CWE-863
Incorrect Authorization
The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.
We have discovered 435,632 live websites that are affected by CWE-863.
CVEs
- Count - 5
CWE References
Countries
 United States | 105,169 websites |
 Germany | 23,930 websites |
 Italy | 23,569 websites |
 France | 23,331 websites |
 Russia | 20,656 websites |
 GB | 20,200 websites |
 Spain | 15,387 websites |
 Vietnam | 13,999 websites |
 Netherlands | 12,011 websites |
 Australia | 10,354 websites |
TLDs
| .com | 196,024 websites |
| .ru | 16,158 websites |
| .it | 15,139 websites |
| .co.uk | 11,686 websites |
| .de | 11,574 websites |
| .org | 11,372 websites |
| .nl | 9,145 websites |
| .fr | 8,615 websites |
| .net | 8,373 websites |
| .com.br | 7,997 websites |
Newest CVEs
List of the most recent CVEs that are part of CWE-863| Discovered | CVE | Description | Websites |
|---|---|---|---|
| Jan, 2024 | CVE-2022-0775 | WooCommerce < 6.2.1 - Subscriber+ Arbitrary Comment Deletion | 428,468 |
| May, 2023 | CVE-2023-1979 | Auth bypass in Web Stories for WordPress plugin | 91 |
| Jan, 2023 | CVE-2022-45353 | WordPress Betheme theme <= 26.6.1 is vulnerable to Broken Access Control | 7,398 |
| Sep, 2021 | CVE-2021-34647 | Ninja Forms <= 3.5.7 Sensitive Information Disclosure | 44 |
| Sep, 2021 | CVE-2021-34648 | Ninja Forms <= 3.5.7 Unprotected REST-API to Email Injection | 44 |
The most widespread CVEs
List of the most common CVEs that are part of CWE-863| Discovered | CVE | Description | Websites |
|---|---|---|---|
| Jan, 2024 | CVE-2022-0775 | WooCommerce < 6.2.1 - Subscriber+ Arbitrary Comment Deletion | 428,468 |
| Jan, 2023 | CVE-2022-45353 | WordPress Betheme theme <= 26.6.1 is vulnerable to Broken Access Control | 7,398 |
| May, 2023 | CVE-2023-1979 | Auth bypass in Web Stories for WordPress plugin | 91 |
| Sep, 2021 | CVE-2021-34647 | Ninja Forms <= 3.5.7 Sensitive Information Disclosure | 44 |
| Sep, 2021 | CVE-2021-34648 | Ninja Forms <= 3.5.7 Unprotected REST-API to Email Injection | 44 |
Websites affected by CWE-863
Top websites that are affected by CWE-863. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| ***.***.com | United States | *,*** | |
| ***.***********.com | Italy | *,*** | |
| ***.*********.nl | Netherlands | *,*** | |
| ***********.com | United States | *,*** | |
| *****************.com | United States | *,*** | |
| ***.*************.com | United States | *,*** | |
| ***.com | United States | *,*** | |
| *********.com | United States | *,*** | |
| *******.com | United States | *,*** | |
| ***.**********.com | United States | *,*** |