VYPR

CWE-862

Missing Authorization

ClassIncompleteLikelihood: High

Description

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-665

CVEs mapped to this weakness (5,549)

page 46 of 278
  • CVE-2025-68861HigDec 29, 2025
    risk 0.46cvss 7.1epss 0.00

    Missing Authorization vulnerability in pluginoptimizer Plugin Optimizer plugin-optimizer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Plugin Optimizer: from n/a through <= 1.3.7.

  • CVE-2025-12934HigDec 23, 2025
    risk 0.46cvss 8.1epss 0.00

    The Beaver Builder – WordPress Page Builder plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on the 'duplicate_wpml_layout' function in all versions up to, and including, 2.9.4.1. This makes it possible for…

  • CVE-2025-64378HigDec 18, 2025
    risk 0.46cvss 7.1epss 0.00

    Missing Authorization vulnerability in CridioStudio ListingPro listingpro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ListingPro: from n/a through < 2.9.10.

  • CVE-2025-60079HigDec 18, 2025
    risk 0.46cvss 7.1epss 0.00

    Missing Authorization vulnerability in bPlugins Parallax Section block parallax-section allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Parallax Section block: from n/a through <= 1.0.9.

  • CVE-2025-54751HigDec 18, 2025
    risk 0.46cvss 7.1epss 0.00

    Missing Authorization vulnerability in WPXPO PostX ultimate-post allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PostX: from n/a through <= 4.1.36.

  • CVE-2025-5483HigNov 7, 2025
    risk 0.46cvss 8.1epss 0.00

    The LC Wizard plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check in the ghl-wizard/inc/wp_user.php file in versions 1.2.10 to 1.3.0. This makes it possible for unauthenticated attackers to create new user accounts with the administrator…

  • CVE-2025-54711HigNov 6, 2025
    risk 0.46cvss 7.1epss 0.00

    Missing Authorization vulnerability in bPlugins Info Cards info-cards allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Info Cards: from n/a through <= 1.0.11.

  • CVE-2025-49394HigNov 6, 2025
    risk 0.46cvss 7.1epss 0.00

    Missing Authorization vulnerability in bPlugins Image Gallery block – Create and display photo gallery/photo album. 3d-image-gallery allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Image Gallery block – Create and display photo…

  • CVE-2025-64348HigOct 31, 2025
    risk 0.46cvss 7.1epss 0.00

    ELOG allows an authenticated user to modify or overwrite the configuration file, resulting in denial of service. If the execute facility is specifically enabled with the "-x" command line flag, attackers could execute OS commands on the host machine. By default, ELOG is not…

  • CVE-2025-9243HigOct 4, 2025
    risk 0.46cvss 8.1epss 0.00

    The Cost Calculator Builder plugin for WordPress is vulnerable to unauthorizedmodification of data due to a missing capability check on the get_cc_orders and update_order_status functions in all versions up to, and including, 3.5.32. This makes it possible for authenticated…

  • CVE-2024-32589HigAug 31, 2025
    risk 0.46cvss 7.1epss 0.00

    Missing Authorization vulnerability in Dmitry V. (CEO of "UKR Solution") Barcode Scanner with Inventory & Order Manager barcode-scanner-lite-pos-to-manage-products-inventory-and-orders.This issue affects Barcode Scanner with Inventory & Order Manager: from n/a through <= 1.5.3.

  • CVE-2025-54714HigAug 28, 2025
    risk 0.46cvss 7.1epss 0.00

    Missing Authorization vulnerability in Dylan James Zephyr Project Manager zephyr-project-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Zephyr Project Manager: from n/a through <= 3.3.201.

  • CVE-2025-54710HigAug 28, 2025
    risk 0.46cvss 7.1epss 0.00

    Missing Authorization vulnerability in bPlugins Tiktok Feed b-tiktok-feed allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Tiktok Feed: from n/a through <= 1.0.21.

  • CVE-2025-52785HigAug 14, 2025
    risk 0.46cvss 7.1epss 0.00

    Missing Authorization vulnerability in softnwords SMM API smm-api allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SMM API: from n/a through <= 6.0.31.

  • CVE-2025-52775HigAug 14, 2025
    risk 0.46cvss 7.1epss 0.00

    Missing Authorization vulnerability in Ronik@UnlimitedWP Project Cost Calculator project-cost-calculator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Project Cost Calculator: from n/a through <= 1.0.0.

  • CVE-2025-49888HigJul 16, 2025
    risk 0.46cvss 7.1epss 0.00

    Missing Authorization vulnerability in pimwick PW WooCommerce On Sale! pw-woocommerce-on-sale allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PW WooCommerce On Sale!: from n/a through <= 1.39.

  • CVE-2025-49651HigJun 9, 2025
    risk 0.46cvss 8.1epss 0.00

    Missing Authorization in Lablup's BackendAI allows attackers to takeover all active sessions; Accessing, stealing, or altering any data accessible in the session. This vulnerability exists in all current versions of BackendAI.

  • CVE-2025-47527HigJun 9, 2025
    risk 0.46cvss 7.1epss 0.00

    Missing Authorization vulnerability in Icegram Icegram Collect icegram-rainmaker allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Icegram Collect: from n/a through <= 1.3.18.

  • CVE-2025-47463HigJun 9, 2025
    risk 0.46cvss 7.1epss 0.00

    Missing Authorization vulnerability in Fahad Mahmood Stock Locations for WooCommerce stock-locations-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Stock Locations for WooCommerce: from n/a through <= 2.8.6.

  • CVE-2025-46488HigMay 23, 2025
    risk 0.46cvss 7.1epss 0.00

    Missing Authorization vulnerability in dastan800 Visual Builder visual-builder allows Reflected XSS.This issue affects Visual Builder: from n/a through <= 1.2.2.