VYPR

CWE-862

Missing Authorization

ClassIncompleteLikelihood: High

Description

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-665

CVEs mapped to this weakness (5,549)

page 77 of 278
  • CVE-2024-2782HigMay 18, 2024
    risk 0.42cvss 7.5epss 0.01

    The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the /wp-json/fluentform/v1/global-settings REST API endpoint in all versions up…

  • CVE-2024-33938MedMay 14, 2024
    risk 0.42cvss 6.5epss 0.00

    Missing Authorization vulnerability in codename065 Sliding Widgets allows Cross-Site Scripting (XSS).This issue affects Sliding Widgets: from n/a through 1.5.0.

  • CVE-2024-32776MedMay 14, 2024
    risk 0.42cvss 6.5epss 0.00

    Missing Authorization vulnerability in AppPresser Team AppPresser.This issue affects AppPresser: from n/a through 4.3.0.

  • CVE-2024-32730MedMay 14, 2024
    risk 0.42cvss 6.5epss 0.01

    SAP Enable Now Manager does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. On successful exploitation, the attacker with the role 'Learner' could gain access to other user's data in manager which will lead to a high…

  • CVE-2024-32712HigMay 14, 2024
    risk 0.42cvss 7.5epss 0.00

    Missing Authorization vulnerability in Podlove Podlove Podcast Publisher.This issue affects Podlove Podcast Publisher: from n/a through 4.0.14.

  • CVE-2023-41651MedMay 8, 2024
    risk 0.42cvss 6.5epss 0.00

    Missing Authorization vulnerability in Multi-column Tag Map.This issue affects Multi-column Tag Map: from n/a through 17.0.26.

  • CVE-2024-33576MedMay 6, 2024
    risk 0.42cvss 6.5epss 0.00

    Missing Authorization vulnerability in Ollybach WPPizza.This issue affects WPPizza: from n/a through 3.18.10.

  • CVE-2024-33931MedMay 3, 2024
    risk 0.42cvss 6.5epss 0.00

    Missing Authorization vulnerability in ilGhera JW Player for WordPress.This issue affects JW Player for WordPress: from n/a through 2.3.3.

  • CVE-2024-33919MedMay 3, 2024
    risk 0.42cvss 6.5epss 0.00

    Missing Authorization vulnerability in Rometheme RomethemeKit For Elementor.This issue affects RomethemeKit For Elementor: from n/a through 1.4.1.

  • CVE-2024-33944MedMay 2, 2024
    risk 0.42cvss 6.5epss 0.00

    Missing Authorization vulnerability in Kestrel WooCommerce AWeber Newsletter Subscription.This issue affects WooCommerce AWeber Newsletter Subscription: from n/a through 4.0.2.

  • CVE-2024-1371MedApr 30, 2024
    risk 0.42cvss 6.5epss 0.01

    The LeadConnector plugin for WordPress is vulnerable to unauthorized modification & loss of data due to a missing capability check on the lc_public_api_proxy() function in all versions up to, and including, 1.7. This makes it possible for unauthenticated attackers to delete…

  • CVE-2024-33589MedApr 29, 2024
    risk 0.42cvss 6.5epss 0.00

    Missing Authorization vulnerability in WPOmnia KB Support.This issue affects KB Support: from n/a through 1.6.0.

  • CVE-2024-33684MedApr 29, 2024
    risk 0.42cvss 6.5epss 0.00

    Missing Authorization vulnerability in Pdfcrowd Save as PDF plugin by Pdfcrowd allows Stored XSS.This issue affects Save as PDF plugin by Pdfcrowd: from n/a through 3.2.0.

  • CVE-2024-33558MedApr 29, 2024
    risk 0.42cvss 6.5epss 0.00

    Missing Authorization vulnerability in 8theme XStore Core.This issue affects XStore Core: from n/a through 5.3.5.

  • CVE-2024-32675MedApr 24, 2024
    risk 0.42cvss 6.5epss 0.00

    Missing Authorization vulnerability in Xfinity Soft Order Limit for WooCommerce.This issue affects Order Limit for WooCommerce: from n/a through 2.0.0.

  • CVE-2024-32951MedApr 24, 2024
    risk 0.42cvss 6.5epss 0.00

    Missing Authorization vulnerability in BloomPixel Max Addons Pro for Bricks.This issue affects Max Addons Pro for Bricks: from n/a through 1.6.1.

  • CVE-2024-32688MedApr 22, 2024
    risk 0.42cvss 6.5epss 0.00

    Missing Authorization vulnerability in Long Watch Studio MyRewards.This issue affects MyRewards: from n/a through 5.3.0.

  • CVE-2022-41698MedApr 17, 2024
    risk 0.42cvss 6.5epss 0.00

    Missing Authorization vulnerability in Layered If Menu.This issue affects If Menu: from n/a through 0.16.3.

  • CVE-2024-32509MedApr 17, 2024
    risk 0.42cvss 6.5epss 0.00

    Missing Authorization vulnerability in Loopus WP Cost Estimation & Payment Forms Builder.This issue affects WP Cost Estimation & Payment Forms Builder: from n/a through 10.1.76.

  • CVE-2022-44633MedApr 11, 2024
    risk 0.42cvss 6.5epss 0.00

    Missing Authorization vulnerability in YITH YITH WooCommerce Gift Cards Premium.This issue affects YITH WooCommerce Gift Cards Premium: from n/a through 3.23.1.