VYPR

CWE-862

Missing Authorization

ClassIncompleteLikelihood: High

Description

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-665

CVEs mapped to this weakness (5,549)

page 12 of 278
  • CVE-2025-49288HigJun 6, 2025
    risk 0.57cvss 8.8epss 0.00

    Missing Authorization vulnerability in Rustaurius Ultimate WP Mail ultimate-wp-mail allows Authentication Bypass.This issue affects Ultimate WP Mail: from n/a through <= 1.3.5.

  • CVE-2025-47690HigMay 23, 2025
    risk 0.57cvss 8.8epss 0.00

    Missing Authorization vulnerability in Smackcoders Inc., Lead Form Data Collection to CRM wp-leads-builder-any-crm allows Privilege Escalation.This issue affects Lead Form Data Collection to CRM: from n/a through <= 3.1.

  • CVE-2025-3906HigApr 26, 2025
    risk 0.57cvss 8.8epss 0.00

    The Integração entre Eduzz e Woocommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wep_opcoes' function in all versions up to, and including, 1.7.5. This makes it possible for authenticated attackers, with…

  • CVE-2025-1279HigApr 25, 2025
    risk 0.57cvss 8.8epss 0.00

    The BM Content Builder plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the ux_cb_tools_import_item_ajax AJAX action in all versions up to, and including, 3.16.2.1. This makes it…

  • CVE-2025-3604CriApr 24, 2025
    risk 0.57cvss 9.8epss 0.01

    The Flynax Bridge plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 2.2.0. This is due to the plugin not properly validating a user's identity prior to updating their details like email. This makes it possible…

  • CVE-2025-3058HigApr 24, 2025
    risk 0.57cvss 8.8epss 0.00

    The Xelion Webchat plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the xwc_save_settings() function in all versions up to, and including, 9.1.0. This makes it possible for…

  • CVE-2025-39533HigApr 17, 2025
    risk 0.57cvss 8.8epss 0.00

    Missing Authorization vulnerability in Starfish Reviews Starfish Review Generation & Marketing starfish-reviews allows Privilege Escalation.This issue affects Starfish Review Generation & Marketing: from n/a through <= 3.1.19.

  • CVE-2025-26959HigApr 15, 2025
    risk 0.57cvss 8.8epss 0.00

    Missing Authorization vulnerability in Quý Lê 91 Administrator Z administrator-z allows Privilege Escalation.This issue affects Administrator Z: from n/a through <= 2025.03.24.

  • CVE-2025-26741HigApr 15, 2025
    risk 0.57cvss 8.8epss 0.00

    Missing Authorization vulnerability in AWEOS GmbH Email Notifications for Updates wp-update-mail-notification allows Privilege Escalation.This issue affects Email Notifications for Updates: from n/a through <= 1.1.6.

  • CVE-2025-32542HigApr 11, 2025
    risk 0.57cvss 8.8epss 0.00

    Missing Authorization vulnerability in EazyPlugins Eazy Plugin Manager plugins-on-steroids allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Eazy Plugin Manager: from n/a through <= 4.3.0.

  • CVE-2025-3417HigApr 10, 2025
    risk 0.57cvss 8.8epss 0.00

    The Embedder plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the ajax_set_global_option() function in versions 1.3 to 1.3.5. This makes it possible for authenticated attackers,…

  • CVE-2025-2933HigApr 5, 2025
    risk 0.57cvss 8.8epss 0.00

    The Email Notifications for Updates plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the awun_import_settings() function in all versions up to, and including, 1.1.6. This makes it…

  • CVE-2025-32147HigApr 4, 2025
    risk 0.57cvss 8.8epss 0.00

    Missing Authorization vulnerability in coothemes Easy WP Optimizer easy-wp-optimizer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy WP Optimizer: from n/a through <= 1.1.0.

  • CVE-2025-3063HigApr 2, 2025
    risk 0.57cvss 8.8epss 0.00

    The Shopper Approved Reviews plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the ajax_callback_update_sa_option() function in versions 2.0 to 2.1. This makes it possible for…

  • CVE-2025-30825HigApr 1, 2025
    risk 0.57cvss 8.8epss 0.00

    Missing Authorization vulnerability in WPClever WPC Smart Linked Products - Upsells & Cross-sells for WooCommerce wpc-smart-linked-products allows Privilege Escalation.This issue affects WPC Smart Linked Products - Upsells & Cross-sells for WooCommerce: from n/a through <= 1.3.5.

  • CVE-2025-2815HigMar 28, 2025
    risk 0.57cvss 8.8epss 0.00

    The Administrator Z plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the adminz_import_backup() function in all versions up to, and including, 2025.03.24. This makes it possible for…

  • CVE-2025-30772HigMar 27, 2025
    risk 0.57cvss 8.8epss 0.01

    Missing Authorization vulnerability in WPClever WPC Smart Upsell Funnel for WooCommerce wpc-smart-upsell-funnel allows Privilege Escalation.This issue affects WPC Smart Upsell Funnel for WooCommerce: from n/a through <= 3.0.4.

  • CVE-2024-12920HigMar 19, 2025
    risk 0.57cvss 8.8epss 0.00

    The FoodBakery | Delivery Restaurant Directory WordPress Theme theme for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on the foodbakery_var_backup_file_delete, foodbakery_widget_file_delete, theme_option_save,…

  • CVE-2025-1667HigMar 15, 2025
    risk 0.57cvss 8.8epss 0.00

    The School Management System – WPSchoolPress plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the wpsp_UpdateTeacher() function in all versions up to, and including, 2.2.16. This makes it possible for authenticated attackers, with…

  • CVE-2025-26661HigMar 11, 2025
    risk 0.57cvss 8.8epss 0.00

    Due to missing authorization check, SAP NetWeaver (ABAP Class Builder) allows an attacker to gain higher access levels than they should have, resulting in escalation of privileges. On successful exploitation, this could result in disclosure of highly sensitive information. It…