VYPR

CWE-862

Missing Authorization

ClassIncompleteLikelihood: High

Description

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-665

CVEs mapped to this weakness (5,549)

page 104 of 278
  • CVE-2025-8423MedSep 11, 2025
    risk 0.35cvss 5.4epss 0.00

    The My WP Translate plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the mtswpt_remove_plugin() and ajax_update_export_code() functions in all versions up to, and including, 1.1. This makes it possible for authenticated…

  • CVE-2025-58981MedSep 9, 2025
    risk 0.35cvss 5.4epss 0.00

    Missing Authorization vulnerability in Equalize Digital Accessibility Checker by Equalize Digital accessibility-checker allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Accessibility Checker by Equalize Digital: from n/a through <=…

  • CVE-2025-53291MedSep 9, 2025
    risk 0.35cvss 5.4epss 0.00

    Missing Authorization vulnerability in spoddev2021 Spreadconnect wc-spod.This issue affects Spreadconnect: from n/a through <= 2.1.5.

  • CVE-2025-32688MedSep 9, 2025
    risk 0.35cvss 5.4epss 0.00

    Missing Authorization vulnerability in Nebojsa Target Video Easy Publish brid-video-easy-publish.This issue affects Target Video Easy Publish: from n/a through <= 3.8.9.

  • CVE-2025-42915MedSep 9, 2025
    risk 0.35cvss 5.4epss 0.00

    Fiori app Manage Payment Blocks does not perform the necessary authorization checks, allowing an attacker with basic user privileges to abuse functionalities that should be restricted to specific user groups.This issue could impact both the confidentiality and integrity of the…

  • CVE-2025-54744MedSep 5, 2025
    risk 0.35cvss 6.5epss 0.00

    Missing Authorization vulnerability in Stylemix MasterStudy LMS masterstudy-lms-learning-management-system allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MasterStudy LMS: from n/a through <= 3.6.15.

  • CVE-2025-58785MedSep 5, 2025
    risk 0.35cvss 5.4epss 0.00

    Missing Authorization vulnerability in Jiro Sasamoto Ray Enterprise Translation lingotek-translation allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ray Enterprise Translation: from n/a through <= 1.7.2.

  • CVE-2025-58639MedSep 3, 2025
    risk 0.35cvss 5.4epss 0.00

    Missing Authorization vulnerability in Ali Khallad Contact Form By Mega Forms mega-forms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Contact Form By Mega Forms: from n/a through <= 1.6.1.

  • CVE-2025-53337MedAug 28, 2025
    risk 0.35cvss 5.4epss 0.00

    Missing Authorization vulnerability in Ashan Perera LifePress lifepress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LifePress: from n/a through <= 2.1.3.

  • CVE-2025-54717MedAug 14, 2025
    risk 0.35cvss 5.4epss 0.00

    Missing Authorization vulnerability in e-plugins WP Membership wp-membership allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Membership: from n/a through <= 1.6.3.

  • CVE-2025-54695MedAug 14, 2025
    risk 0.35cvss 5.4epss 0.00

    Missing Authorization vulnerability in DevItems HT Mega ht-mega-for-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects HT Mega: from n/a through <= 2.9.0.

  • CVE-2025-8796MedAug 10, 2025
    risk 0.35cvss 5.4epss 0.00

    A vulnerability has been found in LitmusChaos Litmus up to 3.19.0 and classified as problematic. This vulnerability affects unknown code of the file /auth/delete_project/ of the component Delete Request Handler. The manipulation of the argument projectID leads to missing…

  • CVE-2025-54037MedJul 16, 2025
    risk 0.35cvss 5.4epss 0.00

    Missing Authorization vulnerability in blazethemes News Kit Elementor Addons news-kit-elementor-addons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects News Kit Elementor Addons: from n/a through <= 1.3.4.

  • CVE-2025-48167MedJul 16, 2025
    risk 0.35cvss 5.4epss 0.00

    Missing Authorization vulnerability in alexvtn Chatbox Manager wa-chatbox-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Chatbox Manager: from n/a through <= 1.2.5.

  • CVE-2025-53640MedJul 14, 2025
    risk 0.35cvss 6.5epss 0.01

    Indico is an event management system that uses Flask-Multipass, a multi-backend authentication system for Flask. Starting in version 2.2 and prior to version 3.3.7, an endpoint used to display details of users listed in certain fields (such as ACLs) could be misused to dump…

  • CVE-2025-3702MedJul 3, 2025
    risk 0.35cvss 5.4epss 0.00

    Missing Authorization vulnerability in Melapress Melapress File Monitor website-file-changes-monitor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Melapress File Monitor: from n/a through < 2.2.0.

  • CVE-2025-46259MedJul 1, 2025
    risk 0.35cvss 5.4epss 0.00

    Missing Authorization vulnerability in POSIMYTH Innovation The Plus Addons for Elementor Pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects The Plus Addons for Elementor Pro: from n/a before 6.3.7.

  • CVE-2025-53318MedJun 27, 2025
    risk 0.35cvss 5.4epss 0.00

    Missing Authorization vulnerability in WPManiax WP DB Booster wp-db-booster allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP DB Booster: from n/a through <= 1.0.1.

  • CVE-2025-50010MedJun 20, 2025
    risk 0.35cvss 5.4epss 0.00

    Missing Authorization vulnerability in Zapier Zapier for WordPress zapier allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Zapier for WordPress: from n/a through <= 1.5.2.

  • CVE-2025-50009MedJun 20, 2025
    risk 0.35cvss 5.4epss 0.00

    Missing Authorization vulnerability in Climax Themes Kata Plus kata-plus allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Kata Plus: from n/a through <= 1.5.3.