Fallos del tipo CWE-862
6878 resultadosCVE-2024-9587MEDIUMLinkz.ai <= 1.1.8 - Missing Authorization to Authenticated (Subscriber+) Plugin Settings Update via AJAXEPSS 0.4%CVE-2024-11154MEDIUMPublishPress Revisions: Duplicate Posts, Submit, Approve and Schedule Content Changes <= 3.5.15 - Missing Authorization to Authenticated (Subscriber+) Sensitive Information ExposureEPSS 0.4%CVE-2025-3417HIGHEmbedder 1.3 - 1.3.5 - Authenticated (Subscriber+) Arbitrary Options UpdateEPSS 0.4%CVE-2023-4104MEDIUMAn invalid Polkit Authentication check and missing authentication requirements for D-Bus methods allowed any local user to configure arbitraEPSS 0.4%CVE-2025-47465MEDIUMWordPress Blocksy theme <= 2.0.97 - Broken Access Control VulnerabilityEPSS 0.4%CVE-2023-2786MEDIUMChannel commands execution doesn't properly verify permissionsEPSS 0.4%CVE-2025-13864MEDIUMBreeze – WordPress Cache Plugin <= 2.2.21 - Missing Authorization to Cache DeletionEPSS 0.4%CVE-2025-14741CRITICALFrontend Admin by DynamiApps <= 3.28.25 - Missing Authorization to Unauthenticated Arbitrary Data Deletion via 'delete post' Form ElementEPSS 0.4%CVE-2024-7030MEDIUMSmart Online Order for Clover <= 1.5.6 - Missing Authorization to Authenticated (Subscriber+) Plugin Data UpdateEPSS 0.4%CVE-2025-57957MEDIUMWordPress WooMS Plugin <= 9.12 - Broken Access Control VulnerabilityEPSS 0.4%CVE-2026-8502MEDIUMLearnPress <= 4.3.6 - Unauthenticated Sensitive Information Exposure via 'c_status' and 'return_type' ParametersEPSS 0.4%CVE-2026-23806HIGHWordPress Jobs for WordPress plugin <= 2.8 - Broken Access Control vulnerabilityEPSS 0.4%CVE-2026-39515MEDIUMWordPress Motors plugin < 1.4.107 - Broken Access Control vulnerabilityEPSS 0.4%CVE-2026-24607MEDIUMWordPress Travel Monster theme <= 1.3.3 - Broken Access Control vulnerabilityEPSS 0.4%CVE-2026-12093MEDIUMSimple Membership <= 4.7.5 - Missing Authorization to Unauthenticated Arbitrary Member Account Deactivation via Forged Stripe 'charge.refunded' WebhookEPSS 0.4%CVE-2023-47694MEDIUMWordPress Mini Cart Drawer For WooCommerce plugin <= 4.0.0 - Broken Access Control vulnerabilityEPSS 0.4%CVE-2024-37095MEDIUMWordPress Envira Photo Gallery plugin <= 1.8.7.3 - CSRF leading to notice dismissal vulnerabilityEPSS 0.4%CVE-2025-26370HIGHA CWE-862 "Missing Authorization" in maxprofile/user-groups/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authEPSS 0.4%CVE-2026-39433MEDIUMWordPress WPAMS plugin < 49.5.3 - Arbitrary Content Deletion vulnerabilityEPSS 0.4%CVE-2025-15068HIGHAccount Takeover in Gmission Web FAXEPSS 0.4%