VYPR

CWE-862

Missing Authorization

ClassIncompleteLikelihood: High

Description

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-665

CVEs mapped to this weakness (5,549)

page 91 of 278
  • CVE-2025-54743MedDec 18, 2025
    risk 0.38cvss 5.8epss 0.00

    Missing Authorization vulnerability in mkscripts Download After Email download-after-email allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Download After Email: from n/a through 2.1.5-2.1.6.

  • CVE-2025-11380MedOct 11, 2025
    risk 0.38cvss 5.9epss 0.00

    The Everest Backup – WordPress Cloud Backup, Migration, Restore & Cloning Plugin plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'everest_process_status' AJAX action in all versions up to, and including, 2.3.5. This…

  • CVE-2025-36756MedSep 10, 2025
    risk 0.38cvss epss 0.00

    A problem with missing authorization on SolaX Cloud platform allows taking over any SolaX solarpanel inverter of which the serial number is known.

  • CVE-2025-54734MedAug 28, 2025
    risk 0.38cvss 5.8epss 0.00

    Missing Authorization vulnerability in bPlugins B Slider b-slider allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects B Slider: from n/a through <= 1.1.30.

  • CVE-2025-43008MedMay 13, 2025
    risk 0.38cvss 5.8epss 0.00

    Due to missing authorization check, an unauthorized user can view the files of other company. This might lead to disclosure of personal data of employees. There is no impact on integrity and availability.

  • CVE-2025-39580MedApr 17, 2025
    risk 0.38cvss 5.8epss 0.00

    Missing Authorization vulnerability in jidaikobo Dashi dashi allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Dashi: from n/a through <= 3.1.8.

  • CVE-2025-31876MedApr 3, 2025
    risk 0.38cvss 5.8epss 0.00

    Missing Authorization vulnerability in gunnarpayday Payday payday allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Payday: from n/a through <= 3.3.18.

  • CVE-2025-24607MedFeb 14, 2025
    risk 0.38cvss 5.8epss 0.00

    Missing Authorization vulnerability in Northern Beaches Websites IdeaPush ideapush allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects IdeaPush: from n/a through <= 8.71.

  • CVE-2025-22720MedJan 31, 2025
    risk 0.38cvss 5.8epss 0.00

    Missing Authorization vulnerability in magepeopleteam Booking and Rental Manager booking-and-rental-manager-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Booking and Rental Manager: from n/a through <= 2.2.1.

  • CVE-2024-1380MedMar 13, 2024
    risk 0.38cvss 5.3epss 0.50

    The Relevanssi – A Better Search plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the relevanssi_export_log_check() function in all versions up to, and including, 4.22.0 (Free) and 2.25.0 (Premium). This makes it possible…

  • CVE-2024-2107MedMar 12, 2024
    risk 0.38cvss 5.8epss 0.00

    The Blossom Spa theme for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.3.3 via generated source. This makes it possible for unauthenticated attackers to extract sensitive data including contents of password-protected or…

  • CVE-2023-5054MedSep 19, 2023
    risk 0.38cvss 5.8epss 0.01

    The Super Store Finder plugin for WordPress is vulnerable to unauthenticated arbitrary email creation and relay in versions up to, and including, 6.9.3. This is due to insufficient restrictions on the sendMail.php file that allows direct access. This makes it possible for…

  • CVE-2021-4369MedJun 7, 2023
    risk 0.38cvss 5.8epss 0.01

    The Frontend File Manager plugin for WordPress is vulnerable to Unauthenticated Content Injection in versions up to, and including, 18.2. This is due to lacking authorization protections, checks against users editing other's posts, and lacking a security nonce, all on the…

  • CVE-2021-4351MedJun 7, 2023
    risk 0.38cvss 5.8epss 0.01

    The Frontend File Manager plugin for WordPress is vulnerable to Unauthenticated Post Meta Change in versions up to, and including, 18.2. This is due to lacking authentication protections, capability checks, and sanitization, all on the wpfm_file_meta_update AJAX action. This…

  • CVE-2021-40327MedJan 13, 2022
    risk 0.38cvss 5.9epss 0.01

    Trusted Firmware-M (TF-M) 1.4.0, when Profile Small is used, has incorrect access control. NSPE can access a secure key (held by the Crypto service) based solely on knowledge of its key ID. For example, there is no authorization check associated with the relationship between a…

  • CVE-2026-44409MedMay 22, 2026
    risk 0.37cvss 5.7epss 0.00

    There is an an information disclosure vulnerability in ZTE MU5250. Due to improper configuration of the access control mechanism, attackers can obtain information without authorization, causing the risk of information disclosure.

  • CVE-2025-65089MedNov 19, 2025
    risk 0.37cvss 6.8epss 0.00

    XWiki Remote Macros provides XWiki rendering macros that are useful when migrating content from Confluence. Prior to version 1.27.0, a user with no view rights on a page may see the content of an office attachment displayed with the view file macro. This issue has been patched…

  • CVE-2025-25244MedMar 11, 2025
    risk 0.37cvss 5.7epss 0.00

    SAP Business Warehouse (Process Chains) allows an attacker to manipulate the process execution due to missing authorization check. An attacker with display authorization for the process chain object could set one or all processes to be skipped. This means corresponding…

  • CVE-2023-47870MedNov 30, 2023
    risk 0.37cvss 5.7epss 0.00

    Cross-Site Request Forgery (CSRF), Missing Authorization vulnerability in gVectors Team wpForo Forum wpforo allows Cross Site Request Forgery, Accessing Functionality Not Properly Constrained by ACLs leading to forced all users log out.This issue affects wpForo Forum: from n/a…

  • CVE-2023-22488MedJan 12, 2023
    risk 0.37cvss 6.8epss 0.00

    Flarum is a forum software for building communities. Using the notifications feature, one can read restricted/private content and bypass access checks that would be in place for such content. The notification-sending component does not check that the subject of the notification…