VYPR

CWE-862

Missing Authorization

ClassIncompleteLikelihood: High

Description

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-665

CVEs mapped to this weakness (5,549)

page 113 of 278
  • CVE-2023-27428MedDec 9, 2024
    risk 0.35cvss 5.4epss 0.00

    Missing Authorization vulnerability in Damir Calusic WP users media allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP users media: from n/a through 4.2.3.

  • CVE-2023-25959MedDec 9, 2024
    risk 0.35cvss 5.4epss 0.01

    Missing Authorization vulnerability in Apollo13Themes Apollo13 Framework Extensions allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Apollo13 Framework Extensions: from n/a through 1.8.10.

  • CVE-2023-25791MedDec 9, 2024
    risk 0.35cvss 5.4epss 0.00

    Missing Authorization vulnerability in Cadus Pro Fontiran allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Fontiran: from n/a through 2.1.

  • CVE-2023-25469MedDec 9, 2024
    risk 0.35cvss 5.4epss 0.01

    Missing Authorization vulnerability in Magazine3 Easy Table of Contents allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Table of Contents: from n/a through 2.0.45.2.

  • CVE-2023-25455MedDec 9, 2024
    risk 0.35cvss 5.3epss 0.01

    Missing Authorization vulnerability in miniOrange WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WordPress Social Login and Register (Discord, Google, Twitter,…

  • CVE-2023-23986MedDec 9, 2024
    risk 0.35cvss 5.4epss 0.01

    Missing Authorization vulnerability in Noah Hearle, Design Extreme Reviews and Rating – Google My Business allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Reviews and Rating – Google My Business: from n/a through 4.14.

  • CVE-2023-23975MedDec 9, 2024
    risk 0.35cvss 5.3epss 0.01

    Missing Authorization vulnerability in Fullworks Quick Event Manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Quick Event Manager: from n/a through 9.7.4.

  • CVE-2023-23886MedDec 9, 2024
    risk 0.35cvss 5.4epss 0.01

    Missing Authorization vulnerability in mg12 WP-RecentComments allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP-RecentComments: from n/a through 2.2.7.

  • CVE-2023-23868MedDec 9, 2024
    risk 0.35cvss 5.4epss 0.01

    Missing Authorization vulnerability in WPFactory Cost of Goods for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Cost of Goods for WooCommerce: from n/a through 2.8.6.

  • CVE-2024-12253MedDec 7, 2024
    risk 0.35cvss 5.4epss 0.00

    The Simple Ecommerce Shopping Cart Plugin- Sell products through Paypal plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the 'save_settings', 'export_csv', and 'simpleecommcart-action' actions in all versions up to, and including,…

  • CVE-2024-53806MedDec 6, 2024
    risk 0.35cvss 5.4epss 0.00

    Missing Authorization vulnerability in yonifre Maspik – Spam blacklist contact-forms-anti-spam allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Maspik – Spam blacklist: from n/a through <= 2.2.7.

  • CVE-2024-45689MedNov 20, 2024
    risk 0.35cvss 6.5epss 0.00

    A flaw was found in Moodle. Dynamic tables did not enforce capability checks, which resulted in users having the ability to retrieve information they did not have permission to access.

  • CVE-2024-10665MedNov 20, 2024
    risk 0.35cvss 5.4epss 0.00

    The Yaad Sarig Payment Gateway For WC plugin for WordPress is vulnerable to unauthorized modification & access of data due to a missing capability check on the yaadpay_view_log_callback() and yaadpay_delete_log_callback() functions in all versions up to, and including, 2.2.4.…

  • CVE-2024-51817MedNov 19, 2024
    risk 0.35cvss 5.4epss 0.00

    Missing Authorization vulnerability in CodeZel Combo WP Rewrite Slugs combo-wp-rewrite-slugs allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Combo WP Rewrite Slugs: from n/a through <= 1.0.

  • CVE-2024-49689MedNov 19, 2024
    risk 0.35cvss 5.4epss 0.00

    Missing Authorization vulnerability in Harmonic Design HD Quiz – Save Results Light hd-quiz-save-results-light allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects HD Quiz – Save Results Light: from n/a through <= 0.5.

  • CVE-2024-10486MedNov 18, 2024
    risk 0.35cvss 5.3epss 0.01

    The Google for WooCommerce plugin for WordPress is vulnerable to Information Disclosure in all versions up to, and including, 2.8.6. This is due to publicly accessible print_php_information.php file. This makes it possible for unauthenticated attackers to retrieve information…

  • CVE-2024-11085MedNov 16, 2024
    risk 0.35cvss 5.4epss 0.00

    The WP Log Viewer plugin for WordPress is vulnerable to unauthorized use of functionality due to a missing capability check on several AJAX actions in all versions up to, and including, 1.2.1. This makes it possible for authenticated attackers, with Subscriber-level access and…

  • CVE-2024-48044MedNov 1, 2024
    risk 0.35cvss 5.4epss 0.00

    Missing Authorization vulnerability in ShortPixel ShortPixel Image Optimizer shortpixel-image-optimiser allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ShortPixel Image Optimizer: from n/a through <= 5.6.3.

  • CVE-2024-44021MedNov 1, 2024
    risk 0.35cvss 5.4epss 0.00

    Missing Authorization vulnerability in truepushplugin Truepush truepush-free-web-push-notifications.This issue affects Truepush: from n/a through <= 1.0.8.

  • CVE-2024-43273MedNov 1, 2024
    risk 0.35cvss 5.4epss 0.00

    Missing Authorization vulnerability in icegram Icegram Collect plugin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Icegram Collect plugin: from n/a through 1.3.14.