VYPR

CWE-862

Missing Authorization

ClassIncompleteLikelihood: High

Description

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-665

CVEs mapped to this weakness (5,549)

page 47 of 278
  • CVE-2025-39583HigApr 17, 2025
    risk 0.46cvss 7.1epss 0.00

    Missing Authorization vulnerability in Bertha AI – Andrew Palmer BERTHA AI bertha-ai-free allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects BERTHA AI: from n/a through <= 1.12.10.2.

  • CVE-2025-32620HigApr 17, 2025
    risk 0.46cvss 7.1epss 0.00

    Missing Authorization vulnerability in fromdoppler Doppler Forms doppler-form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Doppler Forms: from n/a through <= 2.4.6.

  • CVE-2025-32624HigApr 9, 2025
    risk 0.46cvss 7.1epss 0.00

    Missing Authorization vulnerability in czater Czater.pl – live chat i telefon czater allows Cross Site Request Forgery.This issue affects Czater.pl – live chat i telefon: from n/a through <= 1.0.5.

  • CVE-2024-2292HigMar 20, 2025
    risk 0.46cvss 7.1epss 0.00

    Due to a lack of access control, unauthorized users are able to view and modify information pertaining to other users.

  • CVE-2025-24654HigMar 3, 2025
    risk 0.46cvss 7.1epss 0.00

    Missing Authorization vulnerability in SEO Squirrly SEO Plugin by Squirrly SEO squirrly-seo.This issue affects SEO Plugin by Squirrly SEO: from n/a through <= 12.4.07.

  • CVE-2025-24692HigFeb 14, 2025
    risk 0.46cvss 7.1epss 0.00

    Missing Authorization vulnerability in M.Code Bulk Menu Edit bulk-menu-edit allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Bulk Menu Edit: from n/a through <= 1.3.

  • CVE-2025-23982HigJan 27, 2025
    risk 0.46cvss 7.1epss 0.00

    Missing Authorization vulnerability in Gopi krishnan Fare Calculator fare-calculator allows Stored XSS.This issue affects Fare Calculator: from n/a through <= 1.1.

  • CVE-2024-50967MedJan 17, 2025
    risk 0.46cvss 6.5epss 0.02

    The /rest/rights/ REST API endpoint in Becon DATAGerry through 2.2.0 contains an Incorrect Access Control vulnerability. An attacker can remotely access this endpoint without authentication, leading to unauthorized disclosure of sensitive information.

  • CVE-2024-11848HigJan 15, 2025
    risk 0.46cvss 8.1epss 0.01

    The NitroPack plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'nitropack_dismiss_notice_forever' AJAX action in all versions up to, and including, 1.17.0. This makes it possible for authenticated attackers, with…

  • CVE-2023-48758HigJan 2, 2025
    risk 0.46cvss 7.1epss 0.00

    Missing Authorization vulnerability in Crocoblock JetEngine jet-engine allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JetEngine: from n/a through <= 3.2.4.

  • CVE-2023-46632HigJan 2, 2025
    risk 0.46cvss 7.1epss 0.00

    Missing Authorization vulnerability in David Cramer My Shortcodes allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects My Shortcodes: from n/a through 2.3.

  • CVE-2024-54381HigDec 18, 2024
    risk 0.46cvss 7.1epss 0.00

    Missing Authorization vulnerability in Dotstore Advance Menu Manager advance-menu-manager.This issue affects Advance Menu Manager: from n/a through <= 3.1.1.

  • CVE-2024-54256HigDec 13, 2024
    risk 0.46cvss 7.1epss 0.01

    Missing Authorization vulnerability in Seerox Easy Blocks pro easy-blocks-pro allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Easy Blocks pro: from n/a through <= 1.0.21.

  • CVE-2023-51355HigDec 9, 2024
    risk 0.46cvss 8.2epss 0.00

    Missing Authorization vulnerability in MultiVendorX MultiVendorX dc-woocommerce-multi-vendor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MultiVendorX: from n/a through <= 4.0.23.

  • CVE-2024-47314HigNov 1, 2024
    risk 0.46cvss 7.1epss 0.00

    Missing Authorization vulnerability in sunshinephotocart Sunshine Photo Cart sunshine-photo-cart allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sunshine Photo Cart: from n/a through <= 3.2.8.

  • CVE-2024-38721HigNov 1, 2024
    risk 0.46cvss 7.1epss 0.00

    Missing Authorization vulnerability in spider-themes EazyDocs allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects EazyDocs: from n/a through 2.5.0.

  • CVE-2024-44156HigOct 28, 2024
    risk 0.46cvss 7.1epss 0.00

    A path deletion vulnerability was addressed by preventing vulnerable code from running with privileges. This issue is fixed in macOS Sequoia 15.1, macOS Sonoma 14.7.1, macOS Ventura 13.7.1. An app may be able to bypass Privacy preferences.

  • CVE-2024-43256HigAug 19, 2024
    risk 0.46cvss 7.1epss 0.00

    Missing Authorization vulnerability in nouthemes Leopard - WordPress offload media allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Leopard - WordPress offload media: from n/a through 2.0.36.

  • CVE-2024-34444HigJun 19, 2024
    risk 0.46cvss 7.1epss 0.00

    Missing Authorization vulnerability in ThemePunch OHG Slider Revolution.This issue affects Slider Revolution: from n/a before 6.7.0.

  • CVE-2023-6696HigJun 15, 2024
    risk 0.46cvss 8.1epss 0.00

    The Popup Builder – Create highly converting, mobile friendly marketing popups. plugin for WordPress is vulnerable to unauthorized access of functionality due to a missing capability check on several functions in all versions up to, and including, 4.3.1. While some functions…