VYPR

CWE-862

Missing Authorization

ClassIncompleteLikelihood: High

Description

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-665

CVEs mapped to this weakness (5,549)

page 68 of 278
  • CVE-2025-32210MedApr 10, 2025
    risk 0.42cvss 6.5epss 0.00

    Missing Authorization vulnerability in CreativeMindsSolutions CM Registration and Invitation Codes cm-invitation-codes allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CM Registration and Invitation Codes: from n/a through <= 2.5.6.

  • CVE-2025-32208MedApr 10, 2025
    risk 0.42cvss 6.5epss 0.00

    Missing Authorization vulnerability in Hive Support Hive Support hive-support allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Hive Support: from n/a through <= 1.2.5.

  • CVE-2025-2719MedApr 10, 2025
    risk 0.42cvss 6.5epss 0.00

    The Swatchly – WooCommerce Variation Swatches for Products (product attributes: Image swatch, Color swatches, Label swatches) plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_dismiss function in versions…

  • CVE-2025-31381MedApr 4, 2025
    risk 0.42cvss 6.5epss 0.00

    Missing Authorization vulnerability in shiptrack Booking Calendar and Notification booking-calendar-and-notification allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Booking Calendar and Notification: from n/a through <= 4.0.3.

  • CVE-2025-22285MedApr 4, 2025
    risk 0.42cvss 6.5epss 0.00

    Missing Authorization vulnerability in enituretechnology Pallet Packaging for WooCommerce pallet-packaging-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Pallet Packaging for WooCommerce: from n/a through <= 1.1.15.

  • CVE-2025-31896MedApr 3, 2025
    risk 0.42cvss 6.5epss 0.00

    Missing Authorization vulnerability in istmoplugins GetBookingsWP get-bookings-wp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GetBookingsWP: from n/a through <= 1.1.27.

  • CVE-2025-31858MedApr 3, 2025
    risk 0.42cvss 6.5epss 0.00

    Missing Authorization vulnerability in matthewrubin Local Magic local-magic allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Local Magic: from n/a through <= 2.9.0.

  • CVE-2025-31795MedApr 3, 2025
    risk 0.42cvss 6.5epss 0.00

    Missing Authorization vulnerability in Plugin Devs Shopify to WooCommerce Migration migrate-shopify-to-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Shopify to WooCommerce Migration: from n/a through <= 1.3.0.

  • CVE-2025-31789MedApr 3, 2025
    risk 0.42cvss 6.5epss 0.00

    Missing Authorization vulnerability in Matat Technologies TextMe SMS textme-sms-integration allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects TextMe SMS: from n/a through <= 1.9.1.

  • CVE-2025-31768MedApr 3, 2025
    risk 0.42cvss 6.5epss 0.00

    Missing Authorization vulnerability in OTWthemes Widget Manager Light widget-manager-light allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Widget Manager Light: from n/a through <= 1.18.

  • CVE-2025-31758MedApr 3, 2025
    risk 0.42cvss 6.5epss 0.00

    Missing Authorization vulnerability in BinaryCarpenter Free Woocommerce Product Table View free-product-table-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Free Woocommerce Product Table View: from n/a through <= 1.78.

  • CVE-2025-31746MedApr 3, 2025
    risk 0.42cvss 6.4epss 0.00

    Missing Authorization vulnerability in Think201 Clients clients allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Clients: from n/a through <= 1.1.4.

  • CVE-2025-31739MedApr 3, 2025
    risk 0.42cvss 6.4epss 0.00

    Missing Authorization vulnerability in Manuel Schmalstieg Minimalistic Event Manager minimalistic-event-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Minimalistic Event Manager: from n/a through <= 1.1.1.

  • CVE-2025-31736MedApr 3, 2025
    risk 0.42cvss 6.5epss 0.00

    Missing Authorization vulnerability in richtexteditor Rich Text Editor richtexteditor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Rich Text Editor: from n/a through <= 1.0.1.

  • CVE-2025-31729MedApr 3, 2025
    risk 0.42cvss 6.5epss 0.00

    Missing Authorization vulnerability in jeffikus WooTumblog woo-tumblog allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WooTumblog: from n/a through <= 2.1.4.

  • CVE-2025-31581MedApr 3, 2025
    risk 0.42cvss 6.5epss 0.00

    Missing Authorization vulnerability in Sandeep Kumar WP Video Playlist wp-video-playlist allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Video Playlist: from n/a through <= 1.1.2.

  • CVE-2025-31541MedApr 3, 2025
    risk 0.42cvss 6.5epss 0.00

    Missing Authorization vulnerability in TuriTop TuriTop Booking System turitop-booking-system allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects TuriTop Booking System: from n/a through <= 1.0.10.

  • CVE-2025-30916MedApr 3, 2025
    risk 0.42cvss 6.5epss 0.00

    Missing Authorization vulnerability in enituretechnology Residential Address Detection residential-address-detection allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Residential Address Detection: from n/a through <= 2.5.4.

  • CVE-2025-30915MedApr 3, 2025
    risk 0.42cvss 6.5epss 0.00

    Missing Authorization vulnerability in enituretechnology Small Package Quotes – Worldwide Express Edition small-package-quotes-wwe-edition allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Small Package Quotes – Worldwide Express…

  • CVE-2024-13637MedApr 2, 2025
    risk 0.42cvss 6.5epss 0.00

    The Demo Awesome plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the install_plugin function in all versions up to, and including, 1.0.3. This makes it possible for authenticated attackers, with Subscriber-level access…