VYPR

CWE-862

Missing Authorization

ClassIncompleteLikelihood: High

Description

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-665

CVEs mapped to this weakness (5,549)

page 108 of 278
  • CVE-2025-30817MedMar 27, 2025
    risk 0.35cvss 5.4epss 0.00

    Missing Authorization vulnerability in wpzita Z Companion z-companion allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Z Companion: from n/a through <= 1.0.13.

  • CVE-2025-30809MedMar 27, 2025
    risk 0.35cvss 5.4epss 0.00

    Missing Authorization vulnerability in Shahjada Live Forms liveforms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Live Forms: from n/a through <= 4.8.4.

  • CVE-2025-30767MedMar 27, 2025
    risk 0.35cvss 5.4epss 0.00

    Missing Authorization vulnerability in add-ons.org PDF for WPForms pdf-for-wpforms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PDF for WPForms: from n/a through <= 5.3.0.

  • CVE-2024-12336MedMar 15, 2025
    risk 0.35cvss 6.5epss 0.00

    The WC Affiliate – A Complete WooCommerce Affiliate Plugin plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'export_all_data' function in all versions up to, and including, 2.5.3. This makes it possible for…

  • CVE-2025-1681MedFeb 28, 2025
    risk 0.35cvss 5.4epss 0.00

    The Cardealer theme for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check and missing filename sanitization on the demo theme scheme AJAX functions in versions up to, and including, 1.6.4. This makes it possible for…

  • CVE-2025-27000MedFeb 25, 2025
    risk 0.35cvss 5.4epss 0.00

    Missing Authorization vulnerability in George Pattichis Simple Photo Feed simple-photo-feed allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simple Photo Feed: from n/a through <= 1.4.0.

  • CVE-2025-26995MedFeb 25, 2025
    risk 0.35cvss 5.4epss 0.00

    Missing Authorization vulnerability in Anton Vanyukov Market Exporter market-exporter allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Market Exporter: from n/a through <= 2.0.21.

  • CVE-2025-26960MedFeb 25, 2025
    risk 0.35cvss 6.5epss 0.00

    Missing Authorization vulnerability in enituretechnology Small Package Quotes – Unishippers Edition small-package-quotes-unishippers-edition allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Small Package Quotes – Unishippers Edition:…

  • CVE-2025-27356MedFeb 24, 2025
    risk 0.35cvss 5.4epss 0.00

    Missing Authorization vulnerability in Hardik Sticky Header On Scroll sticky-header-on-scroll allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sticky Header On Scroll: from n/a through <= 1.0.

  • CVE-2025-26765MedFeb 16, 2025
    risk 0.35cvss 5.4epss 0.00

    Missing Authorization vulnerability in enituretechnology Distance Based Shipping Calculator distance-based-shipping-calculator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Distance Based Shipping Calculator: from n/a through <=…

  • CVE-2025-25241MedFeb 11, 2025
    risk 0.35cvss 5.4epss 0.00

    Due to a missing authorization check, an attacker who is logged in to application can view/ delete �My Overtime Requests� which could allow the attacker to access employee information. This leads to low impact on confidentiality, integrity of the application. There is no…

  • CVE-2025-25110MedFeb 7, 2025
    risk 0.35cvss 5.4epss 0.00

    Missing Authorization vulnerability in Metagauss Event Kikfyre kikfyre-events-calendar-tickets allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Event Kikfyre: from n/a through <= 2.1.8.

  • CVE-2025-22696MedFeb 4, 2025
    risk 0.35cvss 5.4epss 0.00

    Missing Authorization vulnerability in WPDeveloper Document Block – Upload & Embed Docs document.This issue affects Document Block – Upload & Embed Docs: from n/a through <= 1.1.0.

  • CVE-2025-23849MedJan 27, 2025
    risk 0.35cvss 5.4epss 0.00

    Missing Authorization vulnerability in bpiwowar PAPERCITE papercite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PAPERCITE: from n/a through <= 0.5.18.

  • CVE-2025-24750MedJan 24, 2025
    risk 0.35cvss 5.4epss 0.00

    Missing Authorization vulnerability in Syed Balkhi ExactMetrics google-analytics-dashboard-for-wp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ExactMetrics: from n/a through <= 8.1.0.

  • CVE-2025-24652MedJan 24, 2025
    risk 0.35cvss 5.4epss 0.00

    Missing Authorization vulnerability in revmakx WP Duplicate local-sync allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Duplicate: from n/a through <= 1.1.6.

  • CVE-2025-24604MedJan 24, 2025
    risk 0.35cvss 5.4epss 0.00

    Missing Authorization vulnerability in Vikas Ratudi VPSUForm v-form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects VPSUForm: from n/a through <= 3.0.5.

  • CVE-2025-24571MedJan 24, 2025
    risk 0.35cvss 5.4epss 0.00

    Missing Authorization vulnerability in Epsiloncool WP Fast Total Search fulltext-search allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Fast Total Search: from n/a through <= 1.78.258.

  • CVE-2025-23963MedJan 16, 2025
    risk 0.35cvss 5.4epss 0.00

    Missing Authorization vulnerability in flymke Mark Posts mark-posts allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Mark Posts: from n/a through <= 2.2.4.

  • CVE-2025-23961MedJan 16, 2025
    risk 0.35cvss 5.4epss 0.00

    Missing Authorization vulnerability in wptasker WordPress Graphs & Charts graph-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WordPress Graphs & Charts: from n/a through <= 2.0.8.