VYPR

CWE-862

Missing Authorization

ClassIncompleteLikelihood: High

Description

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-665

CVEs mapped to this weakness (5,549)

page 116 of 278
  • CVE-2023-52179MedJun 11, 2024
    risk 0.35cvss 5.4epss 0.00

    Missing Authorization vulnerability in WebCodingPlace Product Expiry for WooCommerce.This issue affects Product Expiry for WooCommerce: from n/a through 2.5.

  • CVE-2024-32824MedJun 9, 2024
    risk 0.35cvss 5.4epss 0.00

    Missing Authorization vulnerability in Evergreen Content Poster Evergreen Content Poster evergreen-content-poster.This issue affects Evergreen Content Poster: from n/a through <= 1.4.2.

  • CVE-2024-32797MedJun 9, 2024
    risk 0.35cvss 5.4epss 0.00

    Missing Authorization vulnerability in Martin Gibson WP LinkedIn Auto Publish.This issue affects WP LinkedIn Auto Publish: from n/a through 8.11.

  • CVE-2024-31246MedJun 9, 2024
    risk 0.35cvss 5.4epss 0.00

    Missing Authorization vulnerability in WPXPO PostX ultimate-post allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PostX: from n/a through <= 3.2.3.

  • CVE-2024-5382MedJun 7, 2024
    risk 0.35cvss 6.5epss 0.00

    The Master Addons – Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ma-template' REST API route in all versions up to, and including,…

  • CVE-2024-5607MedJun 7, 2024
    risk 0.35cvss 5.4epss 0.00

    The GDPR CCPA Compliance & Cookie Consent Banner plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several functions named ajaxUpdateSettings() in all versions up to, and including, 2.7.0. This makes it possible for…

  • CVE-2023-6876MedJun 7, 2024
    risk 0.35cvss 5.4epss 0.00

    The Clever Fox – One Click Website Importer by Nayra Themes plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'clever-fox-activate-theme' function in all versions up to, and including, 25.2.0. This makes it…

  • CVE-2024-2035MedJun 6, 2024
    risk 0.35cvss 6.5epss 0.01

    An improper authorization vulnerability exists in the zenml-io/zenml repository, specifically within the API PUT /api/v1/users/id endpoint. This vulnerability allows any authenticated user to modify the information of other users, including changing the `active` status of user…

  • CVE-2024-2017MedJun 6, 2024
    risk 0.35cvss 5.4epss 0.00

    The Countdown, Coming Soon, Maintenance – Countdown & Clock plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the conditionsRow and switchCountdown functions in all versions up to, and including, 2.7.8. This makes it possible for…

  • CVE-2024-4445MedMay 14, 2024
    risk 0.35cvss 6.5epss 0.00

    The WP Compress – Image Optimizer [All-In-One] plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the several functions in versions up to, and including, 6.20.01. This makes it possible for authenticated attackers, with…

  • CVE-2024-32717MedMay 14, 2024
    risk 0.35cvss 6.5epss 0.01

    Missing Authorization vulnerability in WPDeveloper SchedulePress.This issue affects SchedulePress: from n/a through 5.0.8.

  • CVE-2024-3237MedMay 4, 2024
    risk 0.35cvss 5.4epss 0.00

    The ConvertPlug plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the cp_dismiss_notice() function in all versions up to, and including, 3.5.25. This makes it possible for authenticated attackers, with subscriber-level…

  • CVE-2024-3553MedMay 2, 2024
    risk 0.35cvss 6.5epss 0.00

    The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the hide_notices function in all versions up to, and including, 2.6.2. This makes it possible for unauthenticated…

  • CVE-2024-3295MedMay 2, 2024
    risk 0.35cvss 6.5epss 0.01

    The User Registration – Custom Registration Form, Login Form, and User Profile WordPress Plugin plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the profile_pic_remove function in versions up to, and including, 3.1.5. This…

  • CVE-2024-1809MedMay 2, 2024
    risk 0.35cvss 5.4epss 0.00

    The Analytify – Google Analytics Dashboard For WordPress (GA4 analytics made easy) plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on AJAX functions in combination with nonce leakage in all versions up to, and including,…

  • CVE-2024-33588MedApr 29, 2024
    risk 0.35cvss 5.4epss 0.00

    Missing Authorization vulnerability in codeSavory Knowledge Base documentation & wiki plugin – BasePress.This issue affects Knowledge Base documentation & wiki plugin – BasePress: from n/a through 2.16.1.

  • CVE-2024-33636MedApr 29, 2024
    risk 0.35cvss 5.4epss 0.00

    Missing Authorization vulnerability in Mahesh Vora WP Page Post Widget Clone.This issue affects WP Page Post Widget Clone: from n/a through 1.0.1.

  • CVE-2022-40975MedApr 26, 2024
    risk 0.35cvss 5.4epss 0.00

    Missing Authorization vulnerability in Aazztech Post Slider.This issue affects Post Slider: from n/a through 1.6.7.

  • CVE-2024-32142MedApr 18, 2024
    risk 0.35cvss 5.4epss 0.00

    Missing Authorization vulnerability in Ovic Team Ovic Responsive WPBakery.This issue affects Ovic Responsive WPBakery: from n/a through 1.3.0.

  • CVE-2024-32515MedApr 17, 2024
    risk 0.35cvss 5.4epss 0.00

    Missing Authorization vulnerability in Qamar Sheeraz, Nasir Ahmad Mega Addons For Elementor.This issue affects Mega Addons For Elementor: from n/a through 1.8.