VYPR

CWE-862

Missing Authorization

ClassIncompleteLikelihood: High

Description

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-665

CVEs mapped to this weakness (5,549)

page 20 of 278
  • CVE-2025-23477HigJan 21, 2025
    risk 0.53cvss 8.2epss 0.00

    Missing Authorization vulnerability in realtyworkstation Realty Workstation realty-workstation allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Realty Workstation: from n/a through <= 1.0.45.

  • CVE-2024-54359HigDec 16, 2024
    risk 0.53cvss 8.2epss 0.01

    Missing Authorization vulnerability in Saul Morales Pacheco Banner System banner-system allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Banner System: from n/a through <= 1.0.0.

  • CVE-2023-41130HigDec 13, 2024
    risk 0.53cvss 8.1epss 0.00

    Missing Authorization vulnerability in Premmerce Premmerce User Roles premmerce-user-roles allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Premmerce User Roles: from n/a through <= 1.0.12.

  • CVE-2024-10783HigDec 13, 2024
    risk 0.53cvss 8.1epss 0.02

    The MainWP Child – Securely Connects to the MainWP Dashboard to Manage Multiple Sites plugin for WordPress is vulnerable to privilege escalation due to a missing authorization checks on the register_site function in all versions up to, and including, 5.2 when a site is left in…

  • CVE-2023-49856HigDec 9, 2024
    risk 0.53cvss 8.1epss 0.01

    Missing Authorization vulnerability in EDGARROJAS Smart Forms smart-forms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Smart Forms: from n/a through <= 2.6.84.

  • CVE-2023-49817HigDec 9, 2024
    risk 0.53cvss 8.2epss 0.01

    Missing Authorization vulnerability in heoLixfy Flexible Woocommerce Checkout Field Editor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Flexible Woocommerce Checkout Field Editor: from n/a through 2.0.1.

  • CVE-2023-48286HigDec 9, 2024
    risk 0.53cvss 8.2epss 0.00

    Missing Authorization vulnerability in mra13 Stripe Payments stripe-payments allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Stripe Payments: from n/a through <= 2.0.79.

  • CVE-2024-37106HigNov 1, 2024
    risk 0.53cvss 8.2epss 0.00

    Missing Authorization vulnerability in WishList Products WishList Member X allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WishList Member X: from n/a through 3.26.6

  • CVE-2024-8548HigOct 1, 2024
    risk 0.53cvss 8.1epss 0.00

    The KB Support – WordPress Help Desk and Knowledge Base plugin for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check on several functions in the /includes/ajax-functions.php file all versions up to, and including, 1.6.6.…

  • CVE-2023-37870HigJun 19, 2024
    risk 0.53cvss 8.1epss 0.00

    Missing Authorization vulnerability in Woo WooCommerce Warranty Requests.This issue affects WooCommerce Warranty Requests: from n/a through 2.1.9.

  • CVE-2023-40608HigJun 19, 2024
    risk 0.53cvss 8.2epss 0.00

    Missing Authorization vulnerability in Paid Memberships Pro Paid Memberships Pro CCBill Gateway.This issue affects Paid Memberships Pro CCBill Gateway: from n/a through 0.3.

  • CVE-2024-32692HigMay 17, 2024
    risk 0.53cvss 8.2epss 0.00

    Missing Authorization vulnerability in QuanticaLabs Chauffeur Taxi Booking System for WordPress allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Chauffeur Taxi Booking System for WordPress: from n/a through 6.9.

  • CVE-2023-45000HigApr 16, 2024
    risk 0.53cvss 8.2epss 0.00

    Missing Authorization vulnerability in LiteSpeed Technologies LiteSpeed Cache.This issue affects LiteSpeed Cache: from n/a through 5.7.

  • CVE-2024-24832HigMar 23, 2024
    risk 0.53cvss 8.2epss 0.00

    Missing Authorization vulnerability in Metagauss EventPrime.This issue affects EventPrime: from n/a through 3.3.9.

  • CVE-2024-2702HigMar 20, 2024
    risk 0.53cvss 8.2epss 0.01

    Missing Authorization vulnerability in Olive Themes Olive One Click Demo Import allows importing settings and data, ultimately leading to XSS.This issue affects Olive One Click Demo Import: from n/a through 1.1.1.

  • CVE-2024-1862HigMar 13, 2024
    risk 0.53cvss 8.1epss 0.01

    The WooCommerce Add to Cart Custom Redirect plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the 'wcr_dismiss_admin_notice' function in all versions up to, and including, 1.2.13. This makes it possible…

  • CVE-2023-6700HigFeb 5, 2024
    risk 0.53cvss 8.8epss 0.01

    The Cookie Information | Free GDPR Consent Solution plugin for WordPress is vulnerable to arbitrary option updates due to a missing capability check on its AJAX request handler in versions up to, and including, 2.0.22. This makes it possible for authenticated attackers, with…

  • CVE-2021-4383HigJun 7, 2023
    risk 0.53cvss 8.1epss 0.01

    The WP Quick FrontEnd Editor plugin for WordPress is vulnerable to page content injection in versions up to, and including, 5.5. This is due to missing capability checks in the plugin's page-editing functionality. This makes it possible for low-authenticated attackers, such as…

  • CVE-2017-17707HigJul 31, 2018
    risk 0.53cvss 8.1epss 0.01

    Due to missing authorization checks, any authenticated user is able to list, upload, or delete attachments to password safe entries in Pleasant Password Server before 7.8.3. To perform those actions on an entry, the user needs to know the corresponding "CredentialId" value,…

  • CVE-2026-55518criJun 17, 2026
    risk 0.52cvss epss

    ## Summary A critical missing authorization flaw exists in Avo's association attach workflow. The UI and `GET /resources/:resource/:id/:related/new` path can check `attach_?`, but the actual write endpoint, `POST /resources/:resource/:id/:related`, does not run the…