A failure to verify function level access rights before making that functionality visible in the UI or processed on the server.
MITRE. (n.d.). Common Weakness Enumeration (CWE).
