Fallos del tipo CWE-862

6889 resultados
CVE-2025-32620HIGHWordPress Doppler Forms plugin <= 2.4.6 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2024-1400MEDIUMMollie Forms <= 2.6.3 - Missing Authorization to Arbitrary Post DuplicationEPSS 0.3%CVE-2025-60106MEDIUMWordPress EmailKit Plugin <= 1.6.0 - Arbitrary Content Deletion VulnerabilityEPSS 0.3%CVE-2026-45667MEDIUMOpen WebUI: Unauthenticated endpoint can trigger embedding generation (cost/DoS)EPSS 0.3%CVE-2025-59828HIGHClaude Code Vulnerable to Arbitrary Code Execution via Plugin Autoloading with Specific Yarn VersionsEPSS 0.3%CVE-2025-55734MEDIUMflaskBlo Authorization BypassEPSS 0.3%CVE-2025-52731HIGHWordPress WordPress Event Manager, Event Calendar and Booking Plugin Plugin <= 4.0.24 - Arbitrary Content Deletion VulnerabilityEPSS 0.3%CVE-2025-13620MEDIUMWp Social Login and Register Social Counter <= 3.1.3 - Missing Authorization in Cache REST Endpoints to Social Counter TamperingEPSS 0.3%CVE-2026-7525MEDIUMMy Calendar <= 3.7.9 - Authenticated (Custom+) Missing Authorization to Unauthorized Event Publication via 'event_approved' ParameterEPSS 0.3%CVE-2025-54692HIGHWordPress Membership For WooCommerce Plugin <= 2.9.0 - Broken Access Control VulnerabilityEPSS 0.3%CVE-2025-31881MEDIUMWordPress Pearl plugin <= 1.3.9 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2024-4205MEDIUMPremium Addons for Elementor <= 4.10.31 - Missing Authorization to Information DisclosureEPSS 0.3%CVE-2024-3664MEDIUMQuick Featured Images <= 13.7.0 - Missing Authorization to Authenticated (Contributor+) Arbitrary Thumbnail Deletion/SettingEPSS 0.3%CVE-2024-13637MEDIUMDemo Awesome <= 1.0.3 - Missing Authorization to Authenticated (Subscriber+) Plugin ActivationEPSS 0.3%CVE-2025-22670MEDIUMWordPress VikBooking Hotel Booking Engine & PMS plugin <= 1.7.2 - CSRF to Settings Change vulnerabilityEPSS 0.3%CVE-2025-22668MEDIUMWordPress Awesome Event Booking plugin <= 2.7.2 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2024-12263MEDIUMChild Theme Creator by Orbisius <= 1.5.5 - Missing Authorization to Authenticated (Subscriber+) Cloud Snippet Update/DeleteEPSS 0.3%CVE-2024-44052MEDIUMWordPress HelloAsso plugin <= 1.1.10 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2026-57669MEDIUMWordPress Advanced Contact form 7 DB plugin <= 2.0.9 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2025-63293MEDIUMFairSketch Rise Ultimate Project Manager & CRM 3.9.4 is vulnerable to Insecure Permissions. A remote authenticated user can append comments EPSS 0.3%