Fallos del tipo CWE-862
6883 resultadosCVE-2024-4233MEDIUMBroken Access Control vulnerability in multiple WordPress plugins by Tyche SoftwaresEPSS 0.3%CVE-2025-30591MEDIUMWordPress Music Press Pro plugin <= 1.4.6 Broken Access Control VulnerabilityEPSS 0.3%CVE-2025-31425HIGHWordPress WP Lead Capturing Pages plugin < 2.6 - Arbitrary Content Deletion vulnerabilityEPSS 0.3%CVE-2024-35628MEDIUMWordPress Photo Gallery by 10Web plugin <= 1.8.25 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2024-37106HIGHWordPress WishList Member X plugin < 3.26.7 - Unautenticated Plugin Settings Change Leading to Stored XSS vulnerabilityEPSS 0.3%CVE-2022-3489MEDIUMWP Hide <= 0.0.2 - Unauthenticated Settings UpdateEPSS 0.3%CVE-2023-48926MEDIUMAn issue in 202 ecommerce Advanced Loyalty Program: Loyalty Points before v2.3.4 for PrestaShop allows unauthenticated attackers to arbitrarEPSS 0.3%CVE-2026-41266HIGHFlowise: Sensitive Data Leak in public-chatbotConfigEPSS 0.3%CVE-2024-5449MEDIUMWP Dark Mode – WordPress Dark Mode Plugin for Improved Accessibility, Dark Theme, Night Mode, and Social Sharing <= 5.0.4 - Missing AuthorizationEPSS 0.3%CVE-2024-6987MEDIUMOrchid Store <= 1.5.6 - Missing Authorization to Authenticated (Subscriber+) Limited Plugin ActivationEPSS 0.3%CVE-2023-46637MEDIUMWordPress Generate Dummy Posts plugin <= 1.0.0 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2026-42317HIGHGLPI vulnerable to arbitrary files deletion by technicianEPSS 0.3%CVE-2024-8675MEDIUMSoumettre.fr <= 2.1.3 - Missing AuthorizationEPSS 0.3%CVE-2020-10684HIGHA flaw was found in Ansible Engine, all versions 2.7.x, 2.8.x and 2.9.x prior to 2.7.17, 2.8.9 and 2.9.6 respectively, when using ansible_faEPSS 0.3%CVE-2025-7665HIGHMiniorange OTP Verification with Firebase 3.1.0 - 3.6.2 - Unauthenticated Privilege EscalationEPSS 0.3%CVE-2025-14461MEDIUMXendit Payment <= 6.0.2 - Missing Authorization to Unauthenticated Arbitrary Order Status Update to PaidEPSS 0.3%CVE-2024-3602MEDIUMPop ups, Exit intent popups, email popups, banners, bars, countdowns and cart savers – Promolayer <= 1.1.0 - Missing AuthorizationEPSS 0.3%CVE-2025-39591MEDIUMWordPress WP Subscription Forms plugin <= 1.2.3 - Broken Access Control VulnerabilityEPSS 0.3%CVE-2026-30968HIGHCoral Server has insufficient validation of agent identity for SSE connectionsEPSS 0.3%CVE-2026-2651CRITICALMissing Authorization Validation in mlflow/mlflowEPSS 0.3%