VYPR

CWE-862

Missing Authorization

ClassIncompleteLikelihood: High

Description

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-665

CVEs mapped to this weakness (5,549)

page 103 of 278
  • CVE-2025-49949MedOct 22, 2025
    risk 0.35cvss 5.4epss 0.00

    Missing Authorization vulnerability in templazee Templazee templazee allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Templazee: from n/a through <= 1.0.2.

  • CVE-2025-49920MedOct 22, 2025
    risk 0.35cvss 5.4epss 0.00

    Missing Authorization vulnerability in accessiBe Web Accessibility By accessiBe accessibe allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Web Accessibility By accessiBe: from n/a through <= 2.10.

  • CVE-2025-11372MedOct 18, 2025
    risk 0.35cvss 6.5epss 0.00

    The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to modification of data in all versions up to, and including, 4.2.9.2. This is due to missing capability checks on the Admin Tools REST endpoints which are registered with permission_callback set to…

  • CVE-2025-11580MedOct 10, 2025
    risk 0.35cvss 5.3epss 0.01

    A weakness has been identified in PowerJob up to 5.1.2. This affects the function list of the file /user/list. This manipulation causes missing authorization. The attack can be initiated remotely. The exploit has been made available to the public and could be used for attacks.

  • CVE-2025-60127MedSep 26, 2025
    risk 0.35cvss 5.4epss 0.00

    Missing Authorization vulnerability in ArtistScope CopySafe Web Protection wp-copysafe-web allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CopySafe Web Protection: from n/a through <= 5.1.

  • CVE-2025-60116MedSep 26, 2025
    risk 0.35cvss 5.4epss 0.00

    Missing Authorization vulnerability in ThemeGoods Grand Conference Theme Custom Post Type grandconference-custom-post allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Grand Conference Theme Custom Post Type: from n/a through < 2.6.4.

  • CVE-2025-60103MedSep 26, 2025
    risk 0.35cvss 5.4epss 0.00

    Missing Authorization vulnerability in CridioStudio ListingPro listingpro-plugin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ListingPro: from n/a through <= 2.9.8.

  • CVE-2025-60097MedSep 26, 2025
    risk 0.35cvss 5.4epss 0.00

    Missing Authorization vulnerability in CodexThemes TheGem thegem allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects TheGem: from n/a through <= 5.10.5.

  • CVE-2025-60096MedSep 26, 2025
    risk 0.35cvss 5.4epss 0.00

    Missing Authorization vulnerability in CodexThemes TheGem (Elementor) thegem-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects TheGem (Elementor): from n/a through <= 5.10.5.

  • CVE-2025-59581MedSep 22, 2025
    risk 0.35cvss 6.5epss 0.00

    Missing Authorization vulnerability in VW THEMES Ibtana ibtana-visual-editor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ibtana: from n/a through <= 1.2.5.3.

  • CVE-2025-58680MedSep 22, 2025
    risk 0.35cvss 6.5epss 0.00

    Missing Authorization vulnerability in gutentor Gutentor gutentor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Gutentor: from n/a through <= 3.5.2.

  • CVE-2025-58672MedSep 22, 2025
    risk 0.35cvss 5.4epss 0.00

    Missing Authorization vulnerability in weDevs WP User Frontend wp-user-frontend allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP User Frontend: from n/a through <= 4.1.12.

  • CVE-2025-58667MedSep 22, 2025
    risk 0.35cvss 5.4epss 0.00

    Missing Authorization vulnerability in CridioStudio ListingPro Reviews listingpro-reviews allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ListingPro Reviews: from n/a through < 2.9.11.

  • CVE-2025-58660MedSep 22, 2025
    risk 0.35cvss 5.4epss 0.00

    Missing Authorization vulnerability in brandexponents Oshine Core oshine-core allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Oshine Core: from n/a through <= 1.5.5.

  • CVE-2025-58650MedSep 22, 2025
    risk 0.35cvss 5.4epss 0.00

    Missing Authorization vulnerability in Syed Balkhi All In One SEO Pack all-in-one-seo-pack allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects All In One SEO Pack: from n/a through <= 4.8.7.1.

  • CVE-2025-57991MedSep 22, 2025
    risk 0.35cvss 5.4epss 0.00

    Missing Authorization vulnerability in Clariti Clariti clariti allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Clariti: from n/a through <= 1.2.1.

  • CVE-2025-57990MedSep 22, 2025
    risk 0.35cvss 5.4epss 0.00

    Missing Authorization vulnerability in solwininfotech Blog Designer blog-designer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Blog Designer: from n/a through <= 3.1.8.

  • CVE-2025-57949MedSep 22, 2025
    risk 0.35cvss 5.4epss 0.00

    Missing Authorization vulnerability in oggix Ongkoskirim.id ongkoskirim-id allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ongkoskirim.id: from n/a through <= 1.0.6.

  • CVE-2025-59474MedSep 17, 2025
    risk 0.35cvss 5.3epss 0.05

    Jenkins 2.527 and earlier, LTS 2.516.2 and earlier does not perform a permission check in the sidepanel of a page intentionally accessible to users lacking Overall/Read permission, allowing attackers without Overall/Read permission to list agent names through its sidepanel…

  • CVE-2025-9076MedSep 15, 2025
    risk 0.35cvss 6.5epss 0.00

    Mattermost versions 10.10.x <= 10.10.1 fail to properly sanitize user data during shared channel membership synchronization, which allows malicious or compromised remote clusters to access sensitive user information via unsanitized user objects. This vulnerability affects…