CWE-285
Improper Authorization
The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.
We have discovered 257,058 live websites that are affected by CWE-285.
CVEs
- Count - 111
CWE References
Website Distribution by Country
Number of websites using CWE-285 United States | 78,627 websites |
 Germany | 29,871 websites |
 France | 15,304 websites |
 GB | 12,814 websites |
 Italy | 12,295 websites |
 Spain | 7,874 websites |
 Netherlands | 6,659 websites |
 Canada | 6,114 websites |
 Japan | 5,299 websites |
 Australia | 4,599 websites |
Website Distribution by TLD
Number of websites using CWE-285| .com | 95,173 websites |
| .org | 28,173 websites |
| .de | 17,872 websites |
| .it | 8,651 websites |
| .fr | 6,580 websites |
| .co.uk | 6,456 websites |
| .nl | 6,102 websites |
| .net | 5,644 websites |
| .es | 3,561 websites |
| .com.au | 3,546 websites |
Newest CVEs
List of the most recent CVEs that are part of CWE-285| Discovered | CVE | Description | Websites |
|---|---|---|---|
| Apr, 2026 | CVE-2026-39347 | OrangeHRM's Self‑Appraisal Submission of Admin Users Can Be Modified After Completion | 9 |
| Mar, 2026 | CVE-2026-1710 | WooPayments <= 10.5.1 - Missing Authorization to Unauthenticated Plugin Settings Update via save_upe_appearance_ajax | 21,401 |
| Mar, 2026 | CVE-2026-32615 | Discourse: Category group moderators can perform actions on topics in restricted categories without read access | 909 |
| Mar, 2026 | CVE-2026-32619 | Discourse: Insufficient topic visibility check allows unauthorized poll manipulation in private categories | 909 |
| Mar, 2026 | CVE-2026-4248 | Ultimate Member <= 2.11.2 - Authenticated (Contributor+) Sensitive Information Exposure to Account Takeover via Shortcode Template Tag | 38,560 |
| Mar, 2026 | CVE-2026-33162 | Craft CMS: Authorization bypass in "entries/move-to-section" allows control panel user to move entries without section permissions | 2 |
| Mar, 2026 | CVE-2025-10731 | ReviewX – WooCommerce Product Reviews with Multi-Criteria, Reminder Emails, Google Reviews, Schema & More <= 2.2.12 - Unauthenticated Sensitive Information Exposure to Data Export | 350 |
| Mar, 2026 | CVE-2025-10736 | ReviewX – WooCommerce Product Reviews with Multi-Criteria, Reminder Emails, Google Reviews, Schema & More <= 2.2.10 - Incorrect Authorization to Unauthenticated Information Exposure and Data Manipulation | 350 |
| Mar, 2026 | CVE-2026-2294 | UiPress lite | Effortless custom dashboards, admin themes and pages <= 3.5.09 - Missing Authorization to Authenticated (Subscriber+) Plugin Settings Update | 11 |
| Mar, 2026 | CVE-2026-28431 | Misskey lacks proper authorization checks and input validation | 10 |
The most widespread CVEs
List of the most common CVEs that are part of CWE-285| Discovered | CVE | Description | Websites |
|---|---|---|---|
| Feb, 2026 | CVE-2026-2694 | The Events Calendar <= 6.15.16 - Improper Authorization to Authenticated (Contributor+) Event/Organizer/Venue Update/Trash via REST API | 75,715 |
| Mar, 2026 | CVE-2026-4248 | Ultimate Member <= 2.11.2 - Authenticated (Contributor+) Sensitive Information Exposure to Account Takeover via Shortcode Template Tag | 38,560 |
| Nov, 2025 | CVE-2025-12777 | YITH WooCommerce Wishlist <= 4.10.0 - Unauthenticated Wishlist Token Disclosure to Wishlist Item Deletion | 32,584 |
| Mar, 2026 | CVE-2026-1710 | WooPayments <= 10.5.1 - Missing Authorization to Unauthenticated Plugin Settings Update via save_upe_appearance_ajax | 21,401 |
| Oct, 2025 | CVE-2025-11227 | GiveWP – Donation Plugin and Fundraising Platform <= 4.10.0 - Missing Authorization to Unauthenticated Forms and Campaigns Disclosure | 11,778 |
| Dec, 2024 | CVE-2024-11768 | Download manager <= 3.3.03 - Improper Authorization to Unauthenticated Download of Password-Protected Files | 11,159 |
| Aug, 2025 | CVE-2025-7221 | GiveWP – Donation Plugin and Fundraising Platform <= 4.5.0 - Missing Authorization to Donation Update | 10,278 |
| May, 2023 | CVE-2023-2496 | Go Pricing - WordPress Responsive Pricing Tables <= 3.3.19 - Improper Authorization to Arbitrary File Upload | 8,893 |
| May, 2024 | CVE-2023-6731 | WP Show Posts <= 1.1.5 - Improper Authorization to Information Exposure | 7,064 |
| Sep, 2024 | CVE-2024-5053 | Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder <= 5.1.18 - Missing Authorization to Authenticated (Subscriber+) Mailchimp Integration Modification | 6,793 |
Websites affected by CWE-285
Top websites that are affected by CWE-285. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| ********.****.com | United States | *** | |
| ****.*******.org | United States | *,*** | |
| *****.pl |  Poland | *,*** | |
| ***.int |  Switzerland | *,*** | |
| ***********************.com | United States | *,*** | |
| ****.**.gov | United States | *,*** | |
| ***************.org | United States | *,*** | |
| *****************.com | United States | *,*** | |
| ***.com | United States | *,*** | |
| ***.***.edu | United States | *,*** |