VYPR

CWE-862

Missing Authorization

ClassIncompleteLikelihood: High

Description

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-665

CVEs mapped to this weakness (5,549)

page 43 of 278
  • CVE-2025-13063HigNov 12, 2025
    risk 0.47cvss 7.3epss 0.00

    A flaw has been found in DinukaNavaratna Dee Store 1.0. Affected is an unknown function. Executing manipulation can lead to missing authorization. The attack may be performed from remote. The exploit has been published and may be used. Multiple endpoints are affected.

  • CVE-2025-49950HigOct 22, 2025
    risk 0.47cvss 7.2epss 0.00

    Missing Authorization vulnerability in billingo Official Integration for Billingo billingo allows Privilege Escalation.This issue affects Official Integration for Billingo: from n/a through <= 4.3.0.

  • CVE-2025-10313HigOct 15, 2025
    risk 0.47cvss 7.2epss 0.00

    The Find And Replace content for WordPress plugin for WordPress is vulnerable to unauthorized Stored Cross-Site Scripting and Arbitrary Content Replacement due to a missing capability check on the far_admin_ajax_fun() function in all versions up to, and including, 1.1. This…

  • CVE-2025-52801HigAug 14, 2025
    risk 0.47cvss 7.3epss 0.00

    Missing Authorization vulnerability in VonStroheim TheBooking thebooking allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects TheBooking: from n/a through <= 1.4.4.

  • CVE-2025-52800HigAug 14, 2025
    risk 0.47cvss 7.3epss 0.00

    Missing Authorization vulnerability in Unity Business Technology Pty Ltd The E-Commerce ERP profitori allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects The E-Commerce ERP: from n/a through <= 2.1.1.3.

  • CVE-2025-8435HigAug 1, 2025
    risk 0.47cvss 7.3epss 0.00

    A vulnerability was found in code-projects Online Movie Streaming 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin-control.php. The manipulation of the argument ID leads to missing authorization. The attack can…

  • CVE-2025-8434HigAug 1, 2025
    risk 0.47cvss 7.3epss 0.00

    A vulnerability was found in code-projects Online Movie Streaming 1.0. It has been classified as critical. Affected is an unknown function of the file /admin.php. The manipulation of the argument ID leads to missing authorization. It is possible to launch the attack remotely.…

  • CVE-2025-4477HigMay 19, 2025
    risk 0.47cvss 7.2epss 0.00

    The ThreatSonar Anti-Ransomware from TeamT5 has a Privilege Escalation vulnerability, allowing remote attackers with intermediate privileges to escalate their privileges to highest administrator level through a specific API.

  • CVE-2025-0856HigMay 6, 2025
    risk 0.47cvss 7.3epss 0.00

    The PGS Core plugin for WordPress is vulnerable to unauthorized access, modification, and loss of data due to a missing capability check on multiple functions in all versions up to, and including, 5.8.0. This makes it possible for unauthenticated attackers to add, modify, or…

  • CVE-2025-22235HigApr 28, 2025
    risk 0.47cvss 7.3epss 0.00

    EndpointRequest.to() creates a matcher for null/** if the actuator endpoint, for which the EndpointRequest has been created, is disabled or not exposed. Your application may be affected by this if all the following conditions are met: * You use Spring Security * …

  • CVE-2025-27296HigFeb 24, 2025
    risk 0.47cvss 7.2epss 0.00

    Missing Authorization vulnerability in revenueflex Auto Ad Inserter – Increase Google Adsense and Ad Manager Revenue revenueflex-easy-ads allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Auto Ad Inserter – Increase Google Adsense and…

  • CVE-2024-52500HigFeb 14, 2025
    risk 0.47cvss 7.2epss 0.00

    Missing Authorization vulnerability in monetagwp Monetag Official Plugin monetag-official allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Monetag Official Plugin: from n/a through <= 1.1.3.

  • CVE-2024-10574HigJan 26, 2025
    risk 0.47cvss 7.2epss 0.00

    The Quiz Maker Business, Developer, and Agency plugins for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ays_save_google_credentials' function in all versions up to, and including, 8.8.0 (Business), up to, and including,…

  • CVE-2023-45104HigJan 2, 2025
    risk 0.47cvss 7.3epss 0.00

    Missing Authorization vulnerability in WPDeveloper BetterLinks betterlinks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects BetterLinks: from n/a through <= 1.6.0.

  • CVE-2023-36510HigDec 13, 2024
    risk 0.47cvss 7.3epss 0.00

    Missing Authorization vulnerability in Reservation Diary ReDi Restaurant Reservation allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ReDi Restaurant Reservation: from n/a through 23.0211.

  • CVE-2023-32507HigDec 13, 2024
    risk 0.47cvss 7.3epss 0.01

    Missing Authorization vulnerability in wp3sixty Woo Custom Emails allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Woo Custom Emails: from n/a through 2.2.

  • CVE-2024-39664HigNov 1, 2024
    risk 0.47cvss 7.3epss 0.00

    Missing Authorization vulnerability in YMC Filter & Grids allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Filter & Grids: from n/a through 2.8.33.

  • CVE-2021-4444HigOct 16, 2024
    risk 0.47cvss 7.3epss 0.00

    The Product Filter by WooBeWoo plugin for WordPress is vulnerable to authorization bypass in versions up to, and including 1.4.9 due to missing authorization checks on various functions. This makes it possible for unauthenticated attackers to perform unauthorized actions such as…

  • CVE-2024-3555HigJun 4, 2024
    risk 0.47cvss 7.2epss 0.00

    The Social Link Pages: link-in-bio landing pages for your social media profiles plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the import_link_pages() function in all versions up to, and including, 1.6.9. This makes it possible for…

  • CVE-2024-3821HigJun 1, 2024
    risk 0.47cvss 7.3epss 0.00

    The wpDataTables – WordPress Data Table, Dynamic Tables & Table Charts Plugin plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several functions in the wdt_ajax_actions.php file in all versions up to, and including, 6.3.2. This…