VYPR

CWE-862

Missing Authorization

ClassIncompleteLikelihood: High

Description

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-665

CVEs mapped to this weakness (5,549)

page 86 of 278
  • CVE-2024-6590MedSep 25, 2024
    risk 0.41cvss 6.3epss 0.00

    The Spreadsheet Integration – Automate Google Sheets With WordPress, WooCommerce & Most Popular Form Plugins. Also, Display Google sheet as a Table. plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several functions…

  • CVE-2024-41624MedJul 29, 2024
    risk 0.41cvss 6.3epss 0.00

    Incorrect access control in Himalaya Xiaoya nano smart speaker rom_version 1.6.96 allows a remote attacker to have an unspecified impact.

  • CVE-2023-36694MedJun 14, 2024
    risk 0.41cvss 6.3epss 0.00

    Missing Authorization vulnerability in Bryan Lee Kingkong Board.This issue affects Kingkong Board: from n/a through 2.1.0.2.

  • CVE-2024-34826MedJun 11, 2024
    risk 0.41cvss 6.3epss 0.00

    Missing Authorization vulnerability in Saleswonder Team: Tobias CF7 WOW Styler cf7-styler.This issue affects CF7 WOW Styler: from n/a through <= 1.6.4.

  • CVE-2024-31307MedJun 9, 2024
    risk 0.41cvss 6.3epss 0.00

    Missing Authorization vulnerability in appscreo Easy Social Share Buttons.This issue affects Easy Social Share Buttons: from n/a through 9.4.

  • CVE-2024-5087MedJun 8, 2024
    risk 0.41cvss 6.3epss 0.00

    The Minimal Coming Soon – Coming Soon Page plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the validate_ajax, deactivate_ajax, and save_ajax functions in all versions up to, and including, 2.38. This makes it…

  • CVE-2024-31281MedMay 17, 2024
    risk 0.41cvss 6.3epss 0.00

    Missing Authorization vulnerability in andy_moyle Church Admin church-admin.This issue affects Church Admin: from n/a through <= 4.1.6.

  • CVE-2023-31234MedMay 7, 2024
    risk 0.41cvss 6.3epss 0.00

    Missing Authorization vulnerability in Tilda Publishing.This issue affects Tilda Publishing: from n/a through 0.3.23.

  • CVE-2024-33923MedMay 3, 2024
    risk 0.41cvss 6.3epss 0.00

    Missing Authorization vulnerability in Smartypants SP Project & Document Manager.This issue affects SP Project & Document Manager : from n/a through 4.69.

  • CVE-2024-3942MedMay 2, 2024
    risk 0.41cvss 6.3epss 0.00

    The MasterStudy LMS WordPress Plugin – for Online Courses and Education plugin for WordPress is vulnerable to unauthorized access, modification, and loss of data due to a missing capability check on several functions in versions up to, and including, 3.3.8. This makes it…

  • CVE-2024-1677MedMay 2, 2024
    risk 0.41cvss 6.3epss 0.01

    The Print Labels with Barcodes. Create price tags, product labels, order labels for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data, modification of data, and loss of data due to an improper capability check on 42 separate AJAX functions in all…

  • CVE-2024-1850MedApr 9, 2024
    risk 0.41cvss 6.3epss 0.01

    The AI Post Generator | AutoWriter plugin for WordPress is vulnerable to unauthorized access, modification or deletion of posts due to a missing capability check on functions hooked by AJAX actions in all versions up to, and including, 3.3. This makes it possible for…

  • CVE-2022-44626MedMar 25, 2024
    risk 0.41cvss 6.3epss 0.00

    Missing Authorization vulnerability in Squirrly SEO Plugin by Squirrly SEO.This issue affects SEO Plugin by Squirrly SEO: from n/a through 12.1.20.

  • CVE-2022-40203MedJan 17, 2024
    risk 0.41cvss 6.3epss 0.00

    Missing Authorization vulnerability in AlgolPlus Advanced Dynamic Pricing for WooCommerce.This issue affects Advanced Dynamic Pricing for WooCommerce: from n/a through 4.1.5.

  • CVE-2022-36352MedJan 8, 2024
    risk 0.41cvss 6.3epss 0.00

    Missing Authorization vulnerability in Profilegrid ProfileGrid – User Profiles, Memberships, Groups and Communities.This issue affects ProfileGrid – User Profiles, Memberships, Groups and Communities: from n/a through 5.0.3.

  • CVE-2023-46212MedDec 19, 2023
    risk 0.41cvss 6.3epss 0.00

    Missing Authorization, Cross-Site Request Forgery (CSRF) vulnerability in TienCOP WP EXtra allows Accessing Functionality Not Properly Constrained by ACLs, Cross Site Request Forgery.This issue affects WP EXtra: from n/a through 6.2.

  • CVE-2023-6394HigDec 9, 2023
    risk 0.41cvss 7.4epss 0.01

    A flaw was found in Quarkus. This issue occurs when receiving a request over websocket with no role-based permission specified on the GraphQL operation, Quarkus processes the request without authentication despite the endpoint being secured. This can allow an attacker to access…

  • CVE-2023-3999MedAug 31, 2023
    risk 0.41cvss 6.3epss 0.00

    The Waiting: One-click countdowns plugin for WordPress is vulnerable to authorization bypass due to missing capability checks on its AJAX calls in versions up to, and including, 0.6.2. This makes it possible for authenticated attackers, with subscriber-level permissions and…

  • CVE-2023-4106MedAug 11, 2023
    risk 0.41cvss 6.3epss 0.00

    Mattermost fails to check if the requesting user is a guest before performing different actions to public playbooks, resulting a guest being able to view, join, edit, export and archive public playbooks.

  • CVE-2021-4366MedJun 7, 2023
    risk 0.41cvss 6.3epss 0.01

    The PWA for WP & AMP plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the pwaforwp_update_features_options function in versions up to, and including, 1.7.32. This makes it possible for authenticated attackers to change the…