VYPR

CWE-862

Missing Authorization

ClassIncompleteLikelihood: High

Description

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-665

CVEs mapped to this weakness (5,549)

page 117 of 278
  • CVE-2024-27970MedApr 11, 2024
    risk 0.35cvss 5.4epss 0.00

    Missing Authorization vulnerability in BogdanFix WP SendFox.This issue affects WP SendFox: from n/a through 1.3.0.

  • CVE-2024-25922MedApr 11, 2024
    risk 0.35cvss 5.4epss 0.00

    Missing Authorization vulnerability in Peach Payments Peach Payments Gateway.This issue affects Peach Payments Gateway: from n/a through 3.1.9.

  • CVE-2024-25907MedApr 11, 2024
    risk 0.35cvss 5.4epss 0.00

    Missing Authorization vulnerability in JoomUnited WP Media folder.This issue affects WP Media folder: from n/a through 5.7.2.

  • CVE-2023-27607MedApr 11, 2024
    risk 0.35cvss 5.4epss 0.00

    Missing Authorization vulnerability in WP Swings Points and Rewards for WooCommerce.This issue affects Points and Rewards for WooCommerce: from n/a through 1.5.0.

  • CVE-2024-3235MedApr 10, 2024
    risk 0.35cvss 5.3epss 0.01

    The Essential Grid Gallery WordPress Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.1.1 via the on_front_ajax_action() function. This makes it possible for unauthenticated attackers to view private and password…

  • CVE-2024-1641MedApr 9, 2024
    risk 0.35cvss 5.4epss 0.00

    The Accordion plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on the 'accordions_duplicate_post_as_draft' function in all versions up to, and including, 2.2.96. This makes it possible for authenticated…

  • CVE-2024-31865MedApr 9, 2024
    risk 0.35cvss 6.5epss 0.02

    Improper Input Validation vulnerability in Apache Zeppelin. The attackers can call updating cron API with invalid or improper privileges so that the notebook can run with the privileges. This issue affects Apache Zeppelin: from 0.8.2 before 0.11.1. Users are recommended to…

  • CVE-2024-31375MedApr 8, 2024
    risk 0.35cvss 5.4epss 0.00

    Missing Authorization vulnerability in Saleswonder Team: Tobias WP2LEADS wp2leads.This issue affects WP2LEADS: from n/a through <= 3.2.7.

  • CVE-2024-3250MedApr 4, 2024
    risk 0.35cvss 6.5epss 0.00

    It was discovered that Canonical's Pebble service manager read-file API and the associated pebble pull command, before v1.10.2, allowed unprivileged local users to read files with root-equivalent permissions when Pebble was running as root. Fixes are also available as backports…

  • CVE-2024-28004MedMar 28, 2024
    risk 0.35cvss 5.4epss 0.00

    Missing Authorization vulnerability in ExtendThemes Colibri Page Builder.This issue affects Colibri Page Builder: from n/a through 1.0.248.

  • CVE-2024-28003MedMar 28, 2024
    risk 0.35cvss 5.4epss 0.00

    Missing Authorization vulnerability in Megamenu Max Mega Menu.This issue affects Max Mega Menu: from n/a through 3.3.

  • CVE-2023-22699MedMar 25, 2024
    risk 0.35cvss 5.4epss 0.00

    Missing Authorization vulnerability in MainWP MainWP Wordfence Extension.This issue affects MainWP Wordfence Extension: from n/a through 4.0.7.

  • CVE-2022-45851MedMar 25, 2024
    risk 0.35cvss 5.4epss 0.00

    Missing Authorization vulnerability in ShareThis ShareThis Dashboard for Google Analytics.This issue affects ShareThis Dashboard for Google Analytics: from n/a through 3.1.4.

  • CVE-2022-45356MedMar 25, 2024
    risk 0.35cvss 5.4epss 0.01

    Missing Authorization vulnerability in Muffingroup Betheme.This issue affects Betheme: from n/a through 26.6.1.

  • CVE-2022-45352MedMar 25, 2024
    risk 0.35cvss 5.4epss 0.00

    Missing Authorization vulnerability in Muffingroup Betheme.This issue affects Betheme: from n/a through 26.6.1.

  • CVE-2022-45351MedMar 25, 2024
    risk 0.35cvss 5.4epss 0.00

    Missing Authorization vulnerability in Muffingroup Betheme.This issue affects Betheme: from n/a through 26.6.1.

  • CVE-2023-37886MedMar 25, 2024
    risk 0.35cvss 5.4epss 0.00

    Missing Authorization vulnerability in InspiryThemes RealHomes.This issue affects RealHomes: from n/a through 4.0.2.

  • CVE-2024-1502MedMar 21, 2024
    risk 0.35cvss 5.4epss 0.00

    The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the tutor_delete_announcement() function in all versions up to, and including, 2.6.1. This makes it possible for…

  • CVE-2024-2538MedMar 20, 2024
    risk 0.35cvss 5.4epss 0.01

    The Permalink Manager Lite plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ajax_save_permalink' function in all versions up to, and including, 2.4.3.1. This makes it possible for authenticated attackers, with…

  • CVE-2023-50898MedMar 15, 2024
    risk 0.35cvss 5.4epss 0.00

    Missing Authorization vulnerability in sirv.Com Sirv.This issue affects Sirv: from n/a through 7.1.2.