Fallos del tipo CWE-862
6883 resultadosCVE-2025-14461MEDIUMXendit Payment <= 6.0.2 - Missing Authorization to Unauthenticated Arbitrary Order Status Update to PaidEPSS 0.3%CVE-2025-15390MEDIUMPHPGurukul Small CRM edit-user.php authorizationEPSS 0.3%CVE-2025-51308MEDIUMIn Gatling Enterprise versions below 1.25.0, a low-privileged user that does not hold the role "admin" could perform a REST API call on readEPSS 0.3%CVE-2026-2651CRITICALMissing Authorization Validation in mlflow/mlflowEPSS 0.3%CVE-2026-0679MEDIUMFortis for WooCommerce <= 1.2.0 - Missing Authorization to Unauthenticated Arbitrary Order Status Update to Paid via 'wc-api' EndpointEPSS 0.3%CVE-2024-1994MEDIUMImage Watermark <= 1.7.3 - Missing Authorization to Authenticated (Subscriber+) Watermark ModificationEPSS 0.3%CVE-2026-59097MEDIUMTaiga < 6.10.2 - Unauthorized Due-Date Creation via API ViewsetsEPSS 0.3%CVE-2024-34802MEDIUMWordPress AdFoxly plugin <= 1.8.5 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2025-30896MEDIUMWordPress WP ERP plugin <= 1.13.4 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2025-2789MEDIUMMultiVendorX – The Ultimate WooCommerce Multivendor Marketplace Solution <= 4.2.19 - Missing Authorization to Unauthenticated Table Rates DeletionEPSS 0.3%CVE-2025-58753MEDIUMcopyparty: Sharing a single file does not fully restrict access to other files in source folderEPSS 0.3%CVE-2025-42982HIGHInformation Disclosure in SAP GRC (AC Plugin)EPSS 0.3%CVE-2026-1004MEDIUMEssential Addons for Elementor <= 6.5.5 - Missing Authorization to Unauthenticated Sensitive Information ExposureEPSS 0.3%CVE-2024-10853MEDIUMBuy one click WooCommerce <= 2.2.9 - Missing Authorization to Authenticated (Subscriber+) Order DeletionEPSS 0.3%CVE-2025-25110MEDIUMWordPress Event Kikfyre plugin <= 2.1.8 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2025-68007MEDIUMWordPress Event Espresso 4 Decaf plugin <= 5.0.37.decaf - Settings Change vulnerabilityEPSS 0.3%CVE-2024-55996MEDIUMWordPress Payment gateway per Product for WooCommerce plugin <= 3.5.6 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2024-56236MEDIUMWordPress Hestia Nginx Cache plugin <= 2.4.0 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.3%CVE-2024-0893MEDIUMSchema App Structured Data <= 2.2.0 - Missing AuthorizationEPSS 0.3%CVE-2024-4355MEDIUMBlock Bad Bots and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection <= 10.23 - Missing Authorization to Information ExpsoureEPSS 0.3%