Fallos del tipo CWE-862
6880 resultadosCVE-2025-13498MEDIUMDownload Manager <= 3.3.32 - Missing Authorization to Authenticated (Subscriber+) Media Attachment Password DisclosureEPSS 0.4%CVE-2025-15068HIGHAccount Takeover in Gmission Web FAXEPSS 0.4%CVE-2025-31678HIGHAI (Artificial Intelligence) - Moderately critical - Access bypass, Information Disclosure - SA-CONTRIB-2025-004EPSS 0.4%CVE-2024-37095MEDIUMWordPress Envira Photo Gallery plugin <= 1.8.7.3 - CSRF leading to notice dismissal vulnerabilityEPSS 0.4%CVE-2026-12093MEDIUMSimple Membership <= 4.7.5 - Missing Authorization to Unauthenticated Arbitrary Member Account Deactivation via Forged Stripe 'charge.refunded' WebhookEPSS 0.4%CVE-2026-39433MEDIUMWordPress WPAMS plugin < 49.5.3 - Arbitrary Content Deletion vulnerabilityEPSS 0.4%CVE-2025-10871LOWMissing Authorization in GitLabEPSS 0.4%CVE-2023-44151MEDIUMWordPress Pre-Publish Checklist plugin <= 1.1.1 - Broken Access Control vulnerabilityEPSS 0.4%CVE-2024-35662MEDIUMWordPress Simple COD Fees for WooCommerce plugin <= 2.0.2 - Broken Access Control vulnerabilityEPSS 0.4%CVE-2024-30466MEDIUMWordPress WooCommerce Multilingual & Multicurrency plugin <= 5.3.4 - Broken Access Control vulnerabilityEPSS 0.4%CVE-2025-24972MEDIUMDiscourse may bypass user preference when adding users to chat groupsEPSS 0.4%CVE-2025-22260MEDIUMWordPress Meta Tag Manager plugin <= 3.1 - Broken Access Control vulnerabilityEPSS 0.4%CVE-2025-12934HIGHBeaver Builder – WordPress Page Builder <= 2.9.4.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post UpdateEPSS 0.4%CVE-2023-28417MEDIUMWordPress Dynamics 365 Integration plugin <= 1.3.12 - Broken Access Control vulnerabilityEPSS 0.4%CVE-2024-7622MEDIUMRevision Manager TMC <= 2.8.19 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Email SendingEPSS 0.4%CVE-2024-5453MEDIUMProfileGrid <= 5.8.6 - Missing AuthorizationEPSS 0.4%CVE-2025-32256MEDIUMWordPress SurveyJS plugin <= 1.12.20 - Broken Access Control vulnerabilityEPSS 0.4%CVE-2025-7689HIGHHydra Booking 1.1.0 - 1.1.18 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation via tfhb_reset_password_callback FunctionEPSS 0.4%CVE-2023-38394MEDIUMWordPress Jupiter X Core plugin <= 3.3.0 - Multiple Auth. Broken Access Control vulnerabilityEPSS 0.4%CVE-2023-28775MEDIUMWordPress Yoast SEO Premium plugin <= 20.4 - Unauthenticated Zapier API Key Reset vulnerabilityEPSS 0.4%