VYPR

CWE-862

Missing Authorization

ClassIncompleteLikelihood: High

Description

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-665

CVEs mapped to this weakness (5,549)

page 42 of 278
  • CVE-2026-41454HigApr 22, 2026
    risk 0.47cvss 8.3epss 0.00

    WeKan before 8.35 contains a missing authorization vulnerability in the Integration REST API endpoints that allows authenticated board members to perform administrative actions without proper privilege verification. Attackers can enumerate integrations including webhook URLs,…

  • CVE-2026-25456HigMar 25, 2026
    risk 0.47cvss 7.3epss 0.00

    Missing Authorization vulnerability in Aarsiv Groups Automated FedEx live/manual rates with shipping labels a2z-fedex-shipping allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Automated FedEx live/manual rates with shipping labels: from…

  • CVE-2026-25083HigMar 16, 2026
    risk 0.47cvss 8.3epss 0.00

    GROWI OpenAI thread/message API endpoints do not perform authorization. Affected are v7.4.5 and earlier versions. A logged-in user who knows a shared AI assistant's identifier may view and/or tamper the other user's threads/messages.

  • CVE-2026-27396HigMar 5, 2026
    risk 0.47cvss 7.3epss 0.00

    Missing Authorization vulnerability in e-plugins Directory Pro directory-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Directory Pro: from n/a through <= 2.5.6.

  • CVE-2025-68022HigFeb 20, 2026
    risk 0.47cvss 7.3epss 0.00

    Missing Authorization vulnerability in soporteblue Plugin BlueX for WooCommerce bluex-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Plugin BlueX for WooCommerce: from n/a through <= 3.1.6.

  • CVE-2025-15041HigFeb 19, 2026
    risk 0.47cvss 7.2epss 0.00

    The BackWPup – WordPress Backup & Restore Plugin plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the save_site_option() function in all versions up to, and including, 5.6.2. This…

  • CVE-2025-12975HigFeb 19, 2026
    risk 0.47cvss 7.2epss 0.01

    The CTX Feed – WooCommerce Product Feed Manager plugin for WordPress is vulnerable to unauthorized arbitrary plugin installation due to a missing capability check on the woo_feed_plugin_installing() function in all versions up to, and including, 6.6.11. This makes it possible…

  • CVE-2026-1937HigFeb 18, 2026
    risk 0.47cvss 7.2epss 0.00

    The YayMail – WooCommerce Email Customizer plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the `yaymail_import_state` AJAX action in all versions up to, and including, 4.3.2.…

  • CVE-2026-0832HigJan 28, 2026
    risk 0.47cvss 7.3epss 0.00

    The New User Approve plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on multiple REST API endpoints in all versions up to, and including, 3.2.2. This makes it possible for unauthenticated attackers to…

  • CVE-2025-69193HigJan 22, 2026
    risk 0.47cvss 7.3epss 0.00

    Missing Authorization vulnerability in e-plugins WP Membership wp-membership allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Membership: from n/a through <= 1.6.4.

  • CVE-2025-69192HigJan 22, 2026
    risk 0.47cvss 7.3epss 0.00

    Missing Authorization vulnerability in e-plugins Real Estate Pro real-estate-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Real Estate Pro: from n/a through <= 2.1.5.

  • CVE-2025-69191HigJan 22, 2026
    risk 0.47cvss 7.3epss 0.00

    Missing Authorization vulnerability in e-plugins ListingHub listinghub allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ListingHub: from n/a through <= 1.2.7.

  • CVE-2025-69190HigJan 22, 2026
    risk 0.47cvss 7.3epss 0.00

    Missing Authorization vulnerability in e-plugins Listihub listihub allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Listihub: from n/a through <= 1.0.6.

  • CVE-2025-69188HigJan 22, 2026
    risk 0.47cvss 7.3epss 0.00

    Missing Authorization vulnerability in e-plugins fitness-trainer fitness-trainer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects fitness-trainer: from n/a through <= 1.7.1.

  • CVE-2025-69187HigJan 22, 2026
    risk 0.47cvss 7.3epss 0.00

    Missing Authorization vulnerability in e-plugins Final User final-user allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Final User: from n/a through <= 1.2.5.

  • CVE-2025-69186HigJan 22, 2026
    risk 0.47cvss 7.3epss 0.00

    Missing Authorization vulnerability in e-plugins Hospital Doctor Directory hospital-doctor-directory allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Hospital Doctor Directory: from n/a through <= 1.3.9.

  • CVE-2025-69185HigJan 22, 2026
    risk 0.47cvss 7.3epss 0.00

    Missing Authorization vulnerability in e-plugins Hotel Listing hotel-listing allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Hotel Listing: from n/a through <= 1.4.2.

  • CVE-2025-69184HigJan 22, 2026
    risk 0.47cvss 7.3epss 0.00

    Missing Authorization vulnerability in e-plugins Institutions Directory institutions-directory allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Institutions Directory: from n/a through <= 1.3.4.

  • CVE-2025-69181HigJan 22, 2026
    risk 0.47cvss 7.3epss 0.00

    Missing Authorization vulnerability in e-plugins Lawyer Directory lawyer-directory allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Lawyer Directory: from n/a through <= 1.3.4.

  • CVE-2025-11620HigNov 18, 2025
    risk 0.47cvss 7.2epss 0.00

    The Multiple Roles per User plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'mrpu_add_multiple_roles_ui' and 'mrpu_save_multiple_user_roles' functions in all versions up to, and including, 1.0. This makes it…