VYPR

CWE-862

Missing Authorization

ClassIncompleteLikelihood: High

Description

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-665

CVEs mapped to this weakness (5,549)

page 59 of 278
  • CVE-2026-23545MedFeb 19, 2026
    risk 0.42cvss 6.5epss 0.00

    Missing Authorization vulnerability in Aruba.it Dev Aruba HiSpeed Cache aruba-hispeed-cache allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Aruba HiSpeed Cache: from n/a through <= 3.0.4.

  • CVE-2025-11754HigFeb 19, 2026
    risk 0.42cvss 7.5epss 0.00

    The GDPR Cookie Consent plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'gdpr/v1/settings' REST API endpoint in all versions up to, and including, 4.1.2. This makes it possible for unauthenticated attackers to retrieve…

  • CVE-2025-11725MedFeb 19, 2026
    risk 0.42cvss 6.5epss 0.00

    The Aruba HiSpeed Cache plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability checks on the multiple functions in all versions up to, and including, 3.0.2. This makes it possible for unauthenticated attackers to modify plugin's…

  • CVE-2026-1942MedFeb 18, 2026
    risk 0.42cvss 6.5epss 0.00

    The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the b2s_curation_draft AJAX action in all versions up to, and including, 8.7.4. The curationDraft() function only…

  • CVE-2024-31118MedFeb 17, 2026
    risk 0.42cvss 6.5epss 0.00

    Missing Authorization vulnerability in Smartypants SP Project & Document Manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SP Project & Document Manager: from n/a through 4.70.

  • CVE-2022-41650MedFeb 17, 2026
    risk 0.42cvss 6.5epss 0.00

    Missing Authorization vulnerability in Paul Custom Content by Country (by Shield Security) custom-content-by-country.This issue affects Custom Content by Country (by Shield Security): from n/a through 3.1.2.

  • CVE-2026-1786MedFeb 11, 2026
    risk 0.42cvss 6.5epss 0.00

    The Twitter posts to Blog plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'dg_tw_options' function in all versions up to, and including, 1.11.25. This makes it possible for unauthenticated attackers to update…

  • CVE-2025-15400MedFeb 11, 2026
    risk 0.42cvss 6.5epss 0.00

    The OpenPix for WooCommerce WordPress plugin through 2.13.3 allows any authenticated user to trigger AJAX actions that reset payment gateway configuration options without capability or nonce checks. This permits any authenticated users, such as subscribers to clear API…

  • CVE-2026-0572MedFeb 4, 2026
    risk 0.42cvss 6.5epss 0.00

    The WebPurify Profanity Filter plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'webpurify_save_options' function in all versions up to, and including, 4.0.2. This makes it possible for unauthenticated attackers to…

  • CVE-2025-15260MedFeb 4, 2026
    risk 0.42cvss 6.5epss 0.00

    The MyRewards – Loyalty Points and Rewards for WooCommerce plugin for WordPress is vulnerable to missing authorization in all versions up to, and including, 5.6.1. This is due to the plugin not properly verifying that a user is authorized to perform an action in the 'ajax'…

  • CVE-2026-25036MedFeb 3, 2026
    risk 0.42cvss 6.5epss 0.00

    Missing Authorization vulnerability in WP Chill Passster content-protector allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Passster: from n/a through <= 4.2.25.

  • CVE-2026-24984MedFeb 3, 2026
    risk 0.42cvss 6.5epss 0.00

    Missing Authorization vulnerability in Brecht Visual Link Preview visual-link-preview allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Visual Link Preview: from n/a through <= 2.2.9.

  • CVE-2026-24957MedFeb 3, 2026
    risk 0.42cvss 6.5epss 0.00

    Missing Authorization vulnerability in WP Chill Strong Testimonials strong-testimonials allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Strong Testimonials: from n/a through <= 3.2.20.

  • CVE-2026-24616MedJan 23, 2026
    risk 0.42cvss 6.5epss 0.00

    Missing Authorization vulnerability in Damian WP Popups wp-popups-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Popups: from n/a through <= 2.2.0.5.

  • CVE-2026-24585MedJan 23, 2026
    risk 0.42cvss 6.5epss 0.00

    Missing Authorization vulnerability in Hyyan Abo Fakher Hyyan WooCommerce Polylang Integration woo-poly-integration allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Hyyan WooCommerce Polylang Integration: from n/a through <= 1.5.0.

  • CVE-2026-24566MedJan 23, 2026
    risk 0.42cvss 6.5epss 0.00

    Missing Authorization vulnerability in iNET iNET Webkit inet-webkit allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects iNET Webkit: from n/a through <= 1.2.4.

  • CVE-2025-69315MedJan 22, 2026
    risk 0.42cvss 6.5epss 0.00

    Missing Authorization vulnerability in NSquared Simply Schedule Appointments simply-schedule-appointments allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simply Schedule Appointments: from n/a through <= 1.6.9.15.

  • CVE-2025-69095MedJan 22, 2026
    risk 0.42cvss 6.5epss 0.00

    Missing Authorization vulnerability in designthemes Reservation Plugin dt-reservation-plugin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Reservation Plugin: from n/a through <= 1.7.

  • CVE-2025-68911MedJan 22, 2026
    risk 0.42cvss 6.5epss 0.00

    Missing Authorization vulnerability in solacewp Solace solace allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Solace: from n/a through <= 2.1.16.

  • CVE-2025-68896MedJan 22, 2026
    risk 0.42cvss 6.5epss 0.00

    Missing Authorization vulnerability in vrpr WDV One Page Docs wdv-one-page-docs allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WDV One Page Docs: from n/a through <= 1.2.4.