VYPR

CWE-862

Missing Authorization

ClassIncompleteLikelihood: High

Description

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-665

CVEs mapped to this weakness (5,549)

page 62 of 278
  • CVE-2025-66100MedDec 18, 2025
    risk 0.42cvss 6.5epss 0.00

    Missing Authorization vulnerability in Magnigenie RestroPress restropress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects RestroPress: from n/a through <= 3.2.3.5.

  • CVE-2025-66068MedDec 18, 2025
    risk 0.42cvss 6.5epss 0.00

    Missing Authorization vulnerability in InstaWP InstaWP Connect instawp-connect allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects InstaWP Connect: from n/a through <= 0.1.1.9.

  • CVE-2025-64375MedDec 18, 2025
    risk 0.42cvss 6.5epss 0.00

    Missing Authorization vulnerability in Mahmudul Hasan Arif WP Social Ninja wp-social-reviews allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Social Ninja: from n/a through <= 3.20.1.

  • CVE-2025-64273MedDec 18, 2025
    risk 0.42cvss 6.5epss 0.00

    Missing Authorization vulnerability in GetResponse Email marketing for WordPress by GetResponse Official getresponse-official allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Email marketing for WordPress by GetResponse Official: from…

  • CVE-2025-63039MedDec 18, 2025
    risk 0.42cvss 6.5epss 0.00

    Missing Authorization vulnerability in CridioStudio ListingPro listingpro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ListingPro: from n/a through <= 2.9.9.

  • CVE-2025-60088MedDec 18, 2025
    risk 0.42cvss 6.5epss 0.00

    Missing Authorization vulnerability in Saleswonder Team: Tobias WebinarIgnition webinar-ignition allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WebinarIgnition: from n/a through <= 4.06.04.

  • CVE-2025-54745MedDec 18, 2025
    risk 0.42cvss 6.5epss 0.00

    Missing Authorization vulnerability in miniOrange miniOrange's Google Authenticator miniorange-2-factor-authentication allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects miniOrange's Google Authenticator: from n/a through <= 6.1.1.

  • CVE-2025-54741MedDec 18, 2025
    risk 0.42cvss 6.5epss 0.00

    Missing Authorization vulnerability in Tyler Moore Super Blank super-blank allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Super Blank: from n/a through <= 1.2.0.

  • CVE-2025-49902MedDec 18, 2025
    risk 0.42cvss 6.5epss 0.00

    Missing Authorization vulnerability in A WP Life Login Page Customizer – Customizer Login Page, Admin Page, Custom Design customizer-login-page allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Login Page Customizer – Customizer Login…

  • CVE-2025-49041MedDec 18, 2025
    risk 0.42cvss 6.5epss 0.00

    Missing Authorization vulnerability in The African Boss Get Cash get-cash allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Get Cash: from n/a through <= 3.2.3.

  • CVE-2025-13880MedDec 17, 2025
    risk 0.42cvss 6.5epss 0.00

    The WP Social Ninja – Embed Social Feeds, Customer Reviews, Chat Widgets (Google Reviews, YouTube Feed, Photo Feeds, and More) plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on the getAdvanceSettings and…

  • CVE-2025-67976MedDec 16, 2025
    risk 0.42cvss 6.5epss 0.00

    Missing Authorization vulnerability in Bob Watu Quiz watu allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Watu Quiz: from n/a through <= 3.4.5.

  • CVE-2025-13866MedDec 12, 2025
    risk 0.42cvss 6.4epss 0.00

    The Flow-Flow Social Feed Stream plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the flow_flow_social_auth AJAX action in versions 3.0.0 to 4.7.5. This makes it possible for authenticated attackers, with…

  • CVE-2025-67548MedDec 9, 2025
    risk 0.42cvss 6.5epss 0.00

    Missing Authorization vulnerability in WP Delicious WP Delicious delicious-recipes allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Delicious: from n/a through <= 1.9.1.

  • CVE-2025-67540MedDec 9, 2025
    risk 0.42cvss 6.5epss 0.00

    Missing Authorization vulnerability in Wealcoder Animation Addons for Elementor animation-addons-for-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Animation Addons for Elementor: from n/a through <= 2.4.5.

  • CVE-2025-62090MedDec 9, 2025
    risk 0.42cvss 6.5epss 0.00

    Missing Authorization vulnerability in Jegstudio Gutenverse News – Advanced News Magazine Blog Gutenberg Blocks Addons gutenverse-news allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Gutenverse News – Advanced News Magazine Blog…

  • CVE-2025-66079MedNov 21, 2025
    risk 0.42cvss 6.5epss 0.00

    Missing Authorization vulnerability in Jegstudio Gutenverse Form gutenverse-form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Gutenverse Form: from n/a through <= 2.2.0.

  • CVE-2025-66065MedNov 21, 2025
    risk 0.42cvss 6.5epss 0.00

    Missing Authorization vulnerability in Jegstudio Gutenverse gutenverse allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Gutenverse: from n/a through <= 3.2.1.

  • CVE-2025-11003MedNov 21, 2025
    risk 0.42cvss 6.4epss 0.00

    The UiPress lite | Effortless custom dashboards, admin themes and pages plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'uip_save_ui_template' function in all versions up to, and including, 3.5.08. This makes it…

  • CVE-2025-10938MedNov 21, 2025
    risk 0.42cvss 6.5epss 0.00

    The UiPress lite plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.5.08. This is due to missing capability checks in the 'uip_process_block_query' AJAX function. This makes it possible for authenticated attackers, with…