VYPR

CWE-862

Missing Authorization

ClassIncompleteLikelihood: High

Description

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-665

CVEs mapped to this weakness (5,549)

page 51 of 278
  • CVE-2026-49775MedJun 15, 2026
    risk 0.42cvss 6.5epss 0.00

    Unauthenticated Broken Access Control in Welcart e-Commerce <= 2.11.28 versions.

  • CVE-2026-48887MedJun 15, 2026
    risk 0.42cvss 6.5epss 0.00

    Unauthenticated Broken Access Control in JS Help Desk <= 3.0.9 versions.

  • CVE-2026-42659MedJun 15, 2026
    risk 0.42cvss 6.5epss 0.00

    Subscriber Broken Access Control in Advanced Form Integration <= 1.126.12 versions.

  • CVE-2026-42640MedJun 15, 2026
    risk 0.42cvss 6.5epss 0.00

    Unauthenticated Broken Access Control in Classified Listing <= 5.3.8 versions.

  • CVE-2026-40795MedJun 15, 2026
    risk 0.42cvss 6.5epss 0.00

    Subscriber Broken Access Control in Amelia <= 2.2 versions.

  • CVE-2026-40794MedJun 15, 2026
    risk 0.42cvss 6.5epss 0.00

    Subscriber Broken Access Control in myCred <= 3.0.3 versions.

  • CVE-2026-40793MedJun 15, 2026
    risk 0.42cvss 6.5epss 0.00

    Subscriber Broken Access Control in Groundhogg < 4.4.1 versions.

  • CVE-2026-40773MedJun 15, 2026
    risk 0.42cvss 6.5epss 0.00

    Subscriber Broken Access Control in rtMedia for WordPress, BuddyPress and bbPress <= 4.7.9 versions.

  • CVE-2026-40743MedJun 15, 2026
    risk 0.42cvss 6.5epss 0.00

    Unauthenticated Broken Access Control in Tutor LMS <= 3.9.7 versions.

  • CVE-2026-39594MedJun 15, 2026
    risk 0.42cvss 6.4epss 0.00

    Subscriber Broken Access Control in Ultra Addons for WPForms <= 1.0.11 versions.

  • CVE-2026-39584MedJun 15, 2026
    risk 0.42cvss 6.5epss 0.00

    Subscriber Broken Access Control in RepairBuddy <= 4.1132 versions.

  • CVE-2026-39525MedJun 15, 2026
    risk 0.42cvss 6.5epss 0.00

    Unauthenticated Broken Access Control in Booking Activities <= 1.16.48.1 versions.

  • CVE-2026-39515MedJun 15, 2026
    risk 0.42cvss 6.5epss 0.00

    Subscriber Broken Access Control in Motors < 1.4.107 versions.

  • CVE-2026-34892MedJun 15, 2026
    risk 0.42cvss 6.5epss 0.00

    Subscriber Broken Access Control in Rank Math SEO <= 1.0.271 versions.

  • CVE-2025-69332MedJun 15, 2026
    risk 0.42cvss 6.5epss 0.00

    Subscriber Broken Access Control in Bookify <= 1.1.1 versions.

  • CVE-2026-48969MedJun 15, 2026
    risk 0.42cvss 6.5epss 0.00

    Subscriber Broken Access Control in Really Simple SSL <= 9.5.9 versions.

  • CVE-2025-64215MedJun 15, 2026
    risk 0.42cvss 6.5epss 0.00

    Missing Authorization vulnerability in StylemixThemes MasterStudy LMS Pro allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects MasterStudy LMS Pro: from n/a before 4.7.16.

  • CVE-2026-11852MedJun 10, 2026
    risk 0.42cvss 6.5epss 0.00

    Debusine is an integrated solution to build, distribute and maintain a Debian-based distribution. Files managed by debusine are organized into artifacts. The endpoints that create and delete relationships between artifacts enforced no permissions checks beyond being able to see…

  • CVE-2026-47346HigJun 9, 2026
    risk 0.42cvss epss 0.00

    Backend users with file write permissions were able to upload form definition files with mixed-case extensions (e.g., .FORM.YAML) to bypass the Form Framework's upload restriction. Maliciously crafted form definition files can be used to execute arbitrary SQL statements,…

  • CVE-2026-11607HigJun 9, 2026
    risk 0.42cvss epss 0.00

    Backend users with access to the Form Framework were able to use files not ending in .form.yaml as form definitions, which were processed without denying the incorrect file extension. Maliciously crafted form definition files can be used to execute arbitrary SQL statements,…