VYPR

CWE-862

Missing Authorization

ClassIncompleteLikelihood: High

Description

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-665

CVEs mapped to this weakness (5,549)

page 118 of 278
  • CVE-2024-0828MedMar 13, 2024
    risk 0.35cvss 5.4epss 0.00

    The Play.ht – Make Your Blog Posts Accessible With Text to Speech Audio plugin for WordPress is vulnerable to unauthorized access of functionality due to a missing capability check on several functions in all versions up to, and including, 3.6.4. This makes it possible for…

  • CVE-2024-1125MedMar 9, 2024
    risk 0.35cvss 5.4epss 0.00

    The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the calendar_events_delete() function in all versions up to, and including, 3.4.3. This makes it possible for…

  • CVE-2024-27950MedMar 1, 2024
    risk 0.35cvss 5.4epss 0.00

    Missing Authorization vulnerability in Sirv CDN and Image Hosting Sirv sirv.This issue affects Sirv: from n/a through <= 7.2.0.

  • CVE-2023-47874MedFeb 29, 2024
    risk 0.35cvss 5.4epss 0.00

    Missing Authorization vulnerability in Perfmatters.This issue affects Perfmatters: from n/a through 2.1.6.

  • CVE-2024-1340MedFeb 29, 2024
    risk 0.35cvss 5.4epss 0.00

    The Login Lockdown – Protect Login Form plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the generate_export_file function in all versions up to, and including, 2.08. This makes it possible for authenticated attackers, with…

  • CVE-2024-1318MedFeb 29, 2024
    risk 0.35cvss 6.5epss 0.01

    The RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'feedzy_wizard_step_process' and 'import_status' functions in all…

  • CVE-2024-1043MedFeb 29, 2024
    risk 0.35cvss 6.5epss 0.01

    The AMP for WP – Accelerated Mobile Pages plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'amppb_remove_saved_layout_data' function in all versions up to, and including, 1.0.93.1. This makes it possible for authenticated…

  • CVE-2024-1687MedFeb 27, 2024
    risk 0.35cvss 5.4epss 0.00

    The Thank You Page Customizer for WooCommerce – Increase Your Sales plugin for WordPress is vulnerable to unauthorized execution of shortcodes due to a missing capability check on the get_text_editor_content() function in all versions up to, and including, 1.1.2. This makes it…

  • CVE-2024-1108MedFeb 21, 2024
    risk 0.35cvss 6.5epss 0.00

    The Plugin Groups plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the admin_init() function in all versions up to, and including, 2.0.6. This makes it possible for unauthenticated attackers to change the settings of…

  • CVE-2024-24822MedFeb 7, 2024
    risk 0.35cvss 6.5epss 0.01

    Pimcore's Admin Classic Bundle provides a backend user interface for Pimcore. Prior to version 1.3.3, an attacker can create, delete etc. tags without having the permission to do so. A fix is available in version 1.3.3. As a workaround, one may apply the patch manually.

  • CVE-2023-6985MedFeb 5, 2024
    risk 0.35cvss 6.5epss 0.01

    The 10Web AI Assistant – AI content writing assistant plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the install_plugin AJAX action in all versions up to, and including, 1.0.18. This makes it possible for…

  • CVE-2023-50944MedJan 24, 2024
    risk 0.35cvss 6.5epss 0.01

    Apache Airflow, versions before 2.8.1, have a vulnerability that allows an authenticated user to access the source code of a DAG to which they don't have access. This vulnerability is considered low since it requires an authenticated user to exploit it. Users are recommended to…

  • CVE-2022-42884MedJan 17, 2024
    risk 0.35cvss 5.4epss 0.00

    Missing Authorization vulnerability in ThemeinProgress WIP Custom Login.This issue affects WIP Custom Login: from n/a through 1.2.7.

  • CVE-2022-41786MedJan 17, 2024
    risk 0.35cvss 5.4epss 0.00

    Missing Authorization vulnerability in WP Job Portal WP Job Portal – A Complete Job Board.This issue affects WP Job Portal – A Complete Job Board: from n/a through 2.0.1.

  • CVE-2023-23896MedJan 17, 2024
    risk 0.35cvss 5.4epss 0.01

    Missing Authorization vulnerability in MyThemeShop URL Shortener by MyThemeShop.This issue affects URL Shortener by MyThemeShop: from n/a through 1.0.17.

  • CVE-2022-41695MedJan 17, 2024
    risk 0.35cvss 5.4epss 0.00

    Missing Authorization vulnerability in SedLex Traffic Manager.This issue affects Traffic Manager: from n/a through 1.4.5.

  • CVE-2022-41619MedJan 17, 2024
    risk 0.35cvss 5.4epss 0.00

    Missing Authorization vulnerability in SedLex Image Zoom.This issue affects Image Zoom: from n/a through 1.8.8.

  • CVE-2022-40702MedJan 17, 2024
    risk 0.35cvss 5.4epss 0.00

    Missing Authorization vulnerability in Zorem Advanced Local Pickup for WooCommerce.This issue affects Advanced Local Pickup for WooCommerce: from n/a through 1.5.2.

  • CVE-2023-34379MedJan 17, 2024
    risk 0.35cvss 5.4epss 0.00

    Missing Authorization vulnerability in MagneticOne Cart2Cart: Magento to WooCommerce Migration.This issue affects Cart2Cart: Magento to WooCommerce Migration: from n/a through 2.0.0.

  • CVE-2023-6637MedJan 11, 2024
    risk 0.35cvss 6.5epss 0.01

    The CAOS | Host Google Analytics Locally plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'update_settings' function in versions up to, and including, 4.7.14. This makes it possible for unauthenticated attackers to…