VYPR

CWE-862

Missing Authorization

ClassIncompleteLikelihood: High

Description

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-665

CVEs mapped to this weakness (5,549)

page 98 of 278
  • CVE-2025-66140MedJan 22, 2026
    risk 0.35cvss 5.4epss 0.00

    Missing Authorization vulnerability in merkulove Uper for Elementor uper-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Uper for Elementor: from n/a through <= 1.0.5.

  • CVE-2025-66139MedJan 22, 2026
    risk 0.35cvss 5.4epss 0.00

    Missing Authorization vulnerability in merkulove Audier For Elementor audier-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Audier For Elementor: from n/a through <= 1.0.9.

  • CVE-2025-66138MedJan 22, 2026
    risk 0.35cvss 5.4epss 0.00

    Missing Authorization vulnerability in merkulove Motionger for Elementor motionger-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Motionger for Elementor: from n/a through <= 2.0.4.

  • CVE-2025-66137MedJan 22, 2026
    risk 0.35cvss 5.4epss 0.00

    Missing Authorization vulnerability in merkulove Searcher for Elementor searcher-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Searcher for Elementor: from n/a through <= 1.0.3.

  • CVE-2025-66136MedJan 22, 2026
    risk 0.35cvss 5.4epss 0.00

    Missing Authorization vulnerability in merkulove Carter for Elementor carter-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Carter for Elementor: from n/a through <= 1.0.2.

  • CVE-2025-66135MedJan 22, 2026
    risk 0.35cvss 5.4epss 0.00

    Missing Authorization vulnerability in merkulove Imager for Elementor imager-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Imager for Elementor: from n/a through <= 2.0.4.

  • CVE-2025-62106MedJan 22, 2026
    risk 0.35cvss 5.4epss 0.00

    Missing Authorization vulnerability in Mario Peshev WP-CRM System wp-crm-system allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP-CRM System: from n/a through <= 3.4.5.

  • CVE-2025-49375MedJan 22, 2026
    risk 0.35cvss 5.4epss 0.00

    Missing Authorization vulnerability in cozythemes HomeLancer homelancer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects HomeLancer: from n/a through <= 1.0.1.

  • CVE-2026-0548MedJan 20, 2026
    risk 0.35cvss 5.4epss 0.00

    The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to unauthorized attachment deletion due to a missing capability check on the `delete_existing_user_photo` function in all versions up to, and including, 3.9.4. This makes it possible for…

  • CVE-2025-15466MedJan 20, 2026
    risk 0.35cvss 5.4epss 0.00

    The Image Photo Gallery Final Tiles Grid plugin for WordPress is vulnerable to unauthorized access and modification of data due to missing capability checks on multiple AJAX actions in all versions up to, and including, 3.6.9. This makes it possible for authenticated attackers,…

  • CVE-2025-12641MedJan 16, 2026
    risk 0.35cvss 6.5epss 0.00

    The Awesome Support - WordPress HelpDesk & Support Plugin for WordPress is vulnerable to authorization bypass due to missing capability checks in all versions up to, and including, 6.3.6. This is due to the 'wpas_do_mr_activate_user' function not verifying that a user has…

  • CVE-2025-13859MedJan 15, 2026
    risk 0.35cvss 6.4epss 0.00

    The AffiliateX – Amazon Affiliate Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save_customization_settings AJAX action in versions 1.0.0 to 1.3.9.3. This makes it possible for authenticated attackers,…

  • CVE-2025-14854MedJan 14, 2026
    risk 0.35cvss 5.4epss 0.00

    The WP-CRM System plugin for WordPress is vulnerable to unauthorized access due to missing capability checks on the wpcrm_get_email_recipients and wpcrm_system_ajax_task_change_status AJAX functions in all versions up to, and including, 3.4.5. This makes it possible for…

  • CVE-2026-22517MedJan 8, 2026
    risk 0.35cvss 5.4epss 0.00

    Missing Authorization vulnerability in Passionate Brains GA4WP: Google Analytics for WordPress ga-for-wp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GA4WP: Google Analytics for WordPress: from n/a through <= 2.10.0.

  • CVE-2025-13679MedJan 8, 2026
    risk 0.35cvss 6.5epss 0.00

    The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the get_order_by_id() function in all versions up to, and including, 3.9.3. This makes it possible for authenticated…

  • CVE-2025-12449MedJan 7, 2026
    risk 0.35cvss 5.4epss 0.00

    The aBlocks – WordPress Gutenberg Blocks plugin for WordPress is vulnerable to unauthorized modification of data and disclosure of sensitive information due to missing capability checks on multiple AJAX actions in all versions up to, and including, 2.4.0. This makes it…

  • CVE-2025-69352MedJan 6, 2026
    risk 0.35cvss 5.4epss 0.00

    Missing Authorization vulnerability in StellarWP The Events Calendar the-events-calendar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects The Events Calendar: from n/a through <= 6.15.12.2.

  • CVE-2025-69349MedJan 6, 2026
    risk 0.35cvss 5.4epss 0.00

    Missing Authorization vulnerability in Fahad Mahmood RSS Feed Widget rss-feed-widget allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects RSS Feed Widget: from n/a through <= 3.0.2.

  • CVE-2025-69341MedJan 6, 2026
    risk 0.35cvss 5.4epss 0.00

    Missing Authorization vulnerability in BuddhaThemes WeDesignTech Ultimate Booking Addon wedesigntech-ultimate-booking-addon allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WeDesignTech Ultimate Booking Addon: from n/a through <= 1.0.3.

  • CVE-2025-66148MedDec 31, 2025
    risk 0.35cvss 5.4epss 0.00

    Missing Authorization vulnerability in merkulove Conformer for Elementor conformer-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Conformer for Elementor: from n/a through <= 1.0.7.