VYPR

CWE-862

Missing Authorization

ClassIncompleteLikelihood: High

Description

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-665

CVEs mapped to this weakness (5,549)

page 34 of 278
  • CVE-2025-64222HigDec 18, 2025
    risk 0.49cvss 7.5epss 0.00

    Missing Authorization vulnerability in FantasticPlugins WooCommerce Recover Abandoned Cart rac allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WooCommerce Recover Abandoned Cart: from n/a through <= 24.6.0.

  • CVE-2025-64214HigDec 18, 2025
    risk 0.49cvss 7.5epss 0.00

    Missing Authorization vulnerability in StylemixThemes MasterStudy LMS Pro masterstudy-lms-learning-management-system-pro allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects MasterStudy LMS Pro: from n/a through < 4.7.16.

  • CVE-2025-64209HigDec 18, 2025
    risk 0.49cvss 7.5epss 0.00

    Missing Authorization vulnerability in StylemixThemes Masterstudy masterstudy allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Masterstudy: from n/a through < 4.8.122.

  • CVE-2025-60086HigDec 18, 2025
    risk 0.49cvss 7.5epss 0.00

    Missing Authorization vulnerability in Matt WP Voting Contest wp-voting-contest allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Voting Contest: from n/a through <= 5.8.

  • CVE-2025-60077HigDec 18, 2025
    risk 0.49cvss 7.5epss 0.00

    Missing Authorization vulnerability in YayCommerce YayPricing yaypricing allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects YayPricing: from n/a through <= 3.5.3.

  • CVE-2025-60045HigDec 18, 2025
    risk 0.49cvss 7.5epss 0.00

    Missing Authorization vulnerability in ThemeAtelier IDonatePro idonate-pro allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects IDonatePro: from n/a through <= 2.1.11.

  • CVE-2025-58938HigDec 18, 2025
    risk 0.49cvss 7.5epss 0.00

    Missing Authorization vulnerability in ThemeAtelier IDonatePro idonate-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects IDonatePro: from n/a through <= 2.1.9.

  • CVE-2025-58877HigDec 18, 2025
    risk 0.49cvss 7.5epss 0.00

    Missing Authorization vulnerability in javothemes Javo Core javo-core allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Javo Core: from n/a through <= 3.0.0.529.

  • CVE-2025-13384HigNov 22, 2025
    risk 0.49cvss 7.5epss 0.00

    The CP Contact Form with PayPal plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.3.56. This is due to the plugin exposing an unauthenticated IPN-like endpoint (via the 'cp_contactformpp_ipncheck' query parameter) that processes…

  • CVE-2025-12955HigNov 18, 2025
    risk 0.49cvss 7.5epss 0.00

    The Live sales notification for WooCommerce plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 2.3.39. This is due to the "getOrders" function lacking proper authorization and capability checks when the plugin is configured to…

  • CVE-2025-58629HigNov 6, 2025
    risk 0.49cvss 7.5epss 0.00

    Missing Authorization vulnerability in kamleshyadav Miraculous miraculous allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Miraculous: from n/a through < 2.0.9.

  • CVE-2025-11890HigNov 4, 2025
    risk 0.49cvss 7.5epss 0.00

    The Crypto Payment Gateway with Payeer for WooCommerce plugin for WordPress is vulnerable to payment bypass in all versions up to, and including, 1.0.3. This is due to the plugin not properly verifying a payments status through server-side validation though the…

  • CVE-2025-62022HigOct 22, 2025
    risk 0.49cvss 7.5epss 0.00

    Missing Authorization vulnerability in BuddyPress BuddyPress buddypress.This issue affects BuddyPress: from n/a through <= 14.3.4.

  • CVE-2025-49925HigOct 22, 2025
    risk 0.49cvss 7.5epss 0.00

    Missing Authorization vulnerability in VibeThemes WPLMS wplms_plugin allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WPLMS: from n/a through <= 1.9.9.7.

  • CVE-2025-30944HigOct 22, 2025
    risk 0.49cvss 7.5epss 0.00

    Missing Authorization vulnerability in Essekia Tablesome Table Premium tablesome-premium allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Tablesome Table Premium: from n/a through <= 1.1.23.

  • CVE-2025-33182HigOct 14, 2025
    risk 0.49cvss 7.6epss 0.00

    NVIDIA Jetson Linux contains a vulnerability in UEFI, where improper authentication may allow a privileged user to cause corruption of the Linux Device Tree. A successful exploitation of this vulnerability might lead to data tampering, denial of service.

  • CVE-2025-59011HigSep 26, 2025
    risk 0.49cvss 7.5epss 0.00

    Missing Authorization vulnerability in shinetheme Traveler traveler allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Traveler: from n/a through < 3.2.3.

  • CVE-2025-53230HigAug 28, 2025
    risk 0.49cvss 7.6epss 0.00

    Missing Authorization vulnerability in honzat Page Manager for Elementor page-manager-for-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Page Manager for Elementor: from n/a through <= 2.0.5.

  • CVE-2025-54692HigAug 14, 2025
    risk 0.49cvss 7.5epss 0.00

    Missing Authorization vulnerability in WP Swings Membership For WooCommerce membership-for-woocommerce allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Membership For WooCommerce: from n/a through <= 2.9.0.

  • CVE-2025-54679HigAug 14, 2025
    risk 0.49cvss 7.5epss 0.00

    Missing Authorization vulnerability in vertim Neon Channel Product Customizer Free neon-channel-product-customizer-free allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Neon Channel Product Customizer Free: from n/a through <= 2.0.