VYPR

CWE-862

Missing Authorization

ClassIncompleteLikelihood: High

Description

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-665

CVEs mapped to this weakness (5,549)

page 4 of 278
  • CVE-2025-24181CriMar 31, 2025
    risk 0.64cvss 9.8epss 0.01

    A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. An app may be able to access protected user data.

  • CVE-2025-2266CriMar 29, 2025
    risk 0.64cvss 9.8epss 0.01

    The Checkout Mestres do WP for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the cwmpUpdateOptions() function in versions 8.6.5 to 8.7.5. This makes it possible for…

  • CVE-2024-12922CriMar 19, 2025
    risk 0.64cvss 9.8epss 0.00

    The Altair theme for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check within functions.php in all versions up to, and including, 5.2.4. This makes it possible for unauthenticated attackers to…

  • CVE-2024-56066CriDec 31, 2024
    risk 0.64cvss 9.8epss 0.01

    Missing Authorization vulnerability in inspry Agency Toolkit agency-toolkit allows Privilege Escalation.This issue affects Agency Toolkit: from n/a through <= 1.0.23.

  • CVE-2024-11281CriDec 25, 2024
    risk 0.64cvss 9.8epss 0.01

    The WooCommerce Point of Sale plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 6.1.0. This is due to insufficient validation on the 'logged_in_user_id' value when option values are empty and the ability for attackers to change the…

  • CVE-2024-54239CriDec 13, 2024
    risk 0.64cvss 9.8epss 0.01

    Missing Authorization vulnerability in dugudlabs Eyewear prescription form eyewear-prescription-form allows Privilege Escalation.This issue affects Eyewear prescription form: from n/a through <= 4.0.18.

  • CVE-2024-45493CriDec 10, 2024
    risk 0.64cvss 9.8epss 0.00

    An issue was discovered in MSA FieldServer Gateway 5.0.0 through 6.5.2 (Fixed in 7.0.0). The FieldServer Gateway has internal users, whose access is supposed to be restricted to login locally on the device. However, an attacker can bypass the check for this, which might allow…

  • CVE-2024-43222CriDec 9, 2024
    risk 0.64cvss 9.8epss 0.01

    Missing Authorization vulnerability in SeventhQueen Sweet Date sweetdate allows Privilege Escalation.This issue affects Sweet Date: from n/a through <= 3.7.3.

  • CVE-2024-12155CriDec 6, 2024
    risk 0.64cvss 9.8epss 0.01

    The SV100 Companion plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the settings_import() function in all versions up to, and including, 2.0.02. This makes it possible for…

  • CVE-2024-0138CriNov 23, 2024
    risk 0.64cvss 9.8epss 0.01

    NVIDIA Base Command Manager contains a missing authentication vulnerability in the CMDaemon component. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.

  • CVE-2024-10589CriNov 9, 2024
    risk 0.64cvss 9.8epss 0.00

    The Leopard - WordPress Offload Media plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the import_settings() function in all versions up to, and including, 3.1.1. This makes it…

  • CVE-2024-48073CriNov 8, 2024
    risk 0.64cvss 9.8epss 0.01

    sunniwell HT3300 before 1.0.0.B022.2 is vulnerable to Insecure Permissions. The /usr/local/bin/update program, which is responsible for updating the software in the HT3300 device, is given the execution mode of sudo NOPASSWD. This program is vulnerable to a command injection…

  • CVE-2024-48538CriOct 24, 2024
    risk 0.64cvss 9.8epss 0.01

    Incorrect access control in the firmware update and download processes of Neye3C v4.5.2.0 allows attackers to access sensitive information by analyzing the code and data within the APK file.

  • CVE-2024-4259CriSep 3, 2024
    risk 0.64cvss 9.8epss 0.01

    Missing Authorization vulnerability in SAMPAŞ Holding AKOS (AkosCepVatandasService), SAMPAŞ Holding AKOS (TahsilatService) allows Collect Data as Provided by Users. This issue affects AKOS (AkosCepVatandasService): before V2.0; AKOS (TahsilatService): before V1.0.7.

  • CVE-2024-4428CriAug 29, 2024
    risk 0.64cvss 9.8epss 0.00

    Missing Authentication for Critical Function, Missing Authorization vulnerability in Menulux Information Technologies Managment Portal allows Collect Data as Provided by Users. This issue affects Managment Portal: through 21.05.2024.

  • CVE-2024-36246CriMay 31, 2024
    risk 0.64cvss 9.8epss 0.01

    Missing authorization vulnerability exists in Unifier and Unifier Cast. If this vulnerability is exploited, arbitrary code may be executed with LocalSystem privilege. As a result, a malicious program may be installed, data may be altered or deleted.

  • CVE-2023-49742CriApr 18, 2024
    risk 0.64cvss 9.9epss 0.01

    Missing Authorization vulnerability in Support Genix.This issue affects Support Genix: from n/a through 1.2.3.

  • CVE-2024-25912CriApr 11, 2024
    risk 0.64cvss 9.8epss 0.01

    Missing Authorization vulnerability in Skymoonlabs MoveTo.This issue affects MoveTo: from n/a through 6.2.

  • CVE-2021-4381CriJun 7, 2023
    risk 0.64cvss 9.8epss 0.01

    The uListing plugin for WordPress is vulnerable to authorization bypass via wp_route due to missing capability checks, and a missing security nonce, in the StmListingSingleLayout::import_new_layout method in versions up to, and including, 1.6.6. This makes it possible for…

  • CVE-2021-4370CriJun 7, 2023
    risk 0.64cvss 9.8epss 0.01

    The uListing plugin for WordPress is vulnerable to authorization bypass as most actions and endpoints are accessible to unauthenticated users, lack security nonces, and data is seldom validated. This issue exists in versions up to, and including, 1.6.6. This makes it possible…