CWE-863

Incorrect Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.

We have discovered 680,370 live websites that are affected by CWE-863.

Available Reports

Website List

CVEs

Count - 126

CWE References

cwe.mitre.org

Website Distribution by Country

Number of websites using CWE-863

United States	191,279 websites

Germany	64,335 websites
France	42,101 websites
Japan	30,003 websites
GB	29,221 websites
Italy	28,724 websites
Russia	22,151 websites
Netherlands	19,774 websites
Spain	18,318 websites
Poland	15,055 websites

Website Distribution by TLD

Number of websites using CWE-863

.com	273,378 websites
.de	34,891 websites
.org	32,206 websites
.it	19,951 websites
.fr	18,495 websites
.ru	17,665 websites
.net	17,430 websites
.co.uk	17,081 websites
.nl	16,624 websites
.com.br	11,821 websites

Newest CVEs

List of the most recent CVEs that are part of CWE-863

Discovered	CVE	Description	Websites
Nov, 2025	CVE-2025-11776	Guest user can discover archived public channels	464
Nov, 2025	CVE-2025-41436	Unauthorized access to archived channel content via threads interface	464
Nov, 2025	CVE-2025-11777	Cross-team channel membership access	116
Nov, 2025	CVE-2025-49145	iTop admin can drop iTop database using webhooks	23
Nov, 2025	CVE-2025-62275	Blogs in Liferay Portal 7.4.0 through 7.4.3.111, and older unsupported versions, and Liferay DXP 202...	72
Oct, 2025	CVE-2025-62259	Liferay Portal 7.4.0 through 7.4.3.109, and older unsupported versions, and Liferay DXP 2023.Q3.1 th...	72
Oct, 2025	CVE-2025-11888	ShopEngine Elementor WooCommerce Builder Addon – All in One WooCommerce Solution <= 4.8.4 - Incorrect Authorization to Authenticated (Editor+) License Status Update	4,062
Oct, 2025	CVE-2025-10545	Guest user can add unauthorized team users to private channels	97
Oct, 2025	CVE-2025-62243	Insecure direct object reference (IDOR) vulnerability in Publications in Liferay Portal 7.4.1 throug...	68
Oct, 2025	CVE-2025-7374	WP JobHunt <= 7.6 Authenticated (Custom+) Authorization Bypass	1

The most widespread CVEs

List of the most common CVEs that are part of CWE-863

Discovered	CVE	Description	Websites
Jan, 2024	CVE-2022-0775	WooCommerce < 6.2.1 - Subscriber+ Arbitrary Comment Deletion	237,376
Nov, 2024	CVE-2024-9926	Jetpack < 13.9.1 - Subscriber+ Arbitrary Feedback Access	163,456
Mar, 2025	CVE-2025-31673	Drupal core - Moderately critical - Access bypass - SA-CORE-2025-002	112,892
Sep, 2025	CVE-2025-8944	OceanWP < 4.1.2 - Subscriber+ Limited Option Update	87,655
Jan, 2023	CVE-2022-45353	WordPress Betheme theme <= 26.6.1 is vulnerable to Broken Access Control	40,312
Jun, 2023	CVE-2023-2877	Formidable Forms < 6.3.1 - Subscriber+ Remote Code Execution	11,029
Jan, 2024	CVE-2023-6421	Download Manager < 3.2.83 - Unauthenticated Protected File Download Password Leak	10,416
Jul, 2025	CVE-2025-8068	HT Mega – Absolute Addons For Elementor <= 2.9.1 - Improper Authorization to Authenticated (Contributor+) Limited Administrator Actions	8,335
Apr, 2020	CVE-2020-8142	A security restriction bypass vulnerability has been discovered in Revive Adserver version < 5.0.5 b...	5,683
Oct, 2025	CVE-2025-11888	ShopEngine Elementor WooCommerce Builder Addon – All in One WooCommerce Solution <= 4.8.4 - Incorrect Authorization to Authenticated (Editor+) License Status Update	4,062

Websites affected by CWE-863

Top websites that are affected by CWE-863. Please click on the "Contact us" link to get more information.

Domain	Country	Rank
*..uk	GB	***
*********.com	United States	***
*********.com	United States	***
***.gov	United States	***
****************.de	Germany	***
****.*****.org	United States	***
***.org	France	,**
**************************.nl	Netherlands	,**
*******.gov	United States	,**
***.gov	United States	,**

See full domain list