VYPR

CWE-862

Missing Authorization

ClassIncompleteLikelihood: High

Description

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-665

CVEs mapped to this weakness (5,549)

page 35 of 278
  • CVE-2025-52731HigAug 14, 2025
    risk 0.49cvss 7.5epss 0.00

    Missing Authorization vulnerability in themefunction WordPress Event Manager, Event Calendar and Booking Plugin eventin-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WordPress Event Manager, Event Calendar and Booking Plugin: from…

  • CVE-2025-31425HigAug 14, 2025
    risk 0.49cvss 7.5epss 0.00

    Missing Authorization vulnerability in kamleshyadav WP Lead Capturing Pages leadcapture allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Lead Capturing Pages: from n/a through < 2.6.

  • CVE-2025-30639HigAug 14, 2025
    risk 0.49cvss 7.5epss 0.00

    Missing Authorization vulnerability in ThemeAtelier IDonatePro idonate-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects IDonatePro: from n/a through <= 2.1.9.

  • CVE-2025-52804HigJul 16, 2025
    risk 0.49cvss 7.5epss 0.00

    Missing Authorization vulnerability in uxper Nuss nuss allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Nuss: from n/a through <= 1.3.7.1.

  • CVE-2025-52803HigJul 16, 2025
    risk 0.49cvss 7.5epss 0.00

    Missing Authorization vulnerability in uxper Sala allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Sala: from n/a through 1.1.3.

  • CVE-2025-29000HigJul 16, 2025
    risk 0.49cvss 7.5epss 0.00

    Missing Authorization vulnerability in August Infotech Multi-language Responsive Contact Form responsive-contact-form allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Multi-language Responsive Contact Form: from n/a through <= 2.8.

  • CVE-2025-53485HigJul 4, 2025
    risk 0.49cvss 7.5epss 0.00

    SetTranslationHandler.php does not validate that the user is an election admin, allowing any (even unauthenticated) user to change election-related translation text. While partially broken in newer MediaWiki versions, the check is still missing. This issue affects Mediawiki…

  • CVE-2025-6814HigJul 4, 2025
    risk 0.49cvss 7.5epss 0.00

    The Booking X plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the export_now() function in versions 1.0 to 1.1.2. This makes it possible for unauthenticated attackers to download all plugin data, including user accounts,…

  • CVE-2025-52802HigJun 20, 2025
    risk 0.49cvss 7.5epss 0.00

    Missing Authorization vulnerability in enguerranws Import YouTube videos as WP Posts import-youtube-videos-as-wp-post allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Import YouTube videos as WP Posts: from n/a through <= 2.1.

  • CVE-2025-49265HigJun 9, 2025
    risk 0.49cvss 7.5epss 0.00

    Missing Authorization vulnerability in WP Swings Membership For WooCommerce membership-for-woocommerce allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Membership For WooCommerce: from n/a through <= 2.8.1.

  • CVE-2025-32308HigJun 9, 2025
    risk 0.49cvss 7.6epss 0.00

    Missing Authorization vulnerability in looks_awesome Team Builder a-team-showcase allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Team Builder: from n/a through <= 1.5.7.

  • CVE-2025-47558HigMay 23, 2025
    risk 0.49cvss 7.5epss 0.00

    Missing Authorization vulnerability in RomanCode MapSVG mapsvg allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects MapSVG: from n/a through < 8.6.13.

  • CVE-2025-39451HigMay 19, 2025
    risk 0.49cvss 7.5epss 0.00

    Missing Authorization vulnerability in Crocoblock JetBlocks For Elementor jet-blocks allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects JetBlocks For Elementor: from n/a through <= 1.3.16.

  • CVE-2025-39449HigMay 19, 2025
    risk 0.49cvss 7.5epss 0.00

    Missing Authorization vulnerability in Crocoblock JetWooBuilder jet-woo-builder allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects JetWooBuilder: from n/a through <= 2.1.18.

  • CVE-2025-39447HigMay 19, 2025
    risk 0.49cvss 7.5epss 0.00

    Missing Authorization vulnerability in Crocoblock JetElements For Elementor jet-elements allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects JetElements For Elementor: from n/a through <= 2.7.4.1.

  • CVE-2021-47662HigApr 24, 2025
    risk 0.49cvss 7.5epss 0.00

    Due to missing authorization an unauthenticated remote attacker can cause a DoS attack by connecting via HTTPS and triggering the shutdown button.

  • CVE-2025-39532HigApr 17, 2025
    risk 0.49cvss 7.5epss 0.00

    Missing Authorization vulnerability in spicethemes Spice Blocks spice-blocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Spice Blocks: from n/a through <= 2.0.7.7.

  • CVE-2025-32544HigApr 17, 2025
    risk 0.49cvss 7.5epss 0.00

    Missing Authorization vulnerability in The Right Software WooCommerce Loyal Customers woocommerce-loyal-customer allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WooCommerce Loyal Customers: from n/a through <= 2.6.

  • CVE-2025-26968HigApr 17, 2025
    risk 0.49cvss 7.5epss 0.00

    Missing Authorization vulnerability in webbernaut Cloak Front End Email allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Cloak Front End Email: from n/a through 1.9.5.

  • CVE-2025-27008HigApr 15, 2025
    risk 0.49cvss 7.5epss 0.00

    Missing Authorization vulnerability in NotFound Unlimited Timeline unlimited-timeline allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Unlimited Timeline: from n/a through < 1.6.1.