2025This CVE describes a Missing Authorization vulnerability in the Just Custom Fields WordPress plugin that allows attackers to exploit incorrectly confi...
Jan 2, 2025This CVE describes a Missing Authorization vulnerability in the WordPress ApplyOnline plugin that allows attackers to bypass access controls. It affec...
Jan 2, 2025This CVE describes a Missing Authorization vulnerability in the wpDiscuz WordPress plugin that allows attackers to exploit incorrectly configured acce...
Jan 2, 2025This CVE describes a missing authorization vulnerability in the weDevs WP User Frontend WordPress plugin that allows attackers to bypass access contro...
Jan 2, 2025This CVE describes a missing authorization vulnerability in the Bold Timeline Lite WordPress plugin that allows attackers to exploit incorrectly confi...
Jan 2, 2025This CVE describes a Missing Authorization vulnerability in the Paytium WordPress plugin that allows unauthorized users to access functionality intend...
Dec 31, 2024This CVE describes a missing authorization vulnerability in WooCommerce Subscriptions that allows attackers to exploit incorrectly configured access c...
Dec 31, 2024This CVE describes a Missing Authorization vulnerability in the WordPress Member Directory and Contact Form plugin that allows unauthorized users to a...
Dec 31, 2024This CVE describes a Missing Authorization vulnerability in the WordPress Widget Options plugin that allows attackers to exploit incorrectly configure...
Dec 31, 2024This vulnerability allows authenticated WordPress users with Subscriber-level access or higher to view all form submissions from other users. The issu...
Dec 25, 2024This vulnerability allows authenticated WordPress users with Subscriber-level access or higher to remove the shop logo from WooCommerce delivery notes...
Dec 24, 2024The File Manager Pro – Filester WordPress plugin has an authorization bypass vulnerability that allows authenticated users with Subscriber-level per...
Dec 19, 2024CVE-2024-56003 is a missing authorization vulnerability in the Caldera SMTP Mailer WordPress plugin that allows attackers to perform unauthorized acti...
Dec 16, 2024This CVE describes a missing authorization vulnerability in the Falcon WordPress plugin that allows attackers to exploit incorrectly configured access...
Dec 16, 2024This CVE describes a Missing Authorization vulnerability in the Bill Minozzi Car Dealer WordPress plugin that allows attackers to bypass access contro...
Dec 13, 2024This CVE describes a missing authorization vulnerability in the SiteOrigin Widgets Bundle WordPress plugin that allows attackers to exploit incorrectl...
Dec 13, 2024This CVE describes a missing authorization vulnerability in rtMedia for WordPress, BuddyPress and bbPress that allows attackers to exploit incorrectly...
Dec 13, 2024CVE-2023-41865 is a missing authorization vulnerability in the bqworks Slider Pro WordPress plugin that allows attackers to exploit incorrectly config...
Dec 13, 2024This vulnerability allows attackers to bypass authorization controls in WP Accessibility Helper (WAH) WordPress plugin, potentially accessing restrict...
Dec 13, 2024This vulnerability allows attackers to bypass authorization controls in the miniOrange SAML SP Single Sign On WordPress plugin, potentially accessing ...
Dec 13, 2024This CVE describes a Missing Authorization vulnerability in the Team Heateor Super Socializer WordPress plugin that allows attackers to exploit incorr...
Dec 13, 2024This CVE describes a Missing Authorization vulnerability in the ReviewX WordPress plugin that allows attackers to bypass access controls and perform u...
Dec 13, 2024This CVE describes a Missing Authorization vulnerability in the MailChimp Forms by MailMunch WordPress plugin that allows attackers to exploit incorre...
Dec 13, 2024This CVE describes a Missing Authorization vulnerability in the bqworks Accordion Slider WordPress plugin that allows attackers to exploit incorrectly...
Dec 13, 2024This CVE describes a Missing Authorization vulnerability in the Social Share Icons & Social Share Buttons WordPress plugin that allows attackers to ex...
Dec 13, 2024This CVE describes a missing authorization vulnerability in SolidWP iThemes Sync WordPress plugin that allows attackers to bypass access controls. It ...
Dec 13, 2024This CVE describes a missing authorization vulnerability in the QR code MeCard/vCard generator WordPress plugin that allows unauthorized users to acce...
Dec 13, 2024About Missing Authorization (CWE-862)
The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
Our database tracks 3,074 CVEs classified as CWE-862, with 231 rated critical and 874 rated high severity. The average CVSS score for Missing Authorization vulnerabilities is 6.3.
External reference: View CWE-862 on MITRE CWE →
Monitor Missing Authorization Vulnerabilities
Get alerted when new Missing Authorization CVEs affect your infrastructure.
Start Monitoring Free