VYPR

CWE-862

Missing Authorization

ClassIncompleteLikelihood: High

Description

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-665

CVEs mapped to this weakness (5,549)

page 96 of 278
  • CVE-2026-32587MedMar 16, 2026
    risk 0.35cvss 5.4epss 0.00

    Missing Authorization vulnerability in Saad Iqbal WP EasyPay wp-easy-pay allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP EasyPay: from n/a through <= 4.2.11.

  • CVE-2026-32583MedMar 16, 2026
    risk 0.35cvss 5.3epss 0.01

    Missing Authorization vulnerability in Webnus Inc. Modern Events Calendar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Modern Events Calendar: from n/a through 7.29.0.

  • CVE-2026-32423MedMar 13, 2026
    risk 0.35cvss 5.4epss 0.00

    Missing Authorization vulnerability in Bowo Admin and Site Enhancements (ASE) admin-site-enhancements allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Admin and Site Enhancements (ASE): from n/a through <= 8.4.0.

  • CVE-2026-32417MedMar 13, 2026
    risk 0.35cvss 5.4epss 0.00

    Missing Authorization vulnerability in wppochipp Pochipp pochipp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Pochipp: from n/a through < 1.18.9.

  • CVE-2026-32416MedMar 13, 2026
    risk 0.35cvss 5.4epss 0.00

    Missing Authorization vulnerability in bPlugins PDF Poster pdf-poster allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PDF Poster: from n/a through <= 2.4.0.

  • CVE-2026-32391MedMar 13, 2026
    risk 0.35cvss 5.4epss 0.00

    Missing Authorization vulnerability in linethemes SmartFix smartfix allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SmartFix: from n/a through < 1.2.4.

  • CVE-2026-32390MedMar 13, 2026
    risk 0.35cvss 5.4epss 0.00

    Missing Authorization vulnerability in linethemes Nanosoft nanosoft allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Nanosoft: from n/a through < 1.3.2.

  • CVE-2026-32388MedMar 13, 2026
    risk 0.35cvss 5.4epss 0.00

    Missing Authorization vulnerability in linethemes GLB glb allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GLB: from n/a through <= 1.2.2.

  • CVE-2026-32385MedMar 13, 2026
    risk 0.35cvss 5.4epss 0.00

    Missing Authorization vulnerability in Metagauss RegistrationMagic custom-registration-form-builder-with-submission-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects RegistrationMagic: from n/a through <= 6.0.7.6.

  • CVE-2026-32373MedMar 13, 2026
    risk 0.35cvss 5.4epss 0.00

    Missing Authorization vulnerability in Cozy Vision SMS Alert Order Notifications sms-alert allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SMS Alert Order Notifications: from n/a through <= 3.9.0.

  • CVE-2026-32331MedMar 13, 2026
    risk 0.35cvss 5.4epss 0.00

    Missing Authorization vulnerability in Israpil Textmetrics webtexttool allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Textmetrics: from n/a through <= 3.6.4.

  • CVE-2026-1781MedMar 11, 2026
    risk 0.35cvss 6.5epss 0.00

    The MC4WP: Mailchimp for WordPress plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 4.11.1. This is due to the plugin trusting the `_mc4wp_action` POST parameter without validation, allowing unauthenticated attackers to force the…

  • CVE-2026-1674MedMar 4, 2026
    risk 0.35cvss 6.5epss 0.00

    The Gutena Forms – Contact Form, Survey Form, Feedback Form, Booking Form, and Custom Form Builder plugin for WordPress is vulnerable to unauthorized modification of data due to missing authorization within the save_gutena_forms_schema() function in all versions up to, and…

  • CVE-2026-27387MedFeb 19, 2026
    risk 0.35cvss 5.4epss 0.00

    Missing Authorization vulnerability in Designinvento DirectoryPress directorypress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects DirectoryPress: from n/a through <= 3.6.26.

  • CVE-2026-25473MedFeb 19, 2026
    risk 0.35cvss 5.4epss 0.00

    Missing Authorization vulnerability in AA-Team WZone woozone allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WZone: from n/a through <= 14.0.31.

  • CVE-2026-25391MedFeb 19, 2026
    risk 0.35cvss 5.4epss 0.00

    Missing Authorization vulnerability in WP Grids WP Wand ai-content-generation allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Wand: from n/a through <= 1.3.07.

  • CVE-2026-25388MedFeb 19, 2026
    risk 0.35cvss 5.4epss 0.00

    Missing Authorization vulnerability in scripteo Ads Pro ap-plugin-scripteo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ads Pro: from n/a through <= 5.0.

  • CVE-2026-25311MedFeb 19, 2026
    risk 0.35cvss 5.4epss 0.00

    Missing Authorization vulnerability in 10up Autoshare for Twitter autoshare-for-twitter allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Autoshare for Twitter: from n/a through <= 2.3.1.

  • CVE-2026-23804MedFeb 19, 2026
    risk 0.35cvss 5.4epss 0.00

    Missing Authorization vulnerability in BBR Plugins Better Business Reviews better-business-reviews allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Better Business Reviews: from n/a through <= 0.1.1.

  • CVE-2026-2284MedFeb 19, 2026
    risk 0.35cvss 5.4epss 0.00

    The News Element Elementor Blog Magazine plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.0.8. This is due to a missing capability check and nonce verification on the 'ne_clean_data' AJAX action. This makes it possible for…