VYPR

CWE-862

Missing Authorization

ClassIncompleteLikelihood: High

Description

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-665

CVEs mapped to this weakness (5,549)

page 119 of 278
  • CVE-2023-6158MedJan 10, 2024
    risk 0.35cvss 6.5epss 0.01

    The EventON - WordPress Virtual Event Calendar Plugin plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the evo_eventpost_update_meta function in all versions up to, and including, 4.5.4 (for Pro) and…

  • CVE-2022-34344MedJan 8, 2024
    risk 0.35cvss 5.4epss 0.00

    Missing Authorization vulnerability in Rymera Web Co Wholesale Suite – WooCommerce Wholesale Prices, B2B, Catalog Mode, Order Form, Wholesale User Roles, Dynamic Pricing & More.This issue affects Wholesale Suite – WooCommerce Wholesale Prices, B2B, Catalog Mode, Order Form,…

  • CVE-2023-6798MedJan 6, 2024
    risk 0.35cvss 5.4epss 0.00

    The RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin for WordPress is vulnerable to unauthorized settings update due to a missing capability check when updating settings in all versions up to, and including, 4.3.2. This makes…

  • CVE-2024-0201MedJan 3, 2024
    risk 0.35cvss 5.4epss 0.00

    The Product Expiry for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'save_settings' function in versions up to, and including, 2.5. This makes it possible for authenticated attackers, with…

  • CVE-2023-22674MedDec 21, 2023
    risk 0.35cvss 5.4epss 0.00

    Missing Authorization, Cross-Site Request Forgery (CSRF) vulnerability in Hal Gatewood Dashicons + Custom Post Types.This issue affects Dashicons + Custom Post Types: from n/a through 1.0.2.

  • CVE-2023-25715MedDec 19, 2023
    risk 0.35cvss 5.4epss 0.01

    Missing Authorization vulnerability in GamiPress GamiPress – The #1 gamification plugin to reward points, achievements, badges & ranks in WordPress.This issue affects GamiPress – The #1 gamification plugin to reward points, achievements, badges & ranks in WordPress: from n/a…

  • CVE-2023-49620MedNov 30, 2023
    risk 0.35cvss 6.5epss 0.01

    Before DolphinScheduler version 3.1.0, the login user could delete UDF function in the resource center unauthorized (which almost used in sql task), with unauthorized access vulnerability (IDOR), but after version 3.1.0 we fixed this issue. We mark this cve as moderate level…

  • CVE-2023-5386MedNov 22, 2023
    risk 0.35cvss 6.5epss 0.00

    The Funnelforms Free plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the fnsf_delete_posts function in versions up to, and including, 3.4. This makes it possible for authenticated attackers, with subscriber-level…

  • CVE-2023-4723MedNov 15, 2023
    risk 0.35cvss 5.3epss 0.01

    The Elementor Addon Elements plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 1.12.7 via the ajax_eae_post_data function. This can allow unauthenticated attackers to extract sensitive data including post/page ids and titles…

  • CVE-2023-5506MedNov 7, 2023
    risk 0.35cvss 5.4epss 0.00

    The ImageMapper plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'imgmap_delete_area_ajax' function in versions up to, and including, 1.2.6. This makes it possible for authenticated attackers, with subscriber-level…

  • CVE-2023-4198MedNov 1, 2023
    risk 0.35cvss 6.5epss 0.01

    Improper Access Control in Dolibarr ERP CRM <= v17.0.3 allows an unauthorized authenticated user to read a database table containing customer data

  • CVE-2023-4645MedOct 19, 2023
    risk 0.35cvss 5.3epss 0.01

    The Ad Inserter for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 2.7.30 via the ai_ajax function. This can allow unauthenticated attackers to extract sensitive data such as post titles and slugs (including those of protected posts…

  • CVE-2023-43501MedSep 20, 2023
    risk 0.35cvss 6.5epss 0.01

    A missing permission check in Jenkins Build Failure Analyzer Plugin 2.4.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified hostname and port using attacker-specified username and password.

  • CVE-2023-4124MedAug 3, 2023
    risk 0.35cvss 6.5epss 0.01

    Missing Authorization in GitHub repository answerdev/answer prior to v1.1.1.

  • CVE-2023-37963MedJul 12, 2023
    risk 0.35cvss 5.4epss 0.00

    A missing permission check in Jenkins Benchmark Evaluator Plugin 1.0.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL and to check for the existence of directories, `.csv`, and `.ycsb` files on the Jenkins controller file system.

  • CVE-2023-37953MedJul 12, 2023
    risk 0.35cvss 6.5epss 0.01

    A missing permission check in Jenkins mabl Plugin 0.0.46 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.

  • CVE-2021-4338MedJun 7, 2023
    risk 0.35cvss 6.4epss 0.01

    The 404 to 301 plugin for WordPress is vulnerable to authorization bypass due to missing capability checks on the open_redirect & save_redirect functions in versions up to, and including, 3.0.7. This makes it possible for authenticated attackers to view, create and edit…

  • CVE-2020-36729MedJun 7, 2023
    risk 0.35cvss 5.4epss 0.01

    The 2J-SlideShow Plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the 'twoj_slideshow_setup' function called via the wp_ajax_twoj_slideshow_setup AJAX action in versions up to, and including, 1.3.31. This makes it possible for…

  • CVE-2019-25143MedJun 7, 2023
    risk 0.35cvss 5.4epss 0.01

    The GDPR Cookie Compliance plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the gdpr_cookie_compliance_reset_settings AJAX action in versions up to, and including, 4.0.2. This makes it possible for authenticated attackers to reset…

  • CVE-2023-2415MedJun 3, 2023
    risk 0.35cvss 5.4epss 0.01

    The Online Booking & Scheduling Calendar for WordPress by vcita plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the vcita_logout_callback function in versions up to, and including, 4.2.10. This makes it possible for…