CWE-284


Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

We have discovered 1,259,392 live websites that are affected by CWE-284.

Contact us to get more info







CVEs

  • Count - 156



CWE-284 usage by Country

United States396,981 websites


Germany145,772 websites
France75,368 websites
Japan45,448 websites
GB45,236 websites
Russia40,095 websites
Netherlands38,023 websites
Spain32,046 websites
Italy31,585 websites
Poland28,755 websites

CWE-284 usage by TLD

.com528,048 websites
.de64,684 websites
.org48,674 websites
.nl36,000 websites
.ru35,033 websites
.co.uk32,800 websites
.net29,749 websites
.it27,432 websites
.com.br27,231 websites
.fr26,375 websites

Newest CVEs

List of the most recent CVEs that are part of CWE-284
DiscoveredCVEDescriptionWebsites
Mar, 2025CVE-2025-25225 Extension - hikashop.com - Privilege escalation vulnerability Hikashop component version 1.0.0 - 5.1.3 for Joomla5,987
Mar, 2025CVE-2024-13430 Page Builder: Pagelayer – Drag and Drop website builder <= 1.9.8 - Authenticated (Contributor+) Private Post Disclosure in pagelayer_builder_posts_shortcode13,837
Mar, 2025CVE-2024-13635 VK Blocks <= 1.94.2.2 - Missing Authorization to Sensitive Information Exposure12,467
Mar, 2025CVE-2024-56195 Apache Traffic Server: Intercept plugins are not access controlled1,295
Mar, 2025CVE-2024-56196 Apache Traffic Server: ACL is not fully compatible with older versions64
Feb, 2025CVE-2024-13693 Enfold <= 6.0.9 - Missing Authorization to Sensitive Information Disclosure in avia-export-class.php172,709
Feb, 2025CVE-2024-13855 Prime Addons for Elementor <= 2.0.1 - Authenticated (Contributor+) Insecure Direct Object Reference via pae_global_block Shortcode10
Feb, 2025CVE-2024-13854 Education Addon for Elementor <= 1.3.1 - Authenticated (Contributor+) Insecure Direct Object Reference via naedu_elementor_template Shortcode27
Feb, 2025CVE-2025-0968 ElementsKit Elementor addons <= 3.4.0 - Unauthenticated Information Exposure via get_megamenu_content Function162,893
Feb, 2025CVE-2025-24411 Adobe Commerce | Improper Access Control (CWE-284)4,103

The most widespread CVEs

List of the most common CVEs that are part of CWE-284
DiscoveredCVEDescriptionWebsites
Apr, 2024CVE-2024-1310 WooCommerce < 8.6 - Contributor+ Private/Draft Products Access536,829
May, 2020CVE-2020-11028 Unauthenticated disclosure of certain private posts in WordPress252,236
Feb, 2025CVE-2024-13693 Enfold <= 6.0.9 - Missing Authorization to Sensitive Information Disclosure in avia-export-class.php172,709
Feb, 2025CVE-2025-0968 ElementsKit Elementor addons <= 3.4.0 - Unauthenticated Information Exposure via get_megamenu_content Function162,893
Oct, 2022CVE-2021-36913 Redirection for Contact Form 7 <= 2.4.0 - Unauthenticated Options Change and Content Injection vulnerability49,764
Mar, 2024CVE-2024-1564 Schema Pro < 2.7.16 - Contributor+ Custom Field Access14,522
Jan, 2025CVE-2024-13457 Event Tickets <= 5.18.1 - Insecure Direct Object Reference to Sensitive Information Exposure14,297
Mar, 2025CVE-2024-13430 Page Builder: Pagelayer – Drag and Drop website builder <= 1.9.8 - Authenticated (Contributor+) Private Post Disclosure in pagelayer_builder_posts_shortcode13,837
Mar, 2025CVE-2024-13635 VK Blocks <= 1.94.2.2 - Missing Authorization to Sensitive Information Exposure12,467
May, 2023CVE-2023-1524 Download Manager < 3.2.71 - Broken Access Controls7,790

Websites affected by CWE-284

Top websites that are affected by CWE-284. Please click on the "Contact us" link to get more information.
DomainCountryRankContacts
**.*********.org United States**
*******.com United States**
****.******.com Singapore***
********.****.com United States***
**.*********.org United States***
*******.*********.org United States***
**.*********.org United States***
*********.net United States***
*********.org United States*,***
*********.org United States*,***
See full domain list