VYPR

CWE-862

Missing Authorization

ClassIncompleteLikelihood: High

Description

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-665

CVEs mapped to this weakness (5,549)

page 60 of 278
  • CVE-2025-68558MedJan 22, 2026
    risk 0.42cvss 6.5epss 0.00

    Missing Authorization vulnerability in averta Depicter Slider depicter allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Depicter Slider: from n/a through <= 4.0.4.

  • CVE-2025-68507MedJan 22, 2026
    risk 0.42cvss 6.5epss 0.00

    Missing Authorization vulnerability in Icegram Icegram icegram allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Icegram: from n/a through <= 3.1.35.

  • CVE-2025-68073MedJan 22, 2026
    risk 0.42cvss 6.5epss 0.00

    Missing Authorization vulnerability in Ninja Team GDPR CCPA Compliance Support ninja-gdpr-compliance allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GDPR CCPA Compliance Support: from n/a through <= 2.7.4.

  • CVE-2025-68072MedJan 22, 2026
    risk 0.42cvss 6.5epss 0.00

    Missing Authorization vulnerability in Merv Barrett Easy Property Listings easy-property-listings allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Property Listings: from n/a through <= 3.5.20.

  • CVE-2025-68039MedJan 22, 2026
    risk 0.42cvss 6.5epss 0.00

    Missing Authorization vulnerability in Chris Simmons WP BackItUp wp-backitup allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP BackItUp: from n/a through <= 2.1.0.

  • CVE-2025-68020MedJan 22, 2026
    risk 0.42cvss 6.5epss 0.00

    Missing Authorization vulnerability in WANotifier Notifier notifier allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Notifier: from n/a through <= 2.7.13.

  • CVE-2025-68019MedJan 22, 2026
    risk 0.42cvss 6.5epss 0.00

    Missing Authorization vulnerability in cleverplugins SEO Booster seo-booster allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SEO Booster: from n/a through <= 6.1.8.

  • CVE-2025-68016MedJan 22, 2026
    risk 0.42cvss 6.5epss 0.00

    Missing Authorization vulnerability in Onepay Sri Lanka onepay Payment Gateway For WooCommerce onepay-payment-gateway-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects onepay Payment Gateway For WooCommerce: from n/a…

  • CVE-2025-68013MedJan 22, 2026
    risk 0.42cvss 6.5epss 0.00

    Missing Authorization vulnerability in cardpaysolutions Payment Gateway Authorize.Net CIM for WooCommerce authnet-cim-for-woo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Payment Gateway Authorize.Net CIM for WooCommerce: from n/a…

  • CVE-2025-68009MedJan 22, 2026
    risk 0.42cvss 6.5epss 0.00

    Missing Authorization vulnerability in Codeless Slider Templates slider-templates allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Slider Templates: from n/a through <= 1.0.3.

  • CVE-2025-68007MedJan 22, 2026
    risk 0.42cvss 6.5epss 0.00

    Missing Authorization vulnerability in Event Espresso Event Espresso 4 Decaf event-espresso-decaf allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Event Espresso 4 Decaf: from n/a through <= 5.0.37.decaf.

  • CVE-2025-68003MedJan 22, 2026
    risk 0.42cvss 6.5epss 0.00

    Missing Authorization vulnerability in renatoatshown Shown Connector shown-connector allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Shown Connector: from n/a through <= 1.2.10.

  • CVE-2025-67958MedJan 22, 2026
    risk 0.42cvss 6.5epss 0.00

    Missing Authorization vulnerability in Taxcloud TaxCloud for WooCommerce simple-sales-tax allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects TaxCloud for WooCommerce: from n/a through <= 8.3.8.

  • CVE-2025-67942MedJan 22, 2026
    risk 0.42cvss 6.5epss 0.00

    Missing Authorization vulnerability in peachpayments Peach Payments Gateway wc-peach-payments-gateway allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Peach Payments Gateway: from n/a through <= 3.3.6.

  • CVE-2025-67939MedJan 22, 2026
    risk 0.42cvss 6.5epss 0.00

    Missing Authorization vulnerability in Tickera Tickera tickera-event-ticketing-system allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tickera: from n/a through <= 3.5.6.2.

  • CVE-2025-5805MedJan 22, 2026
    risk 0.42cvss 6.5epss 0.00

    Missing Authorization vulnerability in Ninetheme Electron electron allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Electron: from n/a through <= 1.8.2.

  • CVE-2025-54002MedJan 22, 2026
    risk 0.42cvss 6.5epss 0.00

    Missing Authorization vulnerability in Jthemes xSmart xsmart allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects xSmart: from n/a through <= 1.2.9.4.

  • CVE-2025-14450MedJan 17, 2026
    risk 0.42cvss 6.5epss 0.00

    The Wallet System for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'change_wallet_fund_request_status_callback' function in all versions up to, and including, 2.7.2. This makes it possible for…

  • CVE-2026-1000MedJan 16, 2026
    risk 0.42cvss 6.5epss 0.00

    The MailerLite - WooCommerce integration plugin for WordPress is vulnerable to unauthorized data modification and deletion in all versions up to, and including, 3.1.3. This is due to missing capability checks on the resetIntegration() function. This makes it possible for…

  • CVE-2026-0503MedJan 13, 2026
    risk 0.42cvss 6.4epss 0.00

    Due to missing authorization check in the SAP ERP Central Component (SAP ECC) and SAP S/4HANA (SAP EHS Management), an attacker could extract hardcoded clear-text credentials and bypass the password authentication check by manipulating user parameters. Upon successful…