Fallos del tipo CWE-862
6914 resultadosCVE-2026-35061MEDIUMAnviz Products Missing AuthorizationEPSS 0.3%CVE-2025-3257MEDIUMxujiangfei admintwo updateSet cross-site request forgeryEPSS 0.3%CVE-2025-63069MEDIUMWordPress Ivory Search plugin <= 5.5.12 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2024-10543MEDIUMTumult Hype Animations <= 1.9.14 - Missing AuthorizationEPSS 0.3%CVE-2026-9015MEDIUMEqualize Digital Accessibility Checker <= 1.42.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Accessibility Issue Modification via edac_insert_ignore_data AJAX ActionEPSS 0.3%CVE-2023-52179MEDIUMWordPress Product Expiry for WooCommerce plugin <= 2.5 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2026-1897MEDIUMWeKan Position-History Tracking positionHistory.js PositionHistoryBleed authorizationEPSS 0.3%CVE-2026-2941HIGHLinksy Search and Replace <= 1.0.4 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Database Update via linksy_search_and_replace_item_detailsEPSS 0.3%CVE-2025-64214HIGHWordPress MasterStudy LMS Pro plugin < 4.7.16 - Arbitrary Content Deletion vulnerabilityEPSS 0.3%CVE-2026-10737HIGHSP Project & Document Manager <= 4.71 - Missing Authorization to Unauthenticated Arbitrary File Information Disclosure via view_file() FunctionEPSS 0.3%CVE-2025-69134HIGHWordPress OpenAI Chatbot for WordPress – Helper plugin <= 1.1.4 - Arbitrary Content Deletion vulnerabilityEPSS 0.3%CVE-2025-65098HIGHTypebot Vulnerable to Credential Theft via Client-Side Script Execution and API Authorization BypassEPSS 0.3%CVE-2023-48758HIGHWordPress JetEngine plugin <= 3.2.4 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2026-3601MEDIUMUser Registration & Membership <= 5.1.4 - Missing Authorization to Authenticated (Contributor+) Limited Page Content ModificationEPSS 0.3%CVE-2025-67540MEDIUMWordPress Animation Addons for Elementor plugin <= 2.4.5 - Arbitrary Content Deletion vulnerabilityEPSS 0.3%CVE-2026-0927MEDIUMKiviCare – Clinic & Patient Management System (EHR) <= 3.6.15 - Missing Authorization to Unauthenticated Limited Arbitrary File UploadEPSS 0.3%CVE-2026-3432CRITICALSim Studio AI - Unauthenticated OAuth Token TheftEPSS 0.3%CVE-2024-37505MEDIUMWordPress Business One Page theme <= 1.2.9 - Broken Access Control on Notice Dismissal vulnerabilityEPSS 0.3%CVE-2025-13950MEDIUMOneSignal – Web Push Notifications <= 3.6.1 - Missing Authorization to Unauthenticated Plugin Settings UpdateEPSS 0.3%CVE-2023-46203MEDIUMWordPress Just Custom Fields plugin <= 3.3.2 - Broken Access Control vulnerabilityEPSS 0.3%