VYPR

CWE-862

Missing Authorization

ClassIncompleteLikelihood: High

Description

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-665

CVEs mapped to this weakness (5,549)

page 69 of 278
  • CVE-2025-2779MedApr 2, 2025
    risk 0.42cvss 6.5epss 0.00

    The Insert Headers and Footers Code – HT Script plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_dismiss function in all versions up to, and including, 1.1.2. This makes it possible for authenticated…

  • CVE-2025-31780MedApr 1, 2025
    risk 0.42cvss 6.5epss 0.00

    Missing Authorization vulnerability in Andy Stratton Append Content append-content allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Append Content: from n/a through <= 2.1.1.

  • CVE-2025-31539MedMar 31, 2025
    risk 0.42cvss 6.5epss 0.00

    Missing Authorization vulnerability in Blocksera Cryptocurrency Widgets Pack cryptocurrency-widgets-pack allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Cryptocurrency Widgets Pack: from n/a through <= 2.0.1.

  • CVE-2025-22670MedMar 27, 2025
    risk 0.42cvss 6.5epss 0.00

    Missing Authorization vulnerability in e4jvikwp VikBooking Hotel Booking Engine & PMS vikbooking allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects VikBooking Hotel Booking Engine & PMS: from n/a through <= 1.7.2.

  • CVE-2025-22668MedMar 27, 2025
    risk 0.42cvss 6.5epss 0.00

    Missing Authorization vulnerability in AwesomeTOGI Awesome Event Booking awesome-event-booking allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Awesome Event Booking: from n/a through <= 2.7.2.

  • CVE-2025-2267MedMar 15, 2025
    risk 0.42cvss 6.5epss 0.00

    The WP01 plugin for WordPress is vulnerable to Arbitrary File Download in all versions up to, and including, 2.6.2 due to a missing capability check and insufficient restrictions on the make_archive() function. This makes it possible for authenticated attackers, with…

  • CVE-2025-0954MedMar 5, 2025
    risk 0.42cvss 6.5epss 0.00

    The WP Online Contract plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the json_import() and json_export() functions in all versions up to, and including, 5.1.4. This makes it possible for unauthenticated attackers to import and…

  • CVE-2024-13780MedMar 5, 2025
    risk 0.42cvss 6.5epss 0.00

    The Hero Mega Menu - Responsive WordPress Menu Plugin plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the hmenu_delete_menu() function in all versions up to, and including, 1.16.5. This makes it possible for…

  • CVE-2025-23763MedMar 3, 2025
    risk 0.42cvss 6.5epss 0.01

    Missing Authorization vulnerability in Alex Volkov WAH Forms allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WAH Forms: from n/a through 1.0.

  • CVE-2025-23615MedMar 3, 2025
    risk 0.42cvss 6.5epss 0.01

    Missing Authorization vulnerability in gtekelis Interactive Page Hierarchy interactive-page-hierarchy allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Interactive Page Hierarchy: from n/a through <= 1.0.1.

  • CVE-2025-23613MedMar 3, 2025
    risk 0.42cvss 6.5epss 0.01

    Missing Authorization vulnerability in mediabeta WP Journal wpjournal allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Journal: from n/a through <= 1.1.

  • CVE-2025-23515MedMar 3, 2025
    risk 0.42cvss 6.5epss 0.00

    Missing Authorization vulnerability in tsecher ts-tree ts-tree allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ts-tree: from n/a through <= 0.1.1.

  • CVE-2024-13746MedMar 1, 2025
    risk 0.42cvss 6.5epss 0.00

    The Booking Calendar and Notification plugin for WordPress is vulnerable to unauthorized access, modification, and loss of data due to missing capability checks on the wpcb_all_bookings(), wpcb_update_booking_post(), and wpcb_delete_posts() functions in all versions up to, and…

  • CVE-2025-26883MedFeb 24, 2025
    risk 0.42cvss 6.5epss 0.00

    Missing Authorization vulnerability in bPlugins Animated Text Block animated-text-block allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Animated Text Block: from n/a through <= 1.0.7.

  • CVE-2025-26764MedFeb 22, 2025
    risk 0.42cvss 6.5epss 0.00

    Missing Authorization vulnerability in enituretechnology Distance Based Shipping Calculator distance-based-shipping-calculator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Distance Based Shipping Calculator: from n/a through <=…

  • CVE-2025-26750MedFeb 22, 2025
    risk 0.42cvss 6.5epss 0.00

    Missing Authorization vulnerability in appsbd Vitepos vitepos-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Vitepos: from n/a through <= 3.1.3.

  • CVE-2024-37363MedFeb 20, 2025
    risk 0.42cvss 6.5epss 0.00

    The product does not perform an authorization check when an actor attempts to access a resource or perform an action. (CWE-862)  Hitachi Vantara Pentaho Business Analytics Server versions before 10.2.0.0 and 9.3.0.8, including 8.3.x, do not correctly perform an…

  • CVE-2025-22289MedFeb 16, 2025
    risk 0.42cvss 6.5epss 0.00

    Missing Authorization vulnerability in enituretechnology LTL Freight Quotes – Unishippers Edition ltl-freight-quotes-unishippers-edition allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LTL Freight Quotes – Unishippers Edition: from…

  • CVE-2025-23771MedFeb 14, 2025
    risk 0.42cvss 6.5epss 0.00

    Missing Authorization vulnerability in Murali Push Notification for Post and BuddyPress push-notification-for-post-and-buddypress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Push Notification for Post and BuddyPress: from n/a…

  • CVE-2025-23766MedFeb 14, 2025
    risk 0.42cvss 6.5epss 0.00

    Missing Authorization vulnerability in ashamil OPSI Israel Domestic Shipments woo-ups-pickup allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects OPSI Israel Domestic Shipments: from n/a through <= 2.8.2.