VYPR

CWE-862

Missing Authorization

ClassIncompleteLikelihood: High

Description

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-665

CVEs mapped to this weakness (5,549)

page 101 of 278
  • CVE-2025-66162MedDec 16, 2025
    risk 0.35cvss 5.4epss 0.00

    Missing Authorization vulnerability in merkulove Spoter for Elementor spoter-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Spoter for Elementor: from n/a through <= 1.04.

  • CVE-2025-66161MedDec 16, 2025
    risk 0.35cvss 5.4epss 0.00

    Missing Authorization vulnerability in merkulove Grider for Elementor grider-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Grider for Elementor: from n/a through <= 1.0.8.

  • CVE-2025-66147MedDec 16, 2025
    risk 0.35cvss 5.4epss 0.00

    Missing Authorization vulnerability in merkulove Coder for Elementor coder-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Coder for Elementor: from n/a through <= 1.0.13.

  • CVE-2025-66134MedDec 16, 2025
    risk 0.35cvss 5.4epss 0.00

    Missing Authorization vulnerability in NinjaTeam FileBird Pro filebird-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects FileBird Pro: from n/a through <= 6.5.1.

  • CVE-2025-13956MedDec 16, 2025
    risk 0.35cvss 5.3epss 0.01

    The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the statistic function in all versions up to, and including, 4.3.1. This makes it possible for unauthenticated attackers to view the…

  • CVE-2025-14508MedDec 13, 2025
    risk 0.35cvss 6.5epss 0.00

    The MediaCommander – Bring Folders to Media, Posts, and Pages plugin for WordPress is vulnerable to unauthorized data deletion due to a missing capability check on the import-csv REST API endpoint in all versions up to, and including, 2.3.1. This is due to the endpoint using…

  • CVE-2023-23729MedDec 9, 2025
    risk 0.35cvss 5.4epss 0.00

    Missing Authorization vulnerability in Brainstorm Force Spectra allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Spectra: from n/a through 2.3.0.

  • CVE-2025-67562MedDec 9, 2025
    risk 0.35cvss 5.4epss 0.00

    Missing Authorization vulnerability in WebCodingPlace Image Caption Hover Pro image-caption-hover-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Image Caption Hover Pro: from n/a through < 20.0.

  • CVE-2025-67561MedDec 9, 2025
    risk 0.35cvss 5.4epss 0.00

    Missing Authorization vulnerability in Oleksandr Lysyi Debug Log Viewer debug-log-viewer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Debug Log Viewer: from n/a through <= 2.0.3.

  • CVE-2025-67560MedDec 9, 2025
    risk 0.35cvss 5.4epss 0.00

    Missing Authorization vulnerability in Webilia Inc. Listdom listdom allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Listdom: from n/a through <= 5.0.1.

  • CVE-2025-67559MedDec 9, 2025
    risk 0.35cvss 5.4epss 0.00

    Missing Authorization vulnerability in vcita Online Booking & Scheduling Calendar for WordPress by vcita meeting-scheduler-by-vcita allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Online Booking & Scheduling Calendar for WordPress by…

  • CVE-2025-63034MedDec 9, 2025
    risk 0.35cvss 5.4epss 0.00

    Missing Authorization vulnerability in Steve Truman Page View Count page-views-count allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Page View Count: from n/a through <= 2.9.0.

  • CVE-2025-63024MedDec 9, 2025
    risk 0.35cvss 5.4epss 0.00

    Missing Authorization vulnerability in tychesoftwares Order Delivery Date for WooCommerce order-delivery-date-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Order Delivery Date for WooCommerce: from n/a through <= 4.3.1.

  • CVE-2025-62999MedDec 9, 2025
    risk 0.35cvss 5.4epss 0.00

    Missing Authorization vulnerability in themezaa Litho Addons litho-addons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Litho Addons: from n/a through <= 3.5.

  • CVE-2025-62086MedDec 9, 2025
    risk 0.35cvss 5.4epss 0.00

    Missing Authorization vulnerability in akazanstev Яндекс Доставка (Boxberry) boxberry allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Яндекс Доставка (Boxberry): from n/a through <= 2.34.

  • CVE-2025-13558MedNov 25, 2025
    risk 0.35cvss 5.4epss 0.00

    The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'deleteUserCcDraftPost' function in all versions up to, and including, 8.7.0. This makes it possible for…

  • CVE-2025-66063MedNov 21, 2025
    risk 0.35cvss 5.4epss 0.00

    Missing Authorization vulnerability in jgwhite33 WP Google Review Slider wp-google-places-review-slider allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Google Review Slider: from n/a through <= 17.4.

  • CVE-2025-13468MedNov 20, 2025
    risk 0.35cvss 5.4epss 0.00

    A weakness has been identified in SourceCodester Alumni Management System 1.0. This issue affects the function delete_forum/delete_career/delete_comment/delete_gallery/delete_event of the file admin/admin_class.php of the component Delete Handler. Executing manipulation of the…

  • CVE-2025-12174MedNov 19, 2025
    risk 0.35cvss 6.5epss 0.00

    The Directorist: AI-Powered Business Directory Plugin with Classified Ads Listings plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the 'directorist_prepare_listings_export_file' and 'directorist_type_slug_change' AJAX actions in all…

  • CVE-2025-64263MedNov 13, 2025
    risk 0.35cvss 5.4epss 0.00

    Missing Authorization vulnerability in PluginEver WP Content Pilot wp-content-pilot allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Content Pilot: from n/a through <= 2.1.7.