VYPR

CWE-862

Missing Authorization

ClassIncompleteLikelihood: High

Description

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-665

CVEs mapped to this weakness (5,549)

page 74 of 278
  • CVE-2024-53813MedDec 6, 2024
    risk 0.42cvss 6.5epss 0.00

    Missing Authorization vulnerability in WP Travel WP Travel wp-travel allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Travel: from n/a through <= 9.6.0.

  • CVE-2024-53803MedDec 6, 2024
    risk 0.42cvss 6.5epss 0.01

    Missing Authorization vulnerability in brandtoss WP Mailster wp-mailster allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Mailster: from n/a through <= 1.8.16.0.

  • CVE-2024-10567HigDec 4, 2024
    risk 0.42cvss 7.5epss 0.00

    The TI WooCommerce Wishlist plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wizard' function in all versions up to, and including, 2.9.1. This makes it possible for unauthenticated attackers to create new pages,…

  • CVE-2024-49581MedDec 2, 2024
    risk 0.42cvss 6.5epss 0.00

    Restricted Views backed objects (OSV1) could be bypassed under specific circumstances due to a software bug, this could have allowed users that didn't have permission to see such objects to view them via Object Explorer directly. This software bug did not impact or otherwise…

  • CVE-2024-10390MedNov 18, 2024
    risk 0.42cvss 6.4epss 0.00

    The Elfsight Telegram Chat CC plugin for WordPress is vulnerable to unauthorized modification of data to a missing capability check on the 'updatePreferences' function in all versions up to, and including, 1.1.0. This makes it possible for authenticated attackers, with…

  • CVE-2024-42372MedNov 12, 2024
    risk 0.42cvss 6.5epss 0.00

    Due to missing authorization check in SAP NetWeaver AS Java (System Landscape Directory) an unauthorized user can read and modify some restricted global SLD configurations causing low impact on confidentiality and integrity of the application.

  • CVE-2024-47361MedNov 1, 2024
    risk 0.42cvss 6.5epss 0.00

    Missing Authorization vulnerability in WPVibes Elementor Addon Elements addon-elements-for-elementor-page-builder.This issue affects Elementor Addon Elements: from n/a through <= 1.13.6.

  • CVE-2024-47321MedNov 1, 2024
    risk 0.42cvss 6.5epss 0.00

    Missing Authorization vulnerability in Fahad Mahmood WP Datepicker wp-datepicker.This issue affects WP Datepicker: from n/a through <= 2.1.1.

  • CVE-2024-47308MedNov 1, 2024
    risk 0.42cvss 6.5epss 0.02

    Missing Authorization vulnerability in WPDeveloper Templately templately.This issue affects Templately: from n/a through <= 3.1.2.

  • CVE-2024-43956MedNov 1, 2024
    risk 0.42cvss 6.5epss 0.00

    Missing Authorization vulnerability in Caseproof, LLC Memberpress allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Memberpress: from n/a through 1.11.34.

  • CVE-2024-43932MedNov 1, 2024
    risk 0.42cvss 6.5epss 0.01

    Missing Authorization vulnerability in POSIMYTH The Plus Addons for Elementor Page Builder Lite the-plus-addons-for-elementor-page-builder.This issue affects The Plus Addons for Elementor Page Builder Lite: from n/a through <= 5.6.2.

  • CVE-2024-43209MedNov 1, 2024
    risk 0.42cvss 6.5epss 0.00

    Missing Authorization vulnerability in Bitly allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Bitly: from n/a through 2.7.2.

  • CVE-2024-43143MedNov 1, 2024
    risk 0.42cvss 6.4epss 0.00

    Missing Authorization vulnerability in Roundup WP Registrations for the Events Calendar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Registrations for the Events Calendar: from n/a through 2.12.1.

  • CVE-2024-43122MedNov 1, 2024
    risk 0.42cvss 6.5epss 0.00

    Missing Authorization vulnerability in Creative Motion Robin image optimizer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Robin image optimizer: from n/a through 1.6.9.

  • CVE-2024-39640MedNov 1, 2024
    risk 0.42cvss 6.5epss 0.00

    Missing Authorization vulnerability in QuadLayers WP Social Feed Gallery allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Social Feed Gallery: from n/a through 4.3.9.

  • CVE-2024-38777MedNov 1, 2024
    risk 0.42cvss 6.5epss 0.00

    Missing Authorization vulnerability in CreativeMotion Titan Anti-spam & Security allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Titan Anti-spam & Security: from n/a through 7.3.6.

  • CVE-2024-38771MedNov 1, 2024
    risk 0.42cvss 6.5epss 0.00

    Missing Authorization vulnerability in Vito Peleg Atarim atarim-visual-collaboration.This issue affects Atarim: from n/a through <= 4.0.

  • CVE-2024-37510MedNov 1, 2024
    risk 0.42cvss 6.5epss 0.00

    Missing Authorization vulnerability in Charitable Donations & Fundraising Team Charitable allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Charitable: from n/a through 1.8.1.7.

  • CVE-2024-37481MedNov 1, 2024
    risk 0.42cvss 6.5epss 0.00

    Missing Authorization vulnerability in RadiusTheme The Post Grid the-post-grid.This issue affects The Post Grid: from n/a through <= 7.7.4.

  • CVE-2024-37477MedNov 1, 2024
    risk 0.42cvss 6.5epss 0.00

    Missing Authorization vulnerability in Automattic Newspack Content Converter allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Newspack Content Converter: from n/a through 0.1.5.