VYPR

CWE-862

Missing Authorization

ClassIncompleteLikelihood: High

Description

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-665

CVEs mapped to this weakness (5,549)

page 29 of 278
  • CVE-2026-48883HigJun 15, 2026
    risk 0.49cvss 7.5epss 0.00

    Unauthenticated Broken Access Control in WPC Product Bundles for WooCommerce <= 8.5.3 versions.

  • CVE-2026-48873HigJun 15, 2026
    risk 0.49cvss 7.5epss 0.00

    Unauthenticated Broken Access Control in Montonio for WooCommerce <= 10.1.2 versions.

  • CVE-2026-48835HigJun 15, 2026
    risk 0.49cvss 7.5epss 0.00

    Unauthenticated Broken Access Control in Contact Form by WPForms <= 1.10.0.4 versions.

  • CVE-2026-42666HigJun 15, 2026
    risk 0.49cvss 7.5epss 0.00

    Unauthenticated Broken Access Control in Salon booking system <= 10.30.25 versions.

  • CVE-2026-40776HigJun 15, 2026
    risk 0.49cvss 7.5epss 0.00

    Unauthenticated Broken Access Control in WP Event SOlution <= 4.1.8 versions.

  • CVE-2026-40774HigJun 15, 2026
    risk 0.49cvss 7.5epss 0.00

    Unauthenticated Broken Access Control in Booking Package <= 1.7.06 versions.

  • CVE-2026-40741HigJun 15, 2026
    risk 0.49cvss 7.5epss 0.00

    Unauthenticated Broken Access Control in Redsys for WooCommerce Light <= 7.0.0 versions.

  • CVE-2026-39534HigJun 15, 2026
    risk 0.49cvss 7.5epss 0.00

    Unauthenticated Broken Access Control in WP Directory Kit <= 1.5.0 versions.

  • CVE-2026-39533HigJun 15, 2026
    risk 0.49cvss 7.5epss 0.00

    Unauthenticated Broken Access Control in AWP Classifieds <= 4.4.4 versions.

  • CVE-2026-39524HigJun 15, 2026
    risk 0.49cvss 7.5epss 0.00

    Unauthenticated Broken Access Control in Masteriyo - LMS <= 2.1.5 versions.

  • CVE-2026-39513HigJun 15, 2026
    risk 0.49cvss 7.5epss 0.00

    Unauthenticated Broken Access Control in Easy Appointments <= 3.12.21 versions.

  • CVE-2026-39503HigJun 15, 2026
    risk 0.49cvss 7.5epss 0.00

    Unauthenticated Broken Access Control in Easy Digital Downloads <= 3.6.5 versions.

  • CVE-2026-34898HigJun 15, 2026
    risk 0.49cvss 7.5epss 0.00

    Unauthenticated Broken Access Control in Event Tickets Manager for WooCommerce <= 1.5.3 versions.

  • CVE-2026-34886HigJun 15, 2026
    risk 0.49cvss 7.5epss 0.00

    Unauthenticated Broken Access Control in Simple Membership <= 4.7.1 versions.

  • CVE-2026-25425HigJun 15, 2026
    risk 0.49cvss 7.5epss 0.00

    Unauthenticated Broken Access Control in User Registration <= 5.1.2 versions.

  • CVE-2026-50108HigJun 12, 2026
    risk 0.49cvss 7.5epss 0.00

    The Naxclow platform API that returns device relay registration details exposes a persistent credential without verifying that the requester is the legitimate device or owner. An actor able to present a platform-valid request signature can retrieve credentials for arbitrary…

  • CVE-2026-26237HigJun 10, 2026
    risk 0.49cvss 7.5epss 0.00

    A missing authorization vulnerability has been reported to affect QuMagie. The remote attackers can then exploit the vulnerability to access unauthorized data or perform unauthorized actions. We have already fixed the vulnerability in the following version: QuMagie 2.9.0 and…

  • CVE-2026-26236HigJun 9, 2026
    risk 0.49cvss 7.5epss 0.00

    A missing authorization vulnerability has been reported to affect QuMagie. The remote attackers can then exploit the vulnerability to access unauthorized data or perform unauthorized actions. We have already fixed the vulnerability in the following version: QuMagie 2.9.0 and…

  • CVE-2026-10737HigJun 4, 2026
    risk 0.49cvss 7.5epss 0.00

    The SP Project & Document Manager plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the view_file function in all versions up to, and including, 4.71. This makes it possible for unauthenticated attackers to read file metadata and…

  • CVE-2026-42670HigJun 2, 2026
    risk 0.49cvss 7.5epss 0.00

    Missing Authorization vulnerability in Etoile Web Design Incorporated Five Star Restaurant Reservations allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Five Star Restaurant Reservations: from n/a through 2.7.14.