Fallos del tipo CWE-862

6917 resultados
CVE-2026-30842MEDIUMWallos: Authenticated Missing Authorization Allows Deletion of Other Users’ Uploaded AvatarsEPSS 0.3%CVE-2025-14971MEDIUMLink Invoice Payment for WooCommerce <= 2.8.0 - Missing Authorization to Unauthenticated Arbitrary Partial Payment Creation/CancellationEPSS 0.3%CVE-2024-10606MEDIUMWP Travel Engine <= 6.2.1 - Missing Authorization to Authenticated (Contributor+) Plugin Settings UpdateEPSS 0.3%CVE-2026-34358HIGHCtrlPanel: Missing Authorization on Admin Write Endpoints Allows RBAC BypassEPSS 0.3%CVE-2025-53284MEDIUMWordPress CMS Blocks plugin <= 1.1 - Broken Access Control VulnerabilityEPSS 0.3%CVE-2026-4977MEDIUMUsersWP <= 1.2.58 - Authenticated (Subscriber+) Restricted Usermeta Modification via 'htmlvar' ParameterEPSS 0.3%CVE-2024-49273MEDIUMWordPress ProfileGrid plugin <= 5.9.3 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.3%CVE-2025-12876MEDIUMProjectopia – WordPress Project Management <= 5.1.19 - Missing Authorization to Unauthenticated Arbitrary Attachment DeletionEPSS 0.3%CVE-2025-65029HIGHRallly Has an IDOR Vulnerability in Participant Deletion Endpoint Allows Unauthorized Removal of Poll ParticipantsEPSS 0.3%CVE-2025-39449HIGHWordPress JetWooBuilder plugin <= 2.1.18 - Broken Access Control VulnerabilityEPSS 0.3%CVE-2026-49057HIGHWordPress JobSearch plugin <= 3.2.7 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2023-52117MEDIUMWordPress ProfileGrid plugin <= 5.6.6 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2025-14718MEDIUMSchedule Post Changes With PublishPress Future: Unpublish, Delete, Change Status, Trash, Change Categories <= 4.9.3 - Missing Authorization to Authenticated (Contributor+) Workflow ManipulationEPSS 0.3%CVE-2025-22318HIGHWordPress Standard Box Sizes plugin <= 1.6.13 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2026-25036MEDIUMWordPress Passster plugin <= 4.2.25 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2025-30958MEDIUMWordPress onOffice for WP-Websites plugin <= 6.5.1 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2024-4199MEDIUMBulk Posts Editing For WordPress <= 4.2.3 - Authenticated (Subscriber+) Missing AuthorizationEPSS 0.3%CVE-2025-22285MEDIUMWordPress Pallet Packaging for WooCommerce Plugin <= 1.1.15 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2026-32483MEDIUMWordPress Contact Form Email plugin <= 1.3.63 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2025-39451HIGHWordPress JetBlocks For Elementor plugin <= 1.3.16 - Broken Access Control VulnerabilityEPSS 0.3%