Fallos del tipo CWE-862
6896 resultadosCVE-2026-22459MEDIUMWordPress WordPress CTA plugin <= 2.1.2 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2025-68003MEDIUMWordPress Shown Connector plugin <= 1.2.10 - Settings Change vulnerabilityEPSS 0.3%CVE-2024-24719MEDIUMWordPress Kikote plugin <= 1.8.9 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2024-30217MEDIUMMissing Authorization check in SAP S/4 HANA (Cash Management)EPSS 0.3%CVE-2025-26750MEDIUMWordPress Vitepos Plugin <= 3.1.3 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2024-5674MEDIUMNewsletter - API v1 and v2 addon for Newsletter <= 2.4.5 - Missing Authorization to Email Subscribers ManagementEPSS 0.3%CVE-2023-45633MEDIUMWordPress IMPress Listings plugin <= 2.6.2 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2024-22151MEDIUMWordPress Import and export users and customers plugin <= 1.24.6 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2026-24139HIGHMyTube Allows Unauthorized Database Export by Guest UsersEPSS 0.3%CVE-2024-41624MEDIUMIncorrect access control in Himalaya Xiaoya nano smart speaker rom_version 1.6.96 allows a remote attacker to have an unspecified impact.EPSS 0.3%CVE-2025-46823HIGHOpenMRS has Vulnerability in FHIR2 Module PrivilegesEPSS 0.3%CVE-2024-12781MEDIUMAurum - WordPress & WooCommerce Shopping Theme <= 4.0.2 - Missing Authorization to Authenticated (Subscriber+) Demo Content ImportEPSS 0.3%CVE-2026-44994MEDIUMOpenClaw < 2026.4.22 - Authentication Bypass in Gateway Control UI Bootstrap Config EndpointEPSS 0.3%CVE-2024-5857MEDIUMInteractive Contact Form and Multi Step Form Builder with Drag & Drop Editor – Funnelforms Free <= 3.7.3.2 - Missing Authorization to Unauthenticated Arbitrary Media DeletionEPSS 0.3%CVE-2025-8814MEDIUMatjiu pybbs CookieUtil.java setCookie cross-site request forgeryEPSS 0.3%CVE-2024-2017MEDIUMCountdown, Coming Soon, Maintenance – Countdown & Clock <= 2.7.8 - Missing Authorization to Authenticated (Subscriber+) PHP Object InjectionEPSS 0.3%CVE-2023-31826HIGHSkyscreamer Open Source Nevado JMS v1.3.2 does not perform security checks when receiving messages. This allows attackers to execute arbitraEPSS 0.3%CVE-2024-6755MEDIUMSocial Auto Poster <= 5.3.14 - Missing Authorization to Unauthenticated Arbitrary Post DeletionEPSS 0.3%CVE-2023-4728MEDIUMLadiApp: Landing Page, PopupX, Marketing Automation, Affiliate Marketing… <= 4.4 - Missing Authorization on publish_lp()EPSS 0.3%CVE-2025-49913MEDIUMWordPress CoSchedule plugin <= 3.4.0 - Broken Access Control vulnerabilityEPSS 0.3%