Fallos del tipo CWE-862

6911 resultados
CVE-2025-23963MEDIUMWordPress Mark Posts plugin <= 2.2.4 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2026-39490HIGHWordPress JupiterX Core plugin <= 4.14.1 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2026-45209HIGHWordPress MyCryptoCheckout plugin <= 2.161 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2025-47628MEDIUMWordPress QS Dark Mode plugin <= 3.0 - Broken Access Control VulnerabilityEPSS 0.3%CVE-2024-27970MEDIUMWordPress WP SendFox plugin <= 1.3.0 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2025-47463HIGHWordPress Stock Locations for WooCommerce plugin <= 2.8.6 - Broken Access Control VulnerabilityEPSS 0.3%CVE-2026-3651MEDIUMBuild App Online <= 1.0.23 - Missing Authorization to Arbitrary Post Author Modification via 'build-app-online-update-vendor-product' AJAX ActionEPSS 0.3%CVE-2026-48835HIGHWordPress Contact Form by WPForms plugin <= 1.10.0.4 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2026-33470MEDIUMFrigate has cross-camera snapshot disclosure via unrestricted timeline IDs and missing authorization in /api/events/{event_id}/snapshot-clean.webpEPSS 0.3%CVE-2025-47612MEDIUMWordPress ClickWhale plugin <= 2.4.6 - Broken Access Control VulnerabilityEPSS 0.3%CVE-2024-11353MEDIUMSMS for Lead Capture Forms <= 1.1.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Message DeletionEPSS 0.3%CVE-2024-9584MEDIUMImage Map Pro <= 6.0.20 - Missing Authorization to Authenticated (Contributor+) Map Project Add/Update/DeleteEPSS 0.3%CVE-2026-39533HIGHWordPress AWP Classifieds plugin <= 4.4.4 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2024-10897MEDIUMTutor LMS Elementor Addons <= 2.1.5 - Missing Authorization to Authenticated (Subscriber+) Limited Plugin InstallationEPSS 0.3%CVE-2024-37175MEDIUM[Multiple CVEs] Multiple vulnerabilities in SAP CRM (WebClient UI)EPSS 0.3%CVE-2024-13439MEDIUMTeam – Team Members Showcase Plugin <= 4.4.9 - Missing Authorization to Authenticated (Subscriber+) Settings UpdateEPSS 0.3%CVE-2026-34024HIGHMissing authorization checks in Wertheim SafeController Software allow low-privileged users to access restricted functionsEPSS 0.3%CVE-2025-1504MEDIUMPost Lockdown <= 4.0.2 - Missing Authorization to Authenticated (Subscriber+) Post DisclosureEPSS 0.3%CVE-2023-39922MEDIUMWordPress Avada theme <= 7.11.1 - Authenticated Broken Access Control vulnerabilityEPSS 0.3%CVE-2025-68069HIGHWordPress Directorist plugin <= 8.6.6 - Broken Access Control vulnerabilityEPSS 0.3%