VYPR

CWE-862

Missing Authorization

ClassIncompleteLikelihood: High

Description

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-665

CVEs mapped to this weakness (5,549)

page 63 of 278
  • CVE-2025-10938MedNov 21, 2025
    risk 0.42cvss 6.5epss 0.00

    The UiPress lite plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.5.08. This is due to missing capability checks in the 'uip_process_block_query' AJAX function. This makes it possible for authenticated attackers, with…

  • CVE-2025-12937MedNov 18, 2025
    risk 0.42cvss 6.5epss 0.00

    The ACF Flexible Layouts Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'acf_flm_update_template_with_pasted_layout' function in all versions up to, and including, 1.1.6. This makes it possible for…

  • CVE-2025-64369MedNov 13, 2025
    risk 0.42cvss 6.5epss 0.00

    Missing Authorization vulnerability in codepeople Contact Form Email contact-form-to-email allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Contact Form Email: from n/a through <= 1.3.58.

  • CVE-2025-64276MedNov 13, 2025
    risk 0.42cvss 6.5epss 0.00

    Missing Authorization vulnerability in Ays Pro Survey Maker survey-maker allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Survey Maker: from n/a through <= 5.1.9.4.

  • CVE-2025-12633HigNov 12, 2025
    risk 0.42cvss 7.5epss 0.00

    The Booking Calendar | Appointment Booking | Bookit plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the '/wp-json/bookit/v1/commerce/stripe/return' REST API Endpoint in all versions up to, and including, 2.5.0. This…

  • CVE-2025-7663MedNov 8, 2025
    risk 0.42cvss 6.5epss 0.00

    The Ovatheme Events Manager plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several functions in the /class-ovaem-ajax.php file in all versions up to, and including, 1.8.6. This makes it possible for unauthenticated attackers to…

  • CVE-2025-12583MedNov 8, 2025
    risk 0.42cvss 6.4epss 0.00

    The Simple Downloads List plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wp_ajax_neofix_sdl_edit' AJAX endpoint along with many others in all versions up to, and including, 1.4.3. This makes it possible for…

  • CVE-2025-62914MedNov 6, 2025
    risk 0.42cvss 6.5epss 0.00

    Missing Authorization vulnerability in anibalwainstein Effect Maker effect-maker allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Effect Maker: from n/a through <= 1.2.1.

  • CVE-2025-62049MedNov 6, 2025
    risk 0.42cvss 6.5epss 0.00

    Missing Authorization vulnerability in Stylemix Cost Calculator Builder cost-calculator-builder.This issue affects Cost Calculator Builder: from n/a through <= 3.5.32.

  • CVE-2025-62046MedNov 6, 2025
    risk 0.42cvss 6.5epss 0.00

    Missing Authorization vulnerability in CodexThemes TheGem Demo Import (for WPBakery) thegem-importer.This issue affects TheGem Demo Import (for WPBakery): from n/a through <= 5.10.5.

  • CVE-2025-62037MedNov 6, 2025
    risk 0.42cvss 6.5epss 0.00

    Missing Authorization vulnerability in uxper Togo togo.This issue affects Togo: from n/a through < 1.0.4.

  • CVE-2025-62033MedNov 6, 2025
    risk 0.42cvss 6.5epss 0.00

    Missing Authorization vulnerability in uxper Togo togo.This issue affects Togo: from n/a through < 1.0.4.

  • CVE-2025-60247MedNov 6, 2025
    risk 0.42cvss 6.5epss 0.00

    Missing Authorization vulnerability in Bux Bux Woocommerce bux-woocommerce allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Bux Woocommerce: from n/a through <= 1.2.3.

  • CVE-2025-53246MedNov 6, 2025
    risk 0.42cvss 6.5epss 0.00

    Missing Authorization vulnerability in Gaurav Aggarwal Backup and Move backup-and-move allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Backup and Move: from n/a through <= 0.1.

  • CVE-2025-53214MedNov 6, 2025
    risk 0.42cvss 6.5epss 0.00

    Missing Authorization vulnerability in sertifier Sertifier Certificate & Badge Maker sertifier-certificates-open-badges allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sertifier Certificate & Badge Maker: from n/a through <= 1.21.

  • CVE-2025-62929MedOct 27, 2025
    risk 0.42cvss 6.5epss 0.00

    Missing Authorization vulnerability in PickPlugins Testimonial Slider testimonial allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Testimonial Slider: from n/a through <= 2.0.15.

  • CVE-2025-62927MedOct 27, 2025
    risk 0.42cvss 6.5epss 0.00

    Missing Authorization vulnerability in Nelio Software Nelio Content nelio-content allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Nelio Content: from n/a through <= 4.0.5.

  • CVE-2025-62924MedOct 27, 2025
    risk 0.42cvss 6.5epss 0.00

    Missing Authorization vulnerability in PickPlugins Post Grid and Gutenberg Blocks post-grid allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Post Grid and Gutenberg Blocks: from n/a through <= 2.3.17.

  • CVE-2025-62889MedOct 27, 2025
    risk 0.42cvss 6.5epss 0.00

    Missing Authorization vulnerability in KingAddons.com King Addons for Elementor king-addons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects King Addons for Elementor: from n/a through <= 51.1.61.

  • CVE-2025-62019MedOct 22, 2025
    risk 0.42cvss 6.5epss 0.00

    Missing Authorization vulnerability in WPZOOM Recipe Card Blocks for Gutenberg & Elementor recipe-card-blocks-by-wpzoom.This issue affects Recipe Card Blocks for Gutenberg & Elementor: from n/a through <= 3.4.8.