VYPR

CWE-862

Missing Authorization

ClassIncompleteLikelihood: High

Description

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-665

CVEs mapped to this weakness (5,549)

page 115 of 278
  • CVE-2024-42371MedSep 10, 2024
    risk 0.35cvss 5.4epss 0.00

    The RFC enabled function module allows a low privileged user to delete the workplace favourites of any user. This vulnerability could be utilized to identify usernames and access information about targeted user's workplaces and nodes. There is low impact on integrity and…

  • CVE-2024-7032MedAug 21, 2024
    risk 0.35cvss 6.5epss 0.00

    The Smart Online Order for Clover plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'moo_deactivateAndClean' function in all versions up to, and including, 1.5.6. This makes it possible for unauthenticated attackers to…

  • CVE-2024-43326MedAug 19, 2024
    risk 0.35cvss 5.4epss 0.00

    Missing Authorization vulnerability in Jamie Bergen Plugin Notes Plus allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Plugin Notes Plus: from n/a through 1.2.7.

  • CVE-2024-42470MedAug 12, 2024
    risk 0.35cvss 6.5epss 0.01

    openHAB, a provider of open-source home automation software, has add-ons including the visualization add-on CometVisu. Several endpoints in versions prior to 4.2.1 of the CometVisu add-on of openHAB don't require authentication. This makes it possible for unauthenticated…

  • CVE-2024-4410MedJul 27, 2024
    risk 0.35cvss 5.4epss 0.00

    The IgnitionDeck Crowdfunding Platform plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 1.9.8. This is due to missing capability checks on various functions called via AJAX actions in the ~/classes/class-idf-wizard.php file. This…

  • CVE-2024-6392MedJul 11, 2024
    risk 0.35cvss 5.4epss 0.00

    The Image Optimizer, Resizer and CDN – Sirv plugin for WordPress is vulnerable to unauthorized plugin settings modification due to missing capability checks on the plugin functions in all versions up to, and including, 7.2.7. This makes it possible for authenticated attackers,…

  • CVE-2024-5992MedJul 9, 2024
    risk 0.35cvss 6.5epss 0.01

    The Cliengo – Chatbot plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'update_chatbot_token' and 'update_chatbot_position' functions in all versions up to, and including, 3.0.2. This makes it possible for…

  • CVE-2024-5669MedJul 9, 2024
    risk 0.35cvss 6.4epss 0.00

    The XPlainer – WooCommerce Product FAQ [WooCommerce Accordion FAQ Plugin] plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ffw_activate_template' function in all versions up to, and including, 1.7.0. This makes…

  • CVE-2024-5600MedJul 9, 2024
    risk 0.35cvss 5.4epss 0.00

    The SCSS Happy Compiler – Compile SCSS to CSS & Automatic Enqueue plugin for WordPress is vulnerable to Stored Cross-Site Scripting due to a missing capability check and insufficient sanitization on the import_settings() function in all versions up to, and including, 1.3.10.…

  • CVE-2024-4102MedJul 9, 2024
    risk 0.35cvss 5.4epss 0.00

    The Pricing Table plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the ajax() function in all versions up to, and including, 2.0.1. This makes it possible for authenticated attackers, with subscriber-level access and above,…

  • CVE-2024-5710MedJun 27, 2024
    risk 0.35cvss 6.5epss 0.00

    berriai/litellm version 1.34.34 is vulnerable to improper access control in its team management functionality. This vulnerability allows attackers to perform unauthorized actions such as creating, updating, viewing, deleting, blocking, and unblocking any teams, as well as adding…

  • CVE-2024-3627MedJun 20, 2024
    risk 0.35cvss 5.4epss 0.00

    The Wheel of Life: Coaching and Assessment Tool for Life Coach plugin for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check on several functions in the AjaxFunctions.php file in all versions up to, and including, 1.1.7. This…

  • CVE-2023-39310MedJun 19, 2024
    risk 0.35cvss 5.4epss 0.00

    Missing Authorization vulnerability in ThemeFusion Fusion Builder.This issue affects Fusion Builder: from n/a through 3.11.1.

  • CVE-2023-35050MedJun 19, 2024
    risk 0.35cvss 5.4epss 0.00

    Missing Authorization vulnerability in Elementor Elementor Pro.This issue affects Elementor Pro: from n/a through 3.13.0.

  • CVE-2023-40672MedJun 12, 2024
    risk 0.35cvss 5.4epss 0.00

    Missing Authorization vulnerability in Hardik Chavada Sticky Social Media Icons.This issue affects Sticky Social Media Icons: from n/a through 2.1.

  • CVE-2024-34815MedJun 11, 2024
    risk 0.35cvss 5.4epss 0.00

    Missing Authorization vulnerability in Javier Carazo Import and export users and customers import-users-from-csv-with-meta.This issue affects Import and export users and customers: from n/a through <= 1.26.5.

  • CVE-2024-34804MedJun 11, 2024
    risk 0.35cvss 5.4epss 0.00

    Missing Authorization vulnerability in Tagembed.This issue affects Tagembed: from n/a through 5.8.

  • CVE-2024-35663MedJun 11, 2024
    risk 0.35cvss 5.4epss 0.00

    Missing Authorization vulnerability in HahnCreativeGroup WP Translate.This issue affects WP Translate: from n/a through 5.3.0.

  • CVE-2023-52199MedJun 11, 2024
    risk 0.35cvss 6.5epss 0.00

    Missing Authorization vulnerability in Matthias Pfefferle & Automattic ActivityPub.This issue affects ActivityPub: from n/a through 1.0.5.

  • CVE-2023-52183MedJun 11, 2024
    risk 0.35cvss 5.4epss 0.00

    Missing Authorization vulnerability in WebToffee WordPress Backup & Migration.This issue affects WordPress Backup & Migration: from n/a through 1.4.3.