VYPR

CWE-862

Missing Authorization

ClassIncompleteLikelihood: High

Description

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-665

CVEs mapped to this weakness (5,549)

page 102 of 278
  • CVE-2025-64261MedNov 13, 2025
    risk 0.35cvss 5.4epss 0.00

    Missing Authorization vulnerability in codepeople Appointment Booking Calendar appointment-booking-calendar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Appointment Booking Calendar: from n/a through <= 1.3.95.

  • CVE-2025-33185MedNov 11, 2025
    risk 0.35cvss 5.3epss 0.01

    NVIDIA AIStore contains a vulnerability in AuthN where an unauthenticated user may cause information disclosure.  A successful exploit of this vulnerability may lead to information disclosure.

  • CVE-2025-62017MedNov 6, 2025
    risk 0.35cvss 5.4epss 0.00

    Missing Authorization vulnerability in hogash KALLYAS kallyas.This issue affects KALLYAS: from n/a through <= 4.22.0.

  • CVE-2025-58986MedNov 6, 2025
    risk 0.35cvss 6.5epss 0.00

    Missing Authorization vulnerability in ganddser Jock On Air Now (JOAN) joan allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Jock On Air Now (JOAN): from n/a through <= 6.0.4.

  • CVE-2025-11758MedNov 4, 2025
    risk 0.35cvss 6.5epss 0.00

    The All in One Time Clock Lite plugin for WordPress is vulnerable to unauthorized access due to a missing authorization check in all versions up to, and including, 2.0.3. This is due to the plugin exposing admin-level AJAX actions to unauthenticated users via wp_ajax_nopriv_…

  • CVE-2025-64150MedOct 29, 2025
    risk 0.35cvss 5.4epss 0.00

    A missing permission check in Jenkins Publish to Bitbucket Plugin 0.4 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in…

  • CVE-2025-64285MedOct 29, 2025
    risk 0.35cvss 5.4epss 0.00

    Missing Authorization vulnerability in Premmerce Premmerce Wholesale Pricing for WooCommerce premmerce-woocommerce-wholesale-pricing allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Premmerce Wholesale Pricing for WooCommerce: from n/a…

  • CVE-2025-64212MedOct 29, 2025
    risk 0.35cvss 5.4epss 0.00

    Missing Authorization vulnerability in StylemixThemes MasterStudy LMS Pro masterstudy-lms-learning-management-system-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MasterStudy LMS Pro: from n/a through < 4.7.16.

  • CVE-2025-64210MedOct 29, 2025
    risk 0.35cvss 5.4epss 0.00

    Missing Authorization vulnerability in StylemixThemes Masterstudy Elementor Widgets masterstudy-elementor-widgets allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Masterstudy Elementor Widgets: from n/a through <= 1.2.4.

  • CVE-2025-11705MedOct 29, 2025
    risk 0.35cvss 6.5epss 0.01

    The Anti-Malware Security and Brute-Force Firewall plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 4.23.81 due to a missing capability check combined with an information exposure in several GOTMLS_* AJAX actions. This makes it…

  • CVE-2025-62980MedOct 27, 2025
    risk 0.35cvss 5.4epss 0.00

    Missing Authorization vulnerability in MDZ Persian Admnin Fonts persian-admin-fonts allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Persian Admnin Fonts: from n/a through <= 4.1.03.

  • CVE-2025-62966MedOct 27, 2025
    risk 0.35cvss 5.4epss 0.00

    Missing Authorization vulnerability in Apiki GoCache gocache-cdn allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GoCache: from n/a through <= 1.3.6.

  • CVE-2025-62925MedOct 27, 2025
    risk 0.35cvss 5.4epss 0.00

    Missing Authorization vulnerability in Conversios Conversios.io enhanced-e-commerce-for-woocommerce-store allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Conversios.io: from n/a through <= 7.2.13.

  • CVE-2025-62919MedOct 27, 2025
    risk 0.35cvss 5.4epss 0.00

    Missing Authorization vulnerability in themeshopy TS Demo Importer ts-demo-importer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects TS Demo Importer: from n/a through <= 0.1.3.

  • CVE-2025-62918MedOct 27, 2025
    risk 0.35cvss 5.4epss 0.00

    Missing Authorization vulnerability in ignitionwp IgnitionDeck ignitiondeck allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects IgnitionDeck: from n/a through <= 2.0.15.

  • CVE-2025-62916MedOct 27, 2025
    risk 0.35cvss 5.4epss 0.00

    Missing Authorization vulnerability in Travon WP Flights & Hotels Booking WP Plugin adiaha-hotel allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Flights & Hotels Booking WP Plugin: from n/a through <= 3.1.

  • CVE-2025-10749MedOct 24, 2025
    risk 0.35cvss 5.4epss 0.00

    The Microsoft Azure Storage for WordPress plugin for WordPress is vulnerable to Unauthorized Arbitrary Media Deletion in all versions up to, and including, 4.5.1. This is due to missing capability checks on the 'azure-storage-media-replace' AJAX action. This makes it possible…

  • CVE-2025-62247MedOct 22, 2025
    risk 0.35cvss 6.5epss 0.00

    Missing Authorization in Collection Provider component in the Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q2.0 through 2025.Q2.9, 2025.Q1.0 through 2025.Q1.16, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1…

  • CVE-2025-62048MedOct 22, 2025
    risk 0.35cvss 5.4epss 0.00

    Missing Authorization vulnerability in WPMU DEV - Your All-in-One WordPress Platform SmartCrawl smartcrawl-seo.This issue affects SmartCrawl: from n/a through <= 3.14.3.

  • CVE-2025-62027MedOct 22, 2025
    risk 0.35cvss 5.4epss 0.00

    Missing Authorization vulnerability in StellarWP Event Tickets event-tickets.This issue affects Event Tickets: from n/a through <= 5.26.3.