VYPR

CWE-862

Missing Authorization

ClassIncompleteLikelihood: High

Description

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-665

CVEs mapped to this weakness (5,549)

page 13 of 278
  • CVE-2024-13232HigMar 5, 2025
    risk 0.57cvss 8.8epss 0.00

    The WordPress Awesome Import & Export Plugin - Import & Export WordPress Data plugin for WordPress is vulnerable arbitrary SQL Execution and privilege escalation due to a missing capability check on the renderImport() function in all versions up to, and including, 4.1.1. This…

  • CVE-2025-27270CriMar 3, 2025
    risk 0.57cvss 9.8epss 0.00

    Missing Authorization vulnerability in enituretechnology Residential Address Detection residential-address-detection allows Privilege Escalation.This issue affects Residential Address Detection: from n/a through <= 2.5.4.

  • CVE-2025-1682HigFeb 28, 2025
    risk 0.57cvss 8.8epss 0.01

    The Cardealer theme for WordPress is vulnerable to privilege escalation in versions up to, and including, 1.6.4 due to missing capability check on the 'save_settings' function. This makes it possible for authenticated attackers, with subscriber-level access and above, to modify…

  • CVE-2024-12296HigFeb 12, 2025
    risk 0.57cvss 8.8epss 0.00

    The Apus Framework plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the 'import_page_options' function in all versions up to, and including, 2.4. This makes it possible for…

  • CVE-2024-13653HigFeb 12, 2025
    risk 0.57cvss 8.8epss 0.00

    The ZoxPress - The All-In-One WordPress News Theme theme for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the 'backup_options' and 'restore_options' functions in all versions up to, and…

  • CVE-2024-13643HigFeb 11, 2025
    risk 0.57cvss 8.8epss 0.01

    The Zox News - Professional WordPress News & Magazine Theme plugin for WordPress is vulnerable to unauthorized data modification. This vulnerability can lead to privilege escalation and denial of service conditions due to missing capability checks on the backup_options() and…

  • CVE-2025-24734HigJan 27, 2025
    risk 0.57cvss 8.8epss 0.01

    Missing Authorization vulnerability in CodeSolz Better Find and Replace real-time-auto-find-and-replace allows Privilege Escalation.This issue affects Better Find and Replace: from n/a through <= 1.6.7.

  • CVE-2024-12202HigJan 7, 2025
    risk 0.57cvss 8.8epss 0.01

    The Croma Music plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the 'ironMusic_ajax' function in all versions up to, and including, 3.6. This makes it possible for authenticated…

  • CVE-2024-12535HigJan 7, 2025
    risk 0.57cvss 8.6epss 0.01

    The Host PHP Info plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check when including the 'phpinfo' function in all versions up to, and including, 1.0.4. This makes it possible for unauthenticated attackers to read configuration…

  • CVE-2024-56061HigDec 31, 2024
    risk 0.57cvss 8.8epss 0.00

    Missing Authorization vulnerability in Ateeq Rafeeq RepairBuddy computer-repair-shop allows Privilege Escalation.This issue affects RepairBuddy: from n/a through <= 3.8119.

  • CVE-2024-56211HigDec 31, 2024
    risk 0.57cvss 8.8epss 0.00

    Missing Authorization vulnerability in DeluxeThemes Userpro userpro.This issue affects Userpro: from n/a through <= 5.1.9.

  • CVE-2024-12881HigDec 24, 2024
    risk 0.57cvss 8.8epss 0.00

    The PlugVersions – Easily rollback to previous versions of your plugins plugin for WordPress is vulnerable to arbitrary file uploads due to a missing capability check on the eos_plugin_reviews_restore_version() function in all versions up to, and including, 0.0.7. This makes…

  • CVE-2024-56048HigDec 18, 2024
    risk 0.57cvss 8.8epss 0.01

    Missing Authorization vulnerability in VibeThemes WPLMS wplms_plugin allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WPLMS: from n/a through <= 1.9.9.

  • CVE-2024-12259HigDec 18, 2024
    risk 0.57cvss 8.8epss 0.01

    The CRM WordPress Plugin – RepairBuddy plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.8120. This is due to the plugin not properly validating a user's identity prior to updating their email through the…

  • CVE-2024-54379HigDec 16, 2024
    risk 0.57cvss 8.8epss 0.01

    Missing Authorization vulnerability in blokhauswp Minterpress minterpress allows Privilege Escalation.This issue affects Minterpress: from n/a through <= 1.0.5.

  • CVE-2024-54378HigDec 16, 2024
    risk 0.57cvss 8.8epss 0.01

    Missing Authorization vulnerability in Quietly Quietly Insights quietly-insights allows Privilege Escalation.This issue affects Quietly Insights: from n/a through <= 1.2.2.

  • CVE-2023-33996HigDec 13, 2024
    risk 0.57cvss 8.8epss 0.01

    Missing Authorization vulnerability in СleanTalk - Anti-Spam Protection Spam protection, AntiSpam, FireWall by CleanTalk allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Spam protection, AntiSpam, FireWall by CleanTalk: from n/a through…

  • CVE-2024-11443HigDec 12, 2024
    risk 0.57cvss 8.8epss 0.00

    The de:branding plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the debranding_save() function in all versions up to, and including, 1.0.2. This makes it possible for authenticated…

  • CVE-2024-11323HigDec 6, 2024
    risk 0.57cvss 8.8epss 0.00

    The AI Quiz | Quiz Maker plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the ai_quiz_update_style() function in all versions up to, and including, 1.1. This makes it possible for…

  • CVE-2024-53938HigDec 2, 2024
    risk 0.57cvss 8.8epss 0.00

    An issue was discovered in Victure RX1800 WiFi 6 Router (software EN_V1.0.0_r12_110933, hardware 1.0) devices. The TELNET service is enabled by default and exposed over the LAN. The root account is accessible without a password, allowing attackers to achieve full control over…