Fallos del tipo CWE-862

6896 resultados
CVE-2024-34753MEDIUMWordPress Radio Player plugin <= 2.0.73 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2025-23773MEDIUMWordPress Delete All Posts plugin <= 1.1.1 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2024-32832CRITICALWordPress Login with Phone Number plugin <= 1.6.93 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2021-24730Logo Showcase with Slick Slider < 1.2.5 - Subscriber+ Arbitrary Media Title/Description/Alt Text/URL UpdateEPSS 0.3%CVE-2025-15330HIGHTanium addressed an improper input validation vulnerability in Deploy.EPSS 0.3%CVE-2026-46716CRITICALNezha Monitoring: RoleMember can run shell on every server (cross-tenant RCE) via POST /api/v1/cronEPSS 0.3%CVE-2020-36834MEDIUMDiscount Rules for WooCommerce <= 2.0.2 - Missing AuthorizationEPSS 0.3%CVE-2024-7390MEDIUMWP Testimonial Widget <= 3.1 - Missing AuthorizationEPSS 0.3%CVE-2024-10824MEDIUMAuthorization Bypass Vulnerability was Identified in GitHub Enterprise Server that Allowed Unauthorized Internal Users to Access Secret Scanning Alert DataEPSS 0.3%CVE-2025-24725MEDIUMWordPress Thim Elementor Kit Plugin <= 1.2.8 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2023-52232MEDIUMWordPress Booster Plus for WooCommerce plugin < 7.1.2 - Authenticated Arbitrary Post/Page Deletion VulnerabilityEPSS 0.3%CVE-2024-12719MEDIUMWordPress File Upload <= 4.24.15 - Missing Authorization to Authenticated (Subscriber+) Limited Path TraversalEPSS 0.3%CVE-2023-46605MEDIUMWordPress Convertful – Your Ultimate On-Site Conversion Tool plugin <= 2.5 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2020-36833MEDIUMIndeed Membership Pro 7.3 - 8.6 - Missing Authorization ChecksEPSS 0.3%CVE-2025-32929HIGHWordPress Barcode Generator for WooCommerce plugin <= 2.0.4 - Arbitrary Content Deletion vulnerabilityEPSS 0.3%CVE-2023-33922MEDIUMWordPress Elementor plugin <= 3.13.2 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2025-49234MEDIUMWordPress WP Dummy Content Generator plugin <= 3.4.6 - Arbitrary User Deletion vulnerabilityEPSS 0.3%CVE-2026-1310MEDIUMSimple calendar for Elementor <= 1.6.6 - Missing Authorization to Unauthenticated Arbitrary Calendar Entry DeletionEPSS 0.3%CVE-2026-11398MEDIUMLatePoint <= 5.6.1 - Missing Authorization to Unauthenticated Arbitrary Customer Data Modification via process_step_customer() Booking Form Customer StepEPSS 0.3%CVE-2026-44010HIGHCraft CMS: Missing Authorization in GraphQL Address Resolver Allows Cross-Scope PII DisclosureEPSS 0.3%