VYPR

CWE-862

Missing Authorization

ClassIncompleteLikelihood: High

Description

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-665

CVEs mapped to this weakness (5,549)

page 79 of 278
  • CVE-2024-1381MedMar 5, 2024
    risk 0.42cvss 6.5epss 0.00

    The Page Builder Sandwich – Front End WordPress Page Builder Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.1.0. This makes it possible for authenticated attackers, with subscriber access and higher, to…

  • CVE-2024-1285MedMar 5, 2024
    risk 0.42cvss 6.5epss 0.00

    The Page Builder Sandwich – Front End WordPress Page Builder Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'gambit_builder_save_content' function in all versions up to, and including, 5.1.0. This makes…

  • CVE-2024-1982MedFeb 29, 2024
    risk 0.42cvss 6.5epss 0.01

    The Migration, Backup, Staging – WPvivid plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the get_restore_progress() and restore() functions in all versions up to, and including, 0.9.68. This makes it possible for unauthenticated…

  • CVE-2024-1217HigFeb 29, 2024
    risk 0.42cvss 7.6epss 0.00

    The Contact Form builder with drag & drop for WordPress – Kali Forms plugin for WordPress is vulnerable to unauthorized plugin deactivation due to a missing capability check on the await_plugin_deactivation function in all versions up to, and including, 2.3.41. This makes it…

  • CVE-2024-1860MedFeb 28, 2024
    risk 0.42cvss 6.5epss 0.00

    The Disable Json API, Login Lockdown, XMLRPC, Pingback, Stop User Enumeration Anti Hacker Scan plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the antihacker_add_whitelist() function in all versions up to, and…

  • CVE-2024-1566MedFeb 28, 2024
    risk 0.42cvss 6.5epss 0.01

    The Redirects plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save function in all versions up to, and including, 1.2.1. This makes it possible for unauthenticated attackers to change redirects created with this…

  • CVE-2024-0679MedJan 20, 2024
    risk 0.42cvss 6.5epss 0.01

    The ColorMag theme for WordPress is vulnerable to unauthorized access due to a missing capability check on the plugin_action_callback() function in all versions up to, and including, 3.1.2. This makes it possible for authenticated attackers, with subscriber-level access and…

  • CVE-2022-36418MedJan 17, 2024
    risk 0.42cvss 6.5epss 0.01

    Missing Authorization vulnerability in Vagary Digital HREFLANG Tags Lite.This issue affects HREFLANG Tags Lite: from n/a through 2.0.0.

  • CVE-2023-6638MedJan 11, 2024
    risk 0.42cvss 6.5epss 0.01

    The GTG Product Feed for Shopping plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'update_settings' function in versions up to, and including, 1.2.4. This makes it possible for unauthenticated attackers to update…

  • CVE-2023-6733MedJan 4, 2024
    risk 0.42cvss 6.5epss 0.00

    The WP-Members Membership Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.4.8 via the wpmem_field shortcode. This makes it possible for authenticated attackers, with contributor access and above, to extract…

  • CVE-2023-2448MedNov 22, 2023
    risk 0.42cvss 6.5epss 0.01

    The UserPro plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'userpro_shortcode_template' function in versions up to, and including, 5.1.4. This makes it possible for unauthenticated attackers to arbitrary shortcode…

  • CVE-2023-5426HigOct 28, 2023
    risk 0.42cvss 7.5epss 0.00

    The Post Meta Data Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the pmdm_wp_delete_user_meta, pmdm_wp_delete_term_meta, and pmdm_wp_ajax_delete_meta functions in versions up to, and including, 1.2.0. This…

  • CVE-2023-41943MedSep 6, 2023
    risk 0.42cvss 6.5epss 0.01

    Jenkins AWS CodeCommit Trigger Plugin 3.0.12 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to clear the SQS queue.

  • CVE-2023-3714HigJul 18, 2023
    risk 0.42cvss 7.5epss 0.01

    The ProfileGrid plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'edit_group' handler in versions up to, and including, 5.5.2. This makes it possible for authenticated attackers, with group ownership, to update…

  • CVE-2023-37959MedJul 12, 2023
    risk 0.42cvss 6.5epss 0.00

    A missing permission check in Jenkins Sumologic Publisher Plugin 2.2.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL.

  • CVE-2023-37956MedJul 12, 2023
    risk 0.42cvss 6.5epss 0.01

    A missing permission check in Jenkins Test Results Aggregator Plugin 1.2.13 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials.

  • CVE-2023-37944MedJul 12, 2023
    risk 0.42cvss 6.5epss 0.01

    A missing permission check in Jenkins Datadog Plugin 5.4.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.

  • CVE-2023-35149MedJun 14, 2023
    risk 0.42cvss 6.5epss 0.01

    A missing permission check in Jenkins Digital.ai App Management Publisher Plugin 2.6 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL, capturing credentials stored in Jenkins.

  • CVE-2023-2351MedJun 13, 2023
    risk 0.42cvss 6.5epss 0.01

    The WP Directory Kit plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the 'ajax_admin' function in versions up to, and including, 1.2.3. This makes it possible for authenticated attackers with…

  • CVE-2023-2280MedJun 9, 2023
    risk 0.42cvss 6.5epss 0.01

    The WP Directory Kit plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the 'ajax_public' function in versions up to, and including, 1.2.2. This makes it possible for unauthenticated attackers to delete…