Fallos del tipo CWE-862

6917 resultados
CVE-2025-47690HIGHWordPress Lead Form Data Collection to CRM plugin <= 3.1 - Arbitrary Option Update to Privilege Escalation vulnerabilityEPSS 0.3%CVE-2025-39456MEDIUMWordPress WP Logger plugin <= 2.2 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2024-6175MEDIUMBooking Ultra Pro <= 1.1.13 - Missing Authorization to Authenticated (Subscriber+) Plugin Settings UpdatesEPSS 0.3%CVE-2025-1299MEDIUMMissing Authorization in GitLabEPSS 0.3%CVE-2025-39477CRITICALWordPress InWave Jobs Plugin <= 3.5.8 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2023-52177MEDIUMWordPress Integrate Google Drive plugin <= 1.3.3 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2024-5127MEDIUMImproper Access Control in lunary-ai/lunaryEPSS 0.3%CVE-2024-13530MEDIUMCustom Login Page Styler <= 7.1.1 - Missing Authorization to Authenticated (Subsciber+) Log Deletion and Session TerminationEPSS 0.3%CVE-2025-39457MEDIUMWordPress Booking and Rental Manager plugin <= 2.2.8 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2025-42961MEDIUMMissing Authorization check in SAP NetWeaver Application Server for ABAPEPSS 0.3%CVE-2024-12617MEDIUMWC Price History for Omnibus <= 2.1.3 - Missing AuthorizationEPSS 0.3%CVE-2024-32725MEDIUMWordPress 5 Stars Rating Funnel plugin 1.2.67 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2025-55471HIGHIncorrect access control in the getUserFormData function of youlai-boot v2.21.1 allows attackers to access sensitive information for other uEPSS 0.3%CVE-2024-6489MEDIUMGetwid – Gutenberg Blocks <= 2.0.10 - Missing Authorization to Google API key updateEPSS 0.3%CVE-2025-24692HIGHWordPress Bulk Menu Edit plugin <= 1.3 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2024-6167MEDIUMJust Custom Fields <= 3.3.2 - Missing Authorization via AJAX actionsEPSS 0.3%CVE-2025-12876MEDIUMProjectopia – WordPress Project Management <= 5.1.19 - Missing Authorization to Unauthenticated Arbitrary Attachment DeletionEPSS 0.3%CVE-2024-13716MEDIUMForex Calculators <= 1.3.7 - Missing Authorization to Authenticated (Subscriber+) Settings UpdateEPSS 0.3%CVE-2026-4977MEDIUMUsersWP <= 1.2.58 - Authenticated (Subscriber+) Restricted Usermeta Modification via 'htmlvar' ParameterEPSS 0.3%CVE-2025-53284MEDIUMWordPress CMS Blocks plugin <= 1.1 - Broken Access Control VulnerabilityEPSS 0.3%