VYPR

CWE-862

Missing Authorization

ClassIncompleteLikelihood: High

Description

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-665

CVEs mapped to this weakness (5,549)

page 76 of 278
  • CVE-2024-1639MedJun 21, 2024
    risk 0.42cvss 6.5epss 0.00

    The License Manager for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the showLicenseKey() and showAllLicenseKeys() functions in all versions up to, and including, 3.0.6. This makes it possible for…

  • CVE-2023-3204MedJun 20, 2024
    risk 0.42cvss 6.5epss 0.00

    The Materialis theme for WordPress is vulnerable to limited arbitrary options updates in versions up to, and including, 1.1.24. This is due to missing authorization checks on the companion_disable_popup() function called via an AJAX action. This makes it possible for…

  • CVE-2022-45832MedJun 19, 2024
    risk 0.42cvss 6.5epss 0.00

    Missing Authorization vulnerability in Hennessey Digital Attorney.This issue affects Attorney: from n/a through 3.

  • CVE-2023-37872MedJun 19, 2024
    risk 0.42cvss 6.5epss 0.00

    Missing Authorization vulnerability in Woo WooCommerce Ship to Multiple Addresses.This issue affects WooCommerce Ship to Multiple Addresses: from n/a through 3.8.5.

  • CVE-2023-36683MedJun 19, 2024
    risk 0.42cvss 6.5epss 0.01

    Missing Authorization vulnerability in WP SCHEMA PRO Schema Pro.This issue affects Schema Pro: from n/a through 2.7.8.

  • CVE-2023-36512MedJun 19, 2024
    risk 0.42cvss 6.5epss 0.00

    Missing Authorization vulnerability in Woo AutomateWoo.This issue affects AutomateWoo: from n/a through 5.7.5.

  • CVE-2024-5768MedJun 19, 2024
    risk 0.42cvss 6.4epss 0.00

    The MIMO Woocommerce Order Tracking plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'mimo_update_provider' function in all versions up to, and including, 1.0.2. This makes it possible for authenticated attackers,…

  • CVE-2024-1634MedJun 18, 2024
    risk 0.42cvss 6.5epss 0.00

    The Scheduling Plugin – Online Booking for WordPress plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'cbsb_disconnect_settings' function in all versions up to, and including, 3.5.10. This makes it possible for…

  • CVE-2024-5685HigJun 14, 2024
    risk 0.42cvss 7.6epss 0.00

    Users with "User:edit" and "Self:api" permissions can promote or demote themselves or other users by performing changes to the group's memberships via API call.This issue affects snipe-it: from v4.6.17 through v6.4.1.

  • CVE-2023-29174MedJun 14, 2024
    risk 0.42cvss 6.5epss 0.00

    Missing Authorization vulnerability in NervyThemes SKU Label Changer For WooCommerce.This issue affects SKU Label Changer For WooCommerce: from n/a through 3.0.

  • CVE-2024-5674MedJun 12, 2024
    risk 0.42cvss 6.5epss 0.00

    The Newsletter - API v1 and v2 addon plugin for WordPress is vulnerable to unauthorized subscribers management due to PHP type juggling issue on the check_api_key function in all versions up to, and including, 2.4.5. This makes it possible for unauthenticated attackers to list,…

  • CVE-2023-40209MedJun 12, 2024
    risk 0.42cvss 6.5epss 0.00

    Missing Authorization vulnerability in Himalaya Saxena Highcompress Image Compressor.This issue affects Highcompress Image Compressor: from n/a through 6.0.0.

  • CVE-2024-5468MedJun 12, 2024
    risk 0.42cvss 6.5epss 0.00

    The WordPress Header Builder Plugin – Pearl plugin for WordPress is vulnerable to unauthorized site option deletion due to a missing validation and capability checks on the stm_hb_delete() function in all versions up to, and including, 1.3.7. This makes it possible for…

  • CVE-2024-34820MedJun 11, 2024
    risk 0.42cvss 6.5epss 0.00

    Missing Authorization vulnerability in If So Plugin If-So Dynamic Content Personalization.This issue affects If-So Dynamic Content Personalization: from n/a through 1.7.1.

  • CVE-2024-32805MedJun 9, 2024
    risk 0.42cvss 6.5epss 0.00

    Missing Authorization vulnerability in Social Snap.This issue affects Social Snap: from n/a through 1.3.5.

  • CVE-2024-30534MedJun 9, 2024
    risk 0.42cvss 6.5epss 0.00

    Missing Authorization vulnerability in typps Calendarista Basic Edition calendarista-basic-edition.This issue affects Calendarista Basic Edition: from n/a through <= 3.0.5.

  • CVE-2024-5654MedJun 8, 2024
    risk 0.42cvss 6.5epss 0.00

    The CF7 Google Sheets Connector plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'execute_post_data_cg7_free' function in all versions up to, and including, 5.0.9. This makes it possible for unauthenticated…

  • CVE-2024-5637HigJun 7, 2024
    risk 0.42cvss 7.5epss 0.01

    The Market Exporter plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'remove_files' function in all versions up to, and including, 2.0.19. This makes it possible for authenticated attackers, with Subscriber-level access and…

  • CVE-2024-4422MedMay 30, 2024
    risk 0.42cvss 6.4epss 0.00

    The Comparison Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the slider title parameter in all versions up to, and including, 1.0.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with…

  • CVE-2024-35237HigMay 27, 2024
    risk 0.42cvss 7.5epss 0.01

    MIT IdentiBot is an open-source Discord bot written in Node.js that verifies individuals' affiliations with MIT, grants them roles in a Discord server, and stores information about them in a database backend. A vulnerability that exists prior to commit…