VYPR

CWE-862

Missing Authorization

ClassIncompleteLikelihood: High

Description

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

Hierarchy (View 1000)

Parents

Related attack patterns (CAPEC)

CAPEC-665

CVEs mapped to this weakness (5,392)

page 186 of 270
  • CVE-2025-49246MedJun 6, 2025
    WordPress
    Testimonials Showcase
    risk 0.28cvss 4.3epss 0.00

    Missing Authorization vulnerability in cmoreira Testimonials Showcase testimonials-showcase allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Testimonials Showcase: from n/a through <= 1.9.16.

  • CVE-2025-49240MedJun 6, 2025
    WordPress
    Docspress
    risk 0.28cvss 4.3epss 0.00

    Missing Authorization vulnerability in nK DocsPress docspress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects DocsPress: from n/a through <= 2.5.2.

  • CVE-2025-30990MedJun 6, 2025
    Themehunk
    themehunk-megamenu-plus
    risk 0.28cvss 4.3epss 0.00

    Missing Authorization vulnerability in ThemeHunk ThemeHunk themehunk-megamenu-plus allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ThemeHunk: from n/a through <= 1.2.0.

  • CVE-2025-30978MedJun 6, 2025
    WordPress
    Dorzki Notifications To Slack
    risk 0.28cvss 4.3epss 0.00

    Missing Authorization vulnerability in Dor Zuberi Slack Notifications by dorzki dorzki-notifications-to-slack allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Slack Notifications by dorzki: from n/a through <= 2.0.7.

  • CVE-2025-30974MedJun 6, 2025
    Akhtarujjaman Shuvo
    Post Grid Master
    risk 0.28cvss 4.3epss 0.00

    Missing Authorization vulnerability in Akhtarujjaman Shuvo Post Grid Master ajax-filter-posts allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Post Grid Master: from n/a through <= 3.4.17.

  • CVE-2025-30927MedJun 6, 2025
    Wordapp
    Wordapp
    risk 0.28cvss 4.3epss 0.00

    Missing Authorization vulnerability in Wordapp Team Wordapp wordapp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Wordapp: from n/a through <= 1.7.0.

  • CVE-2025-30624MedJun 6, 2025
    WordPress
    Wordlift
    risk 0.28cvss 4.3epss 0.00

    Missing Authorization vulnerability in WordLift WordLift wordlift allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WordLift: from n/a through <= 3.54.4.

  • CVE-2025-29010MedJun 6, 2025
    WordPress
    Portfolio Manager Powered By Behance
    risk 0.28cvss 4.3epss 0.00

    Missing Authorization vulnerability in eleopard Behance Portfolio Manager portfolio-manager-powered-by-behance allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Behance Portfolio Manager: from n/a through <= 1.7.5.

  • CVE-2025-28996MedJun 6, 2025
    Thad Allender
    GPP Slideshow
    risk 0.28cvss 4.3epss 0.00

    Missing Authorization vulnerability in Thad Allender GPP Slideshow gpp-slideshow allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GPP Slideshow: from n/a through <= 1.3.5.

  • CVE-2025-28994MedJun 6, 2025
    WordPress
    Viral Loops Wp Integration
    risk 0.28cvss 4.3epss 0.00

    Missing Authorization vulnerability in viralloops Viral Loops WP Integration viral-loops-wp-integration allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Viral Loops WP Integration: from n/a through <= 3.8.1.

  • CVE-2023-26002MedJun 6, 2025
    WordPress
    6storage Rentals
    risk 0.28cvss 4.3epss 0.00

    Missing Authorization vulnerability in 6Storage 6Storage Rentals allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects 6Storage Rentals: from n/a through 2.19.5.

  • CVE-2025-5732MedJun 6, 2025
    Carmelo
    Traffic Offense Reporting System
    risk 0.28cvss 4.3epss 0.00

    A vulnerability, which was classified as problematic, was found in code-projects Traffic Offense Reporting System 1.0. This affects an unknown part. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been…

  • CVE-2025-1778MedJun 6, 2025
    Art
    Art Theme
    risk 0.28cvss 4.3epss 0.00

    The Art Theme for WordPress is vulnerable to unauthorized access due to a missing capability check on the 'arttheme_theme_option_restore' AJAX function in all versions up to, and including, 3.12.2.3. This makes it possible for authenticated attackers, with subscriber-level…

  • CVE-2025-5185MedMay 26, 2025
    Summer Pearl Group
    Vacation Rental Management Platform
    risk 0.28cvss 4.3epss 0.00

    A vulnerability was found in Summer Pearl Group Vacation Rental Management Platform up to 1.0.1. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross-site request forgery. The attack can be launched…

  • CVE-2025-4105MedMay 21, 2025
    Splitit
    Splitit
    risk 0.28cvss 5.4epss 0.00

    The Splitit plugin for WordPress is vulnerable to unauthorized modification of data due to missing capability checks on several functions in the 'splitIt-flexfields-payment-gateway.php' file in all versions up to, and including, 4.2.8. This makes it possible for authenticated…

  • CVE-2025-39454MedMay 19, 2025
    WordPress
    Name Directory
    risk 0.28cvss 4.3epss 0.00

    Missing Authorization vulnerability in Jeroen Peters Name Directory name-directory.This issue affects Name Directory: from n/a through <= 1.30.0.

  • CVE-2025-39412MedMay 19, 2025
    Averta
    Master Slider
    risk 0.28cvss 4.3epss 0.00

    Missing Authorization vulnerability in averta Master Slider master-slider.This issue affects Master Slider: from n/a through <= 3.11.0.

  • CVE-2025-39398MedMay 19, 2025
    Themovation
    Bellevue
    risk 0.28cvss 4.3epss 0.00

    Missing Authorization vulnerability in Themovation Bellevue bellevuex.This issue affects Bellevue: from n/a through <= 4.2.2.

  • CVE-2025-22287MedMay 19, 2025
    WordPress
    Ltl Freight Quotes Freightquote Edition
    risk 0.28cvss 5.4epss 0.00

    Missing Authorization vulnerability in enituretechnology LTL Freight Quotes – FreightQuote Edition ltl-freight-quotes-freightquote-edition allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LTL Freight Quotes – FreightQuote Edition:…

  • CVE-2025-39376MedMay 19, 2025
    QuanticaLabs
    Car Park Booking System for WordPress
    risk 0.28cvss 4.3epss 0.00

    Missing Authorization vulnerability in QuanticaLabs Car Park Booking System for WordPress car-park-booking-system-for-wordpress.This issue affects Car Park Booking System for WordPress: from n/a through <= 2.6.