Fallos del tipo CWE-862

6877 resultados
CVE-2025-6813HIGHaapanel WP Toolkit 1.0 - 1.1 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation via auto_login() FunctionEPSS 0.4%CVE-2024-11709MEDIUMAI Post Generator | AutoWriter <= 3.5 - Missing Authorization to Authenticated (Contributor+) Post/Page DeletionEPSS 0.4%CVE-2025-26975MEDIUMWordPress Strong Testimonials plugin <= 3.2.3 - Broken Access Control vulnerabilityEPSS 0.4%CVE-2024-53825MEDIUMWordPress FileBird Lite plugin <= 6.3.2 - Broken Access Control vulnerabilityEPSS 0.4%CVE-2024-50455MEDIUMWordPress SEOPress plugin <= 8.1.1 - Broken Access Control vulnerabilityEPSS 0.4%CVE-2024-10437MEDIUMWPC Smart Messages for WooCommerce <= 4.2.1 - Missing Authorization to Authenticated (Subscriber+) Message Activation/DeactivationEPSS 0.4%CVE-2024-33563HIGHWordPress XStore theme <= 9.3.8 - Broken Access Control vulnerabilityEPSS 0.4%CVE-2025-68019MEDIUMWordPress SEO Booster plugin <= 6.1.8 - Broken Access Control vulnerabilityEPSS 0.4%CVE-2026-57520HIGHBitwarden Server < 2026.5.0 Privilege Escalation via Bulk User Remove EndpointEPSS 0.4%CVE-2024-9364MEDIUMSendGrid for WordPress <= 1.4 - Missing Authorization to Authenticated (Subscriber+) Log DeletionEPSS 0.4%CVE-2025-68009MEDIUMWordPress Slider Templates plugin <= 1.0.3 - Broken Access Control vulnerabilityEPSS 0.4%CVE-2020-7343MEDIUMImproper Authorization vulnerability in MAEPSS 0.4%CVE-2023-7291HIGHPaytium: Mollie payment forms & donations <= 4.3.7 - Missing Authorization in 'create_mollie_account'EPSS 0.4%CVE-2023-2786MEDIUMChannel commands execution doesn't properly verify permissionsEPSS 0.4%CVE-2024-33923MEDIUMWordPress SP Project & Document Manager plugin <= 4.69 - Broken Access Control vulnerabilityEPSS 0.4%CVE-2024-11154MEDIUMPublishPress Revisions: Duplicate Posts, Submit, Approve and Schedule Content Changes <= 3.5.15 - Missing Authorization to Authenticated (Subscriber+) Sensitive Information ExposureEPSS 0.4%CVE-2025-14741CRITICALFrontend Admin by DynamiApps <= 3.28.25 - Missing Authorization to Unauthenticated Arbitrary Data Deletion via 'delete post' Form ElementEPSS 0.4%CVE-2026-8502MEDIUMLearnPress <= 4.3.6 - Unauthenticated Sensitive Information Exposure via 'c_status' and 'return_type' ParametersEPSS 0.4%CVE-2025-43720MEDIUMHeadwind MDM before 5.33.1 makes configuration details accessible to unauthorized users. The Configuration profile is exposed to the ObserveEPSS 0.4%CVE-2025-3417HIGHEmbedder 1.3 - 1.3.5 - Authenticated (Subscriber+) Arbitrary Options UpdateEPSS 0.4%