VYPR

CWE-862

Missing Authorization

ClassIncompleteLikelihood: High

Description

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-665

CVEs mapped to this weakness (5,549)

page 32 of 278
  • CVE-2025-69340HigMar 5, 2026
    risk 0.49cvss 7.5epss 0.00

    Missing Authorization vulnerability in BuddhaThemes WeDesignTech Ultimate Booking Addon wedesigntech-ultimate-booking-addon allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WeDesignTech Ultimate Booking Addon: from n/a through <= 1.0.3.

  • CVE-2026-24941HigFeb 20, 2026
    risk 0.49cvss 7.5epss 0.00

    Missing Authorization vulnerability in wpjobportal WP Job Portal wp-job-portal allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Job Portal: from n/a through <= 2.4.4.

  • CVE-2026-22351HigFeb 20, 2026
    risk 0.49cvss 7.5epss 0.00

    Missing Authorization vulnerability in Marcus (aka @msykes) WP FullCalendar wp-fullcalendar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP FullCalendar: from n/a through <= 1.6.

  • CVE-2025-69393HigFeb 20, 2026
    risk 0.49cvss 7.5epss 0.00

    Missing Authorization vulnerability in Jthemes Exzo exzo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Exzo: from n/a through <= 1.2.4.

  • CVE-2025-69303HigFeb 20, 2026
    risk 0.49cvss 7.5epss 0.00

    Missing Authorization vulnerability in modeltheme ModelTheme Framework modeltheme-framework allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ModelTheme Framework: from n/a through < 2.0.0.

  • CVE-2025-69298HigFeb 20, 2026
    risk 0.49cvss 7.5epss 0.00

    Missing Authorization vulnerability in GhostPool Gauge gauge allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Gauge: from n/a through <= 6.56.4.

  • CVE-2025-69297HigFeb 20, 2026
    risk 0.49cvss 7.5epss 0.00

    Missing Authorization vulnerability in GhostPool Aardvark Plugin aardvark-plugin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Aardvark Plugin: from n/a through <= 2.19.

  • CVE-2025-68834HigFeb 20, 2026
    risk 0.49cvss 7.5epss 0.00

    Missing Authorization vulnerability in Saiful Islam Sync Master Sheet – Product Sync with Google Sheet for WooCommerce product-sync-master-sheet allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sync Master Sheet – Product Sync with…

  • CVE-2025-68048HigFeb 20, 2026
    risk 0.49cvss 7.5epss 0.00

    Missing Authorization vulnerability in XLPlugins NextMove Lite woo-thank-you-page-nextmove-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects NextMove Lite: from n/a through <= 2.23.0.

  • CVE-2025-67994HigFeb 20, 2026
    risk 0.49cvss 7.5epss 0.00

    Missing Authorization vulnerability in YayCommerce YayCurrency yaycurrency allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects YayCurrency: from n/a through <= 3.3.

  • CVE-2025-67974HigFeb 20, 2026
    risk 0.49cvss 7.5epss 0.00

    Missing Authorization vulnerability in WP Legal Pages WPLegalPages wplegalpages allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPLegalPages: from n/a through <= 3.5.4.

  • CVE-2025-53217HigFeb 20, 2026
    risk 0.49cvss 7.6epss 0.00

    Missing Authorization vulnerability in staviravn AIO WP Builder all-in-one-wp-builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AIO WP Builder: from n/a through <= 2.0.2.

  • CVE-2026-23541HigFeb 19, 2026
    risk 0.49cvss 7.5epss 0.00

    Missing Authorization vulnerability in WPFunnels Mail Mint mail-mint allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Mail Mint: from n/a through <= 1.19.4.

  • CVE-2026-0692HigFeb 14, 2026
    risk 0.49cvss 7.5epss 0.00

    The BlueSnap Payment Gateway for WooCommerce plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 3.4.0. This is due to the plugin relying on WooCommerce's `WC_Geolocation::get_ip_address()` function to validate IPN requests, which…

  • CVE-2025-15285HigFeb 4, 2026
    risk 0.49cvss 7.5epss 0.00

    The SEO Flow by LupsOnline plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the checkBlogAuthentication() and checkCategoryAuthentication() functions in all versions up to, and including, 2.2.1. These authorization…

  • CVE-2026-1280HigJan 28, 2026
    risk 0.49cvss 7.5epss 0.00

    The Frontend File Manager Plugin for WordPress is vulnerable to unauthorized file sharing due to a missing capability check on the 'wpfm_send_file_in_email' AJAX action in all versions up to, and including, 23.5. This makes it possible for unauthenticated attackers to share…

  • CVE-2025-69313HigJan 22, 2026
    risk 0.49cvss 7.5epss 0.00

    Missing Authorization vulnerability in WPXPO PostX ultimate-post allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PostX: from n/a through <= 5.0.3.

  • CVE-2025-69311HigJan 22, 2026
    risk 0.49cvss 7.6epss 0.00

    Missing Authorization vulnerability in Broadstreet Broadstreet Ads broadstreet allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Broadstreet Ads: from n/a through <= 1.52.1.

  • CVE-2025-68882HigJan 22, 2026
    risk 0.49cvss 7.5epss 0.00

    Missing Authorization vulnerability in Scalenut Scalenut scalenut allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Scalenut: from n/a through <= 1.1.5.

  • CVE-2025-68059HigJan 22, 2026
    risk 0.49cvss 7.6epss 0.00

    Missing Authorization vulnerability in e-plugins Hotel Listing hotel-listing allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Hotel Listing: from n/a through <= 1.4.2.