VYPR

CWE-862

Missing Authorization

ClassIncompleteLikelihood: High

Description

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-665

CVEs mapped to this weakness (5,549)

page 39 of 278
  • CVE-2024-33594HigApr 29, 2024
    risk 0.49cvss 7.5epss 0.00

    Missing Authorization vulnerability in Leaky Paywall.This issue affects Leaky Paywall: from n/a through 4.20.8.

  • CVE-2024-33591HigApr 29, 2024
    risk 0.49cvss 7.5epss 0.00

    Missing Authorization vulnerability in Tips and Tricks HQ Easy Accept Payments.This issue affects Easy Accept Payments: from n/a through 4.9.10.

  • CVE-2024-33635HigApr 29, 2024
    risk 0.49cvss 7.5epss 0.01

    Missing Authorization vulnerability in Piotnet Piotnet Addons For Elementor Pro.This issue affects Piotnet Addons For Elementor Pro: from n/a through 7.1.17.

  • CVE-2024-33597HigApr 29, 2024
    risk 0.49cvss 7.5epss 0.01

    Missing Authorization vulnerability in ProFaceOff SSU.This issue affects SSU: from n/a through 1.5.0.

  • CVE-2023-44227HigApr 17, 2024
    risk 0.49cvss 7.5epss 0.01

    Missing Authorization vulnerability in Mitchell Bennis Simple File List.This issue affects Simple File List: from n/a through 6.1.9.

  • CVE-2023-51672HigApr 11, 2024
    risk 0.49cvss 7.5epss 0.01

    Missing Authorization vulnerability in FunnelKit FunnelKit Checkout.This issue affects FunnelKit Checkout: from n/a through 3.10.3.

  • CVE-2024-31343HigApr 10, 2024
    risk 0.49cvss 7.5epss 0.01

    Missing Authorization vulnerability in Sonaar Music MP3 Audio Player for Music, Radio & Podcast by Sonaar.This issue affects MP3 Audio Player for Music, Radio & Podcast by Sonaar: from n/a through 4.10.1.

  • CVE-2024-31358HigApr 10, 2024
    risk 0.49cvss 7.5epss 0.01

    Missing Authorization vulnerability in Saleswonder Team: Tobias 5 Stars Rating Funnel 5-stars-rating-funnel.This issue affects 5 Stars Rating Funnel: from n/a through <= 1.2.67.

  • CVE-2024-31297HigApr 10, 2024
    risk 0.49cvss 7.5epss 0.00

    Missing Authorization vulnerability in WPExperts Wholesale For WooCommerce.This issue affects Wholesale For WooCommerce: from n/a through 2.3.0.

  • CVE-2024-1934HigApr 9, 2024
    risk 0.49cvss 7.5epss 0.01

    The WP Compress – Image Optimizer plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wps_local_compress::__construct' function in all versions up to, and including, 6.11.10. This makes it possible for…

  • CVE-2024-27911HigApr 5, 2024
    risk 0.49cvss 7.5epss 0.00

    A vulnerability was reported in some Lenovo Printers that could allow an unauthenticated attacker to obtain the administrator password.

  • CVE-2024-30487HigMar 29, 2024
    risk 0.49cvss 7.6epss 0.00

    Missing Authorization vulnerability in Sonaar Music MP3 Audio Player for Music, Radio & Podcast by Sonaar.This issue affects MP3 Audio Player for Music, Radio & Podcast by Sonaar: from n/a through 5.1.

  • CVE-2024-2848HigMar 29, 2024
    risk 0.49cvss 7.5epss 0.01

    The Responsive theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save_footer_text_callback function in all versions up to, and including, 5.0.2. This makes it possible for unauthenticated attackers to inject arbitrary…

  • CVE-2023-6038HigNov 16, 2023
    risk 0.49cvss 7.5epss 0.04

    A Local File Inclusion (LFI) vulnerability exists in the h2o-3 REST API, allowing unauthenticated remote attackers to read arbitrary files on the server with the permissions of the user running the h2o-3 instance. This issue affects the default installation and does not require…

  • CVE-2023-5132HigOct 21, 2023
    risk 0.49cvss 7.5epss 0.01

    The Soisy Pagamento Rateale plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the parseRemoteRequest function in versions up to, and including, 6.0.1. This makes it possible for unauthenticated attackers with knowledge of an…

  • CVE-2022-4943HigOct 20, 2023
    risk 0.49cvss 7.5epss 0.01

    The miniOrange's Google Authenticator plugin for WordPress is vulnerable to authorization bypass due to a missing capability check when changing plugin settings in versions up to, and including, 5.6.5. This makes it possible for unauthenticated attackers to change the plugin's…

  • CVE-2023-39966HigAug 10, 2023
    risk 0.49cvss 7.5epss 0.01

    1Panel is an open source Linux server operation and maintenance management panel. In version 1.4.3, an arbitrary file write vulnerability could lead to direct control of the server. In the `api/v1/file.go` file, there is a function called `SaveContentthat,It `recieves JSON data…

  • CVE-2021-4355HigJun 7, 2023
    risk 0.49cvss 7.5epss 0.01

    The Welcart e-Commerce plugin for WordPress is vulnerable to authorization bypass due to missing capability checks on the download_orderdetail_list(), change_orderlist(), and download_member_list() functions called via admin_init hooks in versions up to, and including, 2.2.7.…

  • CVE-2021-4348HigJun 7, 2023
    risk 0.49cvss 7.5epss 0.01

    The Ultimate GDPR & CCPA plugin for WordPress is vulnerable to unauthenticated settings import and export via the export_settings & import_settings functions in versions up to, and including, 2.4. This makes it possible for unauthenticated attackers to change plugin settings and…

  • CVE-2021-4339HigJun 7, 2023
    risk 0.49cvss 7.5epss 0.01

    The uListing plugin for WordPress is vulnerable to authorization bypass due to a missing capability check in the "ulisting/includes/route.php" file on the /1/api/ulisting-user/search REST-API route in versions up to, and including, 1.6.6. This makes it possible for…