VYPR

CWE-862

Missing Authorization

ClassIncompleteLikelihood: High

Description

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-665

CVEs mapped to this weakness (5,549)

page 33 of 278
  • CVE-2025-68058HigJan 22, 2026
    risk 0.49cvss 7.6epss 0.00

    Missing Authorization vulnerability in e-plugins Institutions Directory institutions-directory allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Institutions Directory: from n/a through <= 1.3..4.

  • CVE-2025-68057HigJan 22, 2026
    risk 0.49cvss 7.6epss 0.00

    Missing Authorization vulnerability in e-plugins Hospital Doctor Directory hospital-doctor-directory allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Hospital Doctor Directory: from n/a through <= 1.3.9.

  • CVE-2025-67967HigJan 22, 2026
    risk 0.49cvss 7.6epss 0.00

    Missing Authorization vulnerability in e-plugins Lawyer Directory lawyer-directory allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Lawyer Directory: from n/a through <= 1.3.3.

  • CVE-2025-22715HigJan 8, 2026
    risk 0.49cvss 7.5epss 0.00

    Missing Authorization vulnerability in loopus WP Attractive Donations System - Easy Stripe & Paypal donations WP_AttractiveDonationsSystem allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Attractive Donations System - Easy Stripe &…

  • CVE-2025-14360HigJan 8, 2026
    risk 0.49cvss 7.5epss 0.00

    Missing Authorization vulnerability in Kaira Blockons blockons allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Blockons: from n/a through <= 1.2.19.

  • CVE-2025-14358HigJan 8, 2026
    risk 0.49cvss 7.5epss 0.00

    Missing Authorization vulnerability in sizam REHub Framework rehub-framework allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects REHub Framework: from n/a through <= 19.9.5.

  • CVE-2025-13493HigJan 7, 2026
    risk 0.49cvss 7.5epss 0.00

    The Latest Registered Users plugin for WordPress is vulnerable to unauthorized user data export in all versions up to, and including, 1.4. This is due to missing authorization and nonce validation in the rnd_handle_form_submit function hooked to both admin_post_my_simple_form…

  • CVE-2025-11877HigJan 7, 2026
    risk 0.49cvss 7.5epss 0.00

    The User Activity Log plugin is vulnerable to a limited options update in versions up to, and including, 2.2. The failed-login handler 'ual_shook_wp_login_failed' lacks a capability check and writes failed usernames directly into update_option() calls. This makes it possible for…

  • CVE-2025-46255HigJan 5, 2026
    risk 0.49cvss 7.5epss 0.00

    Missing Authorization vulnerability in Marketing Fire LLC LoginWP - Pro allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects LoginWP - Pro: from n/a through 4.0.8.5.

  • CVE-2025-68850HigJan 5, 2026
    risk 0.49cvss 7.5epss 0.00

    Missing Authorization vulnerability in codepeople Sell Downloads sell-downloads allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sell Downloads: from n/a through <= 1.1.12.

  • CVE-2025-68547HigJan 5, 2026
    risk 0.49cvss 7.5epss 0.00

    Missing Authorization vulnerability in wpweb Follow My Blog Post follow-my-blog-post allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Follow My Blog Post: from n/a through <= 2.4.0.

  • CVE-2025-68036HigDec 30, 2025
    risk 0.49cvss 7.5epss 0.00

    Missing Authorization vulnerability in Imran Tauqeer CubeWP cubewp-framework allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects CubeWP: from n/a through <= 1.1.27.

  • CVE-2025-68608HigDec 24, 2025
    risk 0.49cvss 7.5epss 0.00

    Missing Authorization vulnerability in DeluxeThemes Userpro userpro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Userpro: from n/a through <= 5.1.9.

  • CVE-2024-24844HigDec 23, 2025
    risk 0.49cvss 7.5epss 0.00

    Missing Authorization vulnerability in IdeaBox Creations PowerPack Pro for Elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PowerPack Pro for Elementor: from n/a through 2.10.6.

  • CVE-2025-7782HigDec 20, 2025
    risk 0.49cvss 7.6epss 0.00

    The WP JobHunt plugin for WordPress, used by the JobCareer theme, is vulnerable to unauthorized modification of data due to a missing capability check on the 'cs_update_application_status_callback' function in all versions up to, and including, 7.7. This makes it possible for…

  • CVE-2025-66117HigDec 18, 2025
    risk 0.49cvss 7.5epss 0.00

    Missing Authorization vulnerability in Ays Pro Easy Form easy-form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Form: from n/a through <= 2.7.8.

  • CVE-2025-66088HigDec 18, 2025
    risk 0.49cvss 7.5epss 0.00

    Missing Authorization vulnerability in Property Hive PropertyHive propertyhive allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PropertyHive: from n/a through <= 2.1.12.

  • CVE-2025-66070HigDec 18, 2025
    risk 0.49cvss 7.5epss 0.00

    Missing Authorization vulnerability in Tomdever wpForo Forum wpforo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects wpForo Forum: from n/a through <= 2.4.10.

  • CVE-2025-66054HigDec 18, 2025
    risk 0.49cvss 7.5epss 0.00

    Missing Authorization vulnerability in ThimPress LearnPress learnpress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LearnPress: from n/a through <= 4.2.9.4.

  • CVE-2025-64268HigDec 18, 2025
    risk 0.49cvss 7.5epss 0.00

    Missing Authorization vulnerability in Arraytics Timetics timetics allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Timetics: from n/a through <= 1.0.44.