Fallos del tipo CWE-862

6883 resultados
CVE-2024-8434MEDIUMEasy Mega Menu Plugin for WordPress – ThemeHunk <= 1.0.9 - Missing Authorization to Authenticated (Subscriber+) Settings UpdatesEPSS 0.4%CVE-2024-32081MEDIUMWordPress Filter Custom Fields & Taxonomies Light plugin <= 1.05 - Broken Access Control vulnerabilityEPSS 0.4%CVE-2024-7622MEDIUMRevision Manager TMC <= 2.8.19 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Email SendingEPSS 0.4%CVE-2025-63063MEDIUMWordPress Yandex.Metrica plugin <= 1.2.2 - Broken Access Control vulnerabilityEPSS 0.4%CVE-2024-37255MEDIUMWordPress ElementsKit Lite plugin <= 3.1.4 - Unauthenticated Broken Access Control vulnerabilityEPSS 0.4%CVE-2025-32624HIGHWordPress Czater.pl – live chat i telefon plugin <= 1.0.5 - CSRF to Stored Cross Site Scripting (XSS) vulnerabilityEPSS 0.4%CVE-2024-39625MEDIUMWordPress Icegram Engage plugin <= 3.1.24 - Unauthenticated Message Duplication VulnerabilityEPSS 0.4%CVE-2024-39654MEDIUMWordPress Sign-up Sheets plugin <= 2.2.12 - Broken Access Control vulnerabilityEPSS 0.4%CVE-2025-7717HIGHFile Download - Moderately critical - Access bypass - SA-CONTRIB-2025-089EPSS 0.4%CVE-2024-24883MEDIUMWordPress Prime Slider plugin <= 3.11.10 - Broken Access Control on Duplicate Post vulnerabilityEPSS 0.4%CVE-2023-45658HIGHWordPress Nexter theme <= 2.0.3 - Broken Access Control vulnerabilityEPSS 0.4%CVE-2024-37276MEDIUMWordPress Featured Image from URL (FIFU) plugin <= 4.8.1 - Broken Access Control vulnerabilityEPSS 0.4%CVE-2025-14901MEDIUMBit Form – Contact Form Plugin <= 2.21.6 - Missing Authorization to Unauthenticated Workflow ReplayEPSS 0.4%CVE-2024-56070HIGHWordPress WP SuperBackup plugin <= 2.3.3 - Multiple Subscriber+ Broken Access Control vulnerabilitiesEPSS 0.4%CVE-2023-27428MEDIUMWordPress WP users media plugin <= 4.2.3 - Broken Access Control vulnerabilityEPSS 0.4%CVE-2026-1321HIGHMembership Plugin – Restrict Content <= 3.2.20 - Unauthenticated Privilege Escalation via 'rcp_level'EPSS 0.4%CVE-2023-29239MEDIUMWordPress LuckyWP Scripts Control plugin <= 1.2.1 - Broken Access Control vulnerabilityEPSS 0.4%CVE-2025-22289MEDIUMWordPress LTL Freight Quotes – Unishippers Edition plugin <= 2.5.8 - Broken Access Control vulnerabilityEPSS 0.4%CVE-2024-30512LOWWordPress weForms plugin <= 1.6.20 - Broken Access Control vulnerabilityEPSS 0.4%CVE-2024-46450HIGHIncorrect access control in Tenda AC1200 Smart Dual-Band WiFi Router Model AC6 v2.0 Firmware v15.03.06.50 allows attackers to bypass authentEPSS 0.3%