VYPR

CWE-862

Missing Authorization

ClassIncompleteLikelihood: High

Description

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-665

CVEs mapped to this weakness (5,549)

page 19 of 278
  • CVE-2025-7665HigSep 19, 2025
    risk 0.53cvss 8.1epss 0.00

    The Miniorange OTP Verification with Firebase plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the 'handle_mofirebase_form_options' function in versions 3.1.0 to 3.6.2. This makes it possible for unauthenticated attackers to update…

  • CVE-2025-8565HigSep 18, 2025
    risk 0.53cvss 8.1epss 0.00

    The Privacy Policy Generator, Terms & Conditions Generator WordPress Plugin : WP Legal Pages plugin for WordPress is vulnerable to unauthorized access of functionality due to a missing capability check on the wplp_gdpr_install_plugin_ajax_handler() function in all versions up…

  • CVE-2025-7040HigSep 6, 2025
    risk 0.53cvss 8.2epss 0.00

    The Cloud SAML SSO plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'set_organization_settings' action of the csso_handle_actions() function in all versions up to, and including, 1.0.19. The handler reads…

  • CVE-2025-8342HigAug 15, 2025
    risk 0.53cvss 8.1epss 0.01

    The WooCommerce OTP Login With Phone Number, OTP Verification plugin for WordPress is vulnerable to authentication bypass due to insufficient empty value checking in the lwp_ajax_register function in all versions up to, and including, 1.8.47. This makes it possible for…

  • CVE-2025-6043HigJul 16, 2025
    risk 0.53cvss 8.1epss 0.01

    The Malcure Malware Scanner — #1 Toolset for WordPress Malware Removal plugin for WordPress is vulnerable to Arbitrary File Deletion due to a missing capability check on the wpmr_delete_file() function in all versions up to, and including, 17.0. This makes it possible for…

  • CVE-2025-42953HigJul 8, 2025
    risk 0.53cvss 8.1epss 0.00

    SAP Netweaver System Configuration does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. This could completely compromise the integrity and availability with no impact on confidentiality of the system.

  • CVE-2025-52813HigJul 4, 2025
    risk 0.53cvss 8.1epss 0.00

    Missing Authorization vulnerability in pietro MobiLoud allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects MobiLoud: from n/a through 4.6.5.

  • CVE-2025-52818HigJun 27, 2025
    risk 0.53cvss 8.2epss 0.00

    Missing Authorization vulnerability in Dejan Jasnic Trusty Whistleblowing trusty-whistleblowing-solution allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Trusty Whistleblowing: from n/a through <= 2.0.1.

  • CVE-2025-52817HigJun 27, 2025
    risk 0.53cvss 8.2epss 0.00

    Missing Authorization vulnerability in ZealousWeb Abandoned Contact Form 7 abandoned-contact-form-7 allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Abandoned Contact Form 7: from n/a through <= 2.2.

  • CVE-2025-39536HigMay 23, 2025
    risk 0.53cvss 8.2epss 0.00

    Missing Authorization vulnerability in Chimpstudio JobHunt Job Alerts allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects JobHunt Job Alerts: from n/a through 3.6.

  • CVE-2025-39352HigMay 19, 2025
    risk 0.53cvss 8.2epss 0.00

    Missing Authorization vulnerability in ThemeGoods Grand Restaurant grandrestaurant allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Grand Restaurant: from n/a through <= 7.0.

  • CVE-2025-39350HigMay 19, 2025
    risk 0.53cvss 8.2epss 0.00

    Missing Authorization vulnerability in Rocket Apps wProject.This issue affects wProject: from n/a before 5.8.0.

  • CVE-2024-58101HigMay 14, 2025
    risk 0.53cvss 8.1epss 0.00

    Samsung Galaxy Buds and Galaxy Buds 2 audio devices are Bluetooth pairable by default without user input nor a way to stop this mode. As a consequence, audio playback takeover or even microphone recording without user consent or notification is achieved. Note: This is considered…

  • CVE-2025-32593HigApr 17, 2025
    risk 0.53cvss 8.2epss 0.00

    Missing Authorization vulnerability in Bytes Technolab Add Product Frontend for WooCommerce add-product-frontend-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Add Product Frontend for WooCommerce: from n/a through <=…

  • CVE-2025-26733HigMar 27, 2025
    risk 0.53cvss 8.2epss 0.00

    Missing Authorization vulnerability in shinetheme Traveler traveler.This issue affects Traveler: from n/a through < 3.2.1.

  • CVE-2024-13801HigMar 26, 2025
    risk 0.53cvss 8.1epss 0.00

    The BWL Advanced FAQ Manager plugin for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to a missing capability check on the 'baf_set_notice_status' AJAX action in all versions up to, and including, 2.1.4. This makes it…

  • CVE-2025-0952HigMar 14, 2025
    risk 0.53cvss 8.1epss 0.00

    The Eco Nature - Environment & Ecology WordPress Theme theme for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to a missing capability check on the 'cmsmasters_hide_admin_notice' AJAX action in all versions up to, and…

  • CVE-2024-13655HigMar 7, 2025
    risk 0.53cvss 8.1epss 0.00

    The Flex Mag - Responsive WordPress News Theme theme for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to a missing capability check on the propanel_of_ajax_callback() function in all versions up to, and including, 3.5.2.…

  • CVE-2025-25167HigFeb 7, 2025
    risk 0.53cvss 8.2epss 0.00

    Missing Authorization vulnerability in Black and White BookPress – For Book Authors book-press allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects BookPress – For Book Authors: from n/a through <= 1.2.7.

  • CVE-2024-13767HigJan 31, 2025
    risk 0.53cvss 8.1epss 0.01

    The Live2DWebCanvas plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the ClearFiles() function in all versions up to, and including, 1.9.11. This makes it possible for authenticated attackers, with Subscriber-level access…