VYPR

CWE-862

Missing Authorization

ClassIncompleteLikelihood: High

Description

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-665

CVEs mapped to this weakness (5,549)

page 75 of 278
  • CVE-2024-43143MedNov 1, 2024
    risk 0.42cvss 6.4epss 0.00

    Missing Authorization vulnerability in Roundup WP Registrations for the Events Calendar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Registrations for the Events Calendar: from n/a through 2.12.1.

  • CVE-2024-43122MedNov 1, 2024
    risk 0.42cvss 6.5epss 0.00

    Missing Authorization vulnerability in Creative Motion Robin image optimizer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Robin image optimizer: from n/a through 1.6.9.

  • CVE-2024-39640MedNov 1, 2024
    risk 0.42cvss 6.5epss 0.00

    Missing Authorization vulnerability in QuadLayers WP Social Feed Gallery allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Social Feed Gallery: from n/a through 4.3.9.

  • CVE-2024-38777MedNov 1, 2024
    risk 0.42cvss 6.5epss 0.00

    Missing Authorization vulnerability in CreativeMotion Titan Anti-spam & Security allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Titan Anti-spam & Security: from n/a through 7.3.6.

  • CVE-2024-38771MedNov 1, 2024
    risk 0.42cvss 6.5epss 0.00

    Missing Authorization vulnerability in Vito Peleg Atarim atarim-visual-collaboration.This issue affects Atarim: from n/a through <= 4.0.

  • CVE-2024-37510MedNov 1, 2024
    risk 0.42cvss 6.5epss 0.00

    Missing Authorization vulnerability in Charitable Donations & Fundraising Team Charitable allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Charitable: from n/a through 1.8.1.7.

  • CVE-2024-37481MedNov 1, 2024
    risk 0.42cvss 6.5epss 0.00

    Missing Authorization vulnerability in RadiusTheme The Post Grid the-post-grid.This issue affects The Post Grid: from n/a through <= 7.7.4.

  • CVE-2024-37477MedNov 1, 2024
    risk 0.42cvss 6.5epss 0.00

    Missing Authorization vulnerability in Automattic Newspack Content Converter allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Newspack Content Converter: from n/a through 0.1.5.

  • CVE-2024-37209MedNov 1, 2024
    risk 0.42cvss 6.5epss 0.00

    Access Control vulnerability in Prism IT Systems User Rights Access Manager allows . This issue affects User Rights Access Manager: from n/a through 1.1.2.

  • CVE-2024-50424MedOct 29, 2024
    risk 0.42cvss 6.5epss 0.00

    Missing Authorization vulnerability in WPDeveloper Templately templately allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Templately: from n/a through <= 3.1.5.

  • CVE-2024-48645HigOct 21, 2024
    risk 0.42cvss 7.5epss 0.01

    In Minecraft mod "Command Block IDE" up to and including version 0.4.9, a missing authorization (CWE-862) allows any user to modify "function" files used by the game when installed on a dedicated server.

  • CVE-2024-9586MedOct 11, 2024
    risk 0.42cvss 6.5epss 0.00

    The Linkz.ai plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'check_auth' and 'check_logout' functions in versions up to, and including, 1.1.8. This makes it possible for unauthenticated attackers to update plugin…

  • CVE-2024-8632MedOct 1, 2024
    risk 0.42cvss 6.5epss 0.00

    The KB Support – WordPress Help Desk and Knowledge Base plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on the 'kbs_ajax_load_front_end_replies' and 'kbs_ajax_mark_reply_as_read' functions in all versions up…

  • CVE-2024-45286MedSep 10, 2024
    risk 0.42cvss 6.5epss 0.00

    Due to lack of proper authorization checks when calling user, a function module in obsolete Tobin interface in SAP Production and Revenue Accounting allows unauthorized access that could lead to disclosure of highly sensitive data. There is no impact on integrity or availability.

  • CVE-2024-6332MedSep 5, 2024
    risk 0.42cvss 6.5epss 0.00

    The Booking for Appointments and Events Calendar – Amelia Premium and Lite plugins for WordPress are vulnerable to unauthorized access of data due to a missing capability check on the 'ameliaButtonCommand' function in all versions up to, and including, Premium 7.7 and Lite…

  • CVE-2024-38810MedAug 20, 2024
    risk 0.42cvss 6.5epss 0.00

    Missing Authorization When Using @AuthorizeReturnObject in Spring Security 6.3.0 and 6.3.1 allows attacker to render security annotations inaffective.

  • CVE-2024-37202MedJul 12, 2024
    risk 0.42cvss 6.5epss 0.00

    Missing Authorization vulnerability in BinaryCarpenter Ultimate Custom Add To Cart Button (Ajax) For WooCommerce by Binary Carpenter custom-add-to-cart-button-for-woocommerce.This issue affects Ultimate Custom Add To Cart Button (Ajax) For WooCommerce by Binary Carpenter: from…

  • CVE-2024-4341MedJul 8, 2024
    risk 0.42cvss 6.5epss 0.00

    Authorization Bypass Through User-Controlled Key, Missing Authorization vulnerability in ExtremePacs Extreme XDS allows Collect Data as Provided by Users. This issue affects Extreme XDS: before 3928.

  • CVE-2024-5641MedJul 4, 2024
    risk 0.42cvss 6.4epss 0.00

    The One Click Order Re-Order plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ced_ocor_save_general_setting' function in all versions up to, and including, 1.1.9. This makes it possible for authenticated attackers,…

  • CVE-2024-6120MedJun 22, 2024
    risk 0.42cvss 6.5epss 0.01

    The Sparkle Demo Importer plugin for WordPress is vulnerable to unauthorized database reset and demo data import due to a missing capability check on the multiple functions in all versions up to and including 1.4.7. This makes it possible for authenticated attackers, with…