VYPR

CWE-862

Missing Authorization

ClassIncompleteLikelihood: High

Description

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-665

CVEs mapped to this weakness (5,549)

page 78 of 278
  • CVE-2024-31342MedApr 10, 2024
    risk 0.42cvss 6.5epss 0.01

    Missing Authorization vulnerability in WPcloudgallery WordPress Gallery Exporter.This issue affects WordPress Gallery Exporter: from n/a through 1.3.

  • CVE-2024-1042MedApr 10, 2024
    risk 0.42cvss 6.4epss 0.00

    The WP Radio – Worldwide Online Radio Stations Directory for WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on multiple AJAX functions in all versions up to, and including, 3.1.9. This makes it possible for…

  • CVE-2024-1041MedApr 10, 2024
    risk 0.42cvss 6.4epss 0.00

    The WP Radio – Worldwide Online Radio Stations Directory for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's settings in all versions up to, and including, 3.1.9 due to insufficient input sanitization and output escaping as well as…

  • CVE-2024-1352MedApr 9, 2024
    risk 0.42cvss 6.5epss 0.01

    The Classified Listing – Classified ads & Business Directory Plugin plugin for WordPress is vulnerable to unauthorized access & modification of data due to a missing capability check on the rtcl_import_location() rtcl_import_category() functions in all versions up to, and…

  • CVE-2024-31368MedApr 9, 2024
    risk 0.42cvss 6.5epss 0.00

    Missing Authorization vulnerability in PenciDesign Soledad.This issue affects Soledad: from n/a through 8.4.2.

  • CVE-2024-28167MedApr 9, 2024
    risk 0.42cvss 6.5epss 0.00

    SAP Group Reporting Data Collection does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. On successful exploitation, specific data can be changed via the Enter Package Data app although the user does not have…

  • CVE-2024-1807MedApr 2, 2024
    risk 0.42cvss 6.5epss 0.01

    The Product Sort and Display for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the psad_update_product_cat_custom_meta_ajax function in all versions up to, and including, 2.4.1. This makes it possible for…

  • CVE-2024-30508MedMar 29, 2024
    risk 0.42cvss 6.5epss 0.01

    Missing Authorization vulnerability in ThimPress WP Hotel Booking.This issue affects WP Hotel Booking: from n/a through 2.0.9.2.

  • CVE-2024-30505MedMar 29, 2024
    risk 0.42cvss 6.5epss 0.00

    Missing Authorization vulnerability in andy_moyle Church Admin church-admin.This issue affects Church Admin: from n/a through <= 4.1.18.

  • CVE-2024-30234MedMar 26, 2024
    risk 0.42cvss 6.5epss 0.00

    Missing Authorization vulnerability in Wholesale Team WholesaleX.This issue affects WholesaleX: from n/a through 1.3.1.

  • CVE-2024-2906MedMar 26, 2024
    risk 0.42cvss 6.5epss 0.00

    Missing Authorization vulnerability in SoftLab Radio Player.This issue affects Radio Player: from n/a through 2.0.73.

  • CVE-2024-22156MedMar 26, 2024
    risk 0.42cvss 6.5epss 0.00

    Missing Authorization vulnerability in SNP Digital SalesKing.This issue affects SalesKing: from n/a through 1.6.15.

  • CVE-2024-24799MedMar 26, 2024
    risk 0.42cvss 6.5epss 0.01

    Missing Authorization vulnerability in WooCommerce WooCommerce Box Office.This issue affects WooCommerce Box Office: from n/a through 1.2.2.

  • CVE-2023-27608MedMar 25, 2024
    risk 0.42cvss 6.5epss 0.00

    Missing Authorization vulnerability in WP Swings Points and Rewards for WooCommerce.This issue affects Points and Rewards for WooCommerce: from n/a through 1.5.0.

  • CVE-2022-38057MedMar 25, 2024
    risk 0.42cvss 6.5epss 0.01

    Missing Authorization vulnerability in ThemeHunk Advance WordPress Search Plugin.This issue affects Advance WordPress Search Plugin: from n/a through 1.2.1.

  • CVE-2023-52229MedMar 20, 2024
    risk 0.42cvss 6.5epss 0.01

    Missing Authorization vulnerability in Save as PDF plugin by Pdfcrowd Word Replacer Pro.This issue affects Word Replacer Pro: from n/a through 1.0.

  • CVE-2024-1763MedMar 13, 2024
    risk 0.42cvss 6.5epss 0.00

    The Wp Social Login and Register Social Counter plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the /wp_social/v1/ REST API endpoint in all versions up to, and including, 3.0.0. This makes it possible for…

  • CVE-2024-1328MedMar 12, 2024
    risk 0.42cvss 6.4epss 0.00

    The Newsletter2Go plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘style’ parameter in all versions up to, and including, 4.0.14 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with…

  • CVE-2024-1123MedMar 9, 2024
    risk 0.42cvss 6.5epss 0.00

    The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save_frontend_event_submission() function in all versions up to, and including, 3.4.2. This makes it possible…

  • CVE-2024-1169HigMar 7, 2024
    risk 0.42cvss 7.5epss 0.01

    The Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC) plugin for WordPress is vulnerable to unauthorized media upload due to a missing capability check on the buddyforms_upload_handle_dropped_media function…