VYPR

CWE-862

Missing Authorization

ClassIncompleteLikelihood: High

Description

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-665

CVEs mapped to this weakness (5,549)

page 120 of 278
  • CVE-2023-3053MedJun 3, 2023
    risk 0.35cvss 5.4epss 0.01

    The Page Builder by AZEXO plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'azh_add_post' function in versions up to, and including, 1.27.133. This makes it possible for authenticated attackers to create a post with…

  • CVE-2023-33948MedMay 24, 2023
    risk 0.35cvss 5.3epss 0.01

    The Dynamic Data Mapping module in Liferay Portal 7.4.3.67, and Liferay DXP 7.4 update 67 does not limit Document and Media files which can be downloaded from a Form, which allows remote attackers to download any file from Document and Media via a crafted URL.

  • CVE-2023-1868MedApr 5, 2023
    risk 0.35cvss 6.5epss 0.01

    The YourChannel plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check when clearing the plugin cache via the yrc_clear_cache GET parameter in versions up to, and including, 1.2.3. This makes it possible for unauthenticated attackers to…

  • CVE-2020-36667MedMar 7, 2023
    risk 0.35cvss 5.4epss 0.00

    The JetBackup – WP Backup, Migrate & Restore plugin for WordPress is vulnerable to unauthorized back-up location changes in versions up to, and including 1.4.1 due to a lack of proper capability checking on the backup_guard_cloud_dropbox, backup_guard_cloud_gdrive, and…

  • CVE-2023-25768MedFeb 15, 2023
    risk 0.35cvss 6.5epss 0.01

    A missing permission check in Jenkins Azure Credentials Plugin 253.v887e0f9e898b and earlier allows attackers with Overall/Read permission to connect to an attacker-specified web server.

  • CVE-2023-0720MedFeb 8, 2023
    risk 0.35cvss 5.4epss 0.01

    The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajax_save_folder_order function in versions up to, and including, 2.18.16. This makes it possible for authenticated attackers, with subscriber-level permissions…

  • CVE-2023-0717MedFeb 8, 2023
    risk 0.35cvss 5.4epss 0.01

    The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajax_delete_folder function in versions up to, and including, 2.18.16. This makes it possible for authenticated attackers, with subscriber-level permissions and…

  • CVE-2023-0716MedFeb 8, 2023
    risk 0.35cvss 5.4epss 0.01

    The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajax_edit_folder function in versions up to, and including, 2.18.16. This makes it possible for authenticated attackers, with subscriber-level permissions and…

  • CVE-2023-0715MedFeb 8, 2023
    risk 0.35cvss 5.4epss 0.01

    The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajax_clone_folder function in versions up to, and including, 2.18.16. This makes it possible for authenticated attackers, with subscriber-level permissions and…

  • CVE-2023-0711MedFeb 8, 2023
    risk 0.35cvss 5.4epss 0.01

    The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajax_save_state function in versions up to, and including, 2.18.16. This makes it possible for authenticated attackers, with subscriber-level permissions and…

  • CVE-2023-0684MedFeb 8, 2023
    risk 0.35cvss 5.4epss 0.01

    The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajax_unassign_folders function in versions up to, and including, 2.18.16. This makes it possible for authenticated attackers, with subscriber-level permissions…

  • CVE-2023-0718MedFeb 8, 2023
    risk 0.35cvss 5.4epss 0.01

    The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajax_save_folder function in versions up to, and including, 2.18.16. This makes it possible for authenticated attackers, with subscriber-level permissions and…

  • CVE-2023-0719MedFeb 7, 2023
    risk 0.35cvss 5.4epss 0.01

    The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajax_save_sort_order function in versions up to, and including, 2.18.16. This makes it possible for authenticated attackers, with subscriber-level permissions…

  • CVE-2023-0712MedFeb 7, 2023
    risk 0.35cvss 5.4epss 0.01

    The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajax_move_object function in versions up to, and including, 2.18.16. This makes it possible for authenticated attackers, with subscriber-level permissions and…

  • CVE-2023-0713MedFeb 7, 2023
    risk 0.35cvss 5.4epss 0.01

    The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajax_add_folder function in versions up to, and including, 2.18.16. This makes it possible for authenticated attackers, with subscriber-level permissions and…

  • CVE-2023-0404MedJan 19, 2023
    risk 0.35cvss 5.4epss 0.01

    The Events Made Easy plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on several functions related to AJAX actions in versions up to, and including, 2.3.16. This makes it possible for authenticated attackers, with subscriber-level…

  • CVE-2023-0402MedJan 19, 2023
    risk 0.35cvss 5.4epss 0.01

    The Social Warfare plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on several AJAX actions in versions up to, and including, 4.3.0. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to…

  • CVE-2022-36404MedNov 3, 2022
    risk 0.35cvss 5.4epss 0.00

    Missing Authorization, Cross-Site Request Forgery (CSRF) vulnerability in David Cole Simple SEO (WordPress plugin) plugin <= 1.8.12 versions.

  • CVE-2022-43421MedOct 19, 2022
    risk 0.35cvss 5.3epss 0.01

    A missing permission check in Jenkins Tuleap Git Branch Source Plugin 3.2.4 and earlier allows unauthenticated attackers to trigger Tuleap projects whose configured repository matches the attacker-specified value.

  • CVE-2022-38512MedSep 22, 2022
    risk 0.35cvss 6.5epss 0.01

    The Translation module in Liferay Portal v7.4.3.12 through v7.4.3.36, and Liferay DXP 7.4 update 8 through 36 does not check permissions before allowing a user to export a web content for translation, allowing attackers to download a web content page's XLIFF translation file via…