VYPR

CWE-862

Missing Authorization

ClassIncompleteLikelihood: High

Description

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-665

CVEs mapped to this weakness (5,549)

page 97 of 278
  • CVE-2026-2127MedFeb 18, 2026
    risk 0.35cvss 5.4epss 0.00

    The SiteOrigin Widgets Bundle plugin for WordPress is vulnerable to unauthorized arbitrary shortcode execution in all versions up to, and including, 1.70.4. This is due to a missing capability check on the `siteorigin_widget_preview_widget_action()` function which is registered…

  • CVE-2026-0727MedFeb 14, 2026
    risk 0.35cvss 5.4epss 0.00

    The Accordion and Accordion Slider plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.4.5. This is due to the plugin not properly verifying that a user is authorized to perform an action in the 'wp_aas_save_attachment_data' and…

  • CVE-2026-1671MedFeb 12, 2026
    risk 0.35cvss 6.5epss 0.00

    The Activity Log for WordPress plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the winter_activity_log_action() function in all versions up to, and including, 1.2.8. This makes it possible for authenticated attackers, with…

  • CVE-2026-25028MedFeb 3, 2026
    risk 0.35cvss 5.4epss 0.00

    Missing Authorization vulnerability in Element Invader ElementInvader Addons for Elementor elementinvader-addons-for-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ElementInvader Addons for Elementor: from n/a through <=…

  • CVE-2026-24990MedFeb 3, 2026
    risk 0.35cvss 5.4epss 0.00

    Missing Authorization vulnerability in Fahad Mahmood WP Docs wp-docs allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Docs: from n/a through <= 2.2.8.

  • CVE-2026-1103MedJan 24, 2026
    risk 0.35cvss 5.4epss 0.00

    The AIKTP plugin for WordPress is vulnerable to unauthorized modification of data due to missing authorization checks on the /aiktp/getToken REST API endpoint in all versions up to, and including, 5.0.04. The endpoint uses the 'verify_user_logged_in' as a permission callback,…

  • CVE-2025-14947MedJan 23, 2026
    risk 0.35cvss 6.5epss 0.00

    The All-in-One Video Gallery plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the `ajax_callback_create_bunny_stream_video`, `ajax_callback_get_bunny_stream_video`, and `ajax_callback_delete_bunny_stream_video`…

  • CVE-2026-24622MedJan 23, 2026
    risk 0.35cvss 5.4epss 0.00

    Missing Authorization vulnerability in Sergiy Dzysyak Suggestion Toolkit suggestion-toolkit allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Suggestion Toolkit: from n/a through <= 5.0.

  • CVE-2026-24595MedJan 23, 2026
    risk 0.35cvss 5.4epss 0.00

    Missing Authorization vulnerability in zohocrm Zoho CRM Lead Magnet zoho-crm-forms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Zoho CRM Lead Magnet: from n/a through <= 1.8.1.9.

  • CVE-2026-24587MedJan 23, 2026
    risk 0.35cvss 5.4epss 0.00

    Missing Authorization vulnerability in kutsy AJAX Hits Counter + Popular Posts Widget ajax-hits-counter allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AJAX Hits Counter + Popular Posts Widget: from n/a through <= 0.10.210305.

  • CVE-2026-24581MedJan 23, 2026
    risk 0.35cvss 5.4epss 0.00

    Missing Authorization vulnerability in WP Swings Points and Rewards for WooCommerce points-and-rewards-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Points and Rewards for WooCommerce: from n/a through <= 2.9.5.

  • CVE-2026-24570MedJan 23, 2026
    risk 0.35cvss 5.4epss 0.00

    Missing Authorization vulnerability in WisdmLabs Edwiser Bridge edwiser-bridge allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Edwiser Bridge: from n/a through <= 4.3.2.

  • CVE-2026-24561MedJan 23, 2026
    risk 0.35cvss 5.4epss 0.00

    Missing Authorization vulnerability in Mahmudul Hasan Arif FluentBoards fluent-boards allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects FluentBoards: from n/a through <= 1.91.1.

  • CVE-2026-24560MedJan 23, 2026
    risk 0.35cvss 5.4epss 0.00

    Missing Authorization vulnerability in Cloudinary Cloudinary cloudinary-image-management-and-manipulation-in-the-cloud-cdn allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Cloudinary: from n/a through <= 3.3.2.

  • CVE-2026-24551MedJan 23, 2026
    risk 0.35cvss 5.4epss 0.00

    Missing Authorization vulnerability in monetagwp Monetag Official Plugin monetag-official allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Monetag Official Plugin: from n/a through <= 1.1.3.

  • CVE-2026-24540MedJan 23, 2026
    risk 0.35cvss 5.4epss 0.00

    Missing Authorization vulnerability in princeahmed Integrate Google Drive integrate-google-drive allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Integrate Google Drive: from n/a through <= 1.5.6.

  • CVE-2025-69300MedJan 22, 2026
    risk 0.35cvss 5.4epss 0.00

    Missing Authorization vulnerability in Leap13 Premium Addons for Elementor premium-addons-for-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Premium Addons for Elementor: from n/a through <= 4.11.63.

  • CVE-2025-66143MedJan 22, 2026
    risk 0.35cvss 5.4epss 0.00

    Missing Authorization vulnerability in merkulove Crumber crumber-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Crumber: from n/a through <= 1.0.10.

  • CVE-2025-66142MedJan 22, 2026
    risk 0.35cvss 5.4epss 0.00

    Missing Authorization vulnerability in merkulove Comparimager for Elementor comparimager-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Comparimager for Elementor: from n/a through <= 1.0.1.

  • CVE-2025-66141MedJan 22, 2026
    risk 0.35cvss 5.4epss 0.00

    Missing Authorization vulnerability in merkulove Scroller scroller allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Scroller: from n/a through <= 2.0.2.