VYPR

CWE-862

Missing Authorization

ClassIncompleteLikelihood: High

Description

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-665

CVEs mapped to this weakness (5,549)

page 105 of 278
  • CVE-2025-50008MedJun 20, 2025
    risk 0.35cvss 5.4epss 0.00

    Missing Authorization vulnerability in cscode WooCommerce Manager – Customize and Control Cart page, Add to Cart button, Checkout fields easily innovs-woo-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WooCommerce Manager –…

  • CVE-2025-49998MedJun 20, 2025
    risk 0.35cvss 5.4epss 0.00

    Missing Authorization vulnerability in Wetail WooCommerce Fortnox Integration woocommerce-fortnox-integration allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WooCommerce Fortnox Integration: from n/a through <= 4.5.5.

  • CVE-2025-42984MedJun 10, 2025
    risk 0.35cvss 5.4epss 0.00

    SAP S/4HANA Manage Central Purchase Contract does not perform necessary authorization checks for an authenticated user. Due to this, an attacker could execute the function import on the entity making it inaccessible for unrestricted user. This has low impact on confidentiality…

  • CVE-2025-30958MedJun 6, 2025
    risk 0.35cvss 5.4epss 0.00

    Missing Authorization vulnerability in onOffice GmbH onOffice for WP-Websites onoffice-for-wp-websites allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects onOffice for WP-Websites: from n/a through <= 6.5.1.

  • CVE-2025-30957MedJun 6, 2025
    risk 0.35cvss 5.4epss 0.00

    Missing Authorization vulnerability in BuddyDev Activity Plus Reloaded for BuddyPress bp-activity-plus-reloaded allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Activity Plus Reloaded for BuddyPress: from n/a through <= 1.1.2.

  • CVE-2025-30932MedJun 6, 2025
    risk 0.35cvss 5.4epss 0.00

    Missing Authorization vulnerability in WP Compress WP Compress for MainWP wp-compress-mainwp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Compress for MainWP: from n/a through <= 6.30.32.

  • CVE-2025-30636MedJun 6, 2025
    risk 0.35cvss 5.4epss 0.00

    Missing Authorization vulnerability in Ability, Inc Accessibility Suite online-accessibility allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Accessibility Suite: from n/a through <= 4.19.

  • CVE-2025-29013MedJun 6, 2025
    risk 0.35cvss 5.4epss 0.00

    Missing Authorization vulnerability in faaiq Custom Category/Post Type Post order custom-post-order-category allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Custom Category/Post Type Post order: from n/a through <= 1.6.0.

  • CVE-2025-28985MedJun 6, 2025
    risk 0.35cvss 5.4epss 0.00

    Missing Authorization vulnerability in Elastic Email Elastic Email Subscribe Form elastic-email-subscribe-form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Elastic Email Subscribe Form: from n/a through <= 1.2.2.

  • CVE-2025-24778MedJun 6, 2025
    risk 0.35cvss 5.4epss 0.00

    Missing Authorization vulnerability in De paragon No Spam At All no-spam-at-all allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects No Spam At All: from n/a through <= 1.3.

  • CVE-2025-24776MedJun 6, 2025
    risk 0.35cvss 5.4epss 0.00

    Missing Authorization vulnerability in codelobster Responsive Flipbooks responsive-flipbooks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Responsive Flipbooks: from n/a through <= 1.0.

  • CVE-2025-24762MedJun 6, 2025
    risk 0.35cvss 5.4epss 0.00

    Missing Authorization vulnerability in facturaone TicketBAI Facturas para WooCommerce wp-ticketbai allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects TicketBAI Facturas para WooCommerce: from n/a through <= 3.45.

  • CVE-2025-48335MedJun 6, 2025
    risk 0.35cvss 5.4epss 0.00

    Missing Authorization vulnerability in CyberChimps Responsive Plus responsive-add-ons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Responsive Plus: from n/a through <= 3.2.0.

  • CVE-2025-46258MedJun 5, 2025
    risk 0.35cvss 5.4epss 0.00

    Missing Authorization vulnerability in BdThemes Element Pack Pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Element Pack Pro: from n/a before 8.0.0.

  • CVE-2025-26920MedMay 19, 2025
    risk 0.35cvss 5.4epss 0.00

    Missing Authorization vulnerability in pressmaximum Customify customify-theme allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Customify: from n/a through <= 0.4.8.

  • CVE-2025-48246MedMay 19, 2025
    risk 0.35cvss 5.4epss 0.00

    Missing Authorization vulnerability in StellarWP The Events Calendar the-events-calendar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects The Events Calendar: from n/a through <= 6.11.2.1.

  • CVE-2025-47556MedMay 16, 2025
    risk 0.35cvss 5.4epss 0.00

    Missing Authorization vulnerability in QuanticaLabs CSS3 Compare Pricing Tables for WordPress css3_web_pricing_tables_grids allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CSS3 Compare Pricing Tables for WordPress: from n/a through <=…

  • CVE-2025-31923MedMay 16, 2025
    risk 0.35cvss 5.4epss 0.00

    Missing Authorization vulnerability in QuanticaLabs CSS3 Accordions for WordPress css3_accordions allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CSS3 Accordions for WordPress: from n/a through <= 3.0.

  • CVE-2025-47580MedMay 15, 2025
    risk 0.35cvss 5.4epss 0.00

    Missing Authorization vulnerability in Rustaurius Front End Users front-end-only-users allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Front End Users: from n/a through <= 3.2.35.

  • CVE-2025-47628MedMay 7, 2025
    risk 0.35cvss 5.4epss 0.00

    Missing Authorization vulnerability in quomodosoft QS Dark Mode qs-dark-mode allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects QS Dark Mode: from n/a through <= 3.0.