Fallos del tipo CWE-862

6921 resultados
CVE-2025-22318HIGHWordPress Standard Box Sizes plugin <= 1.6.13 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2024-32455MEDIUMWordPress Fatal Error Notify plugin <= 1.5.2 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2025-22285MEDIUMWordPress Pallet Packaging for WooCommerce Plugin <= 1.1.15 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2023-52117MEDIUMWordPress ProfileGrid plugin <= 5.6.6 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2025-14718MEDIUMSchedule Post Changes With PublishPress Future: Unpublish, Delete, Change Status, Trash, Change Categories <= 4.9.3 - Missing Authorization to Authenticated (Contributor+) Workflow ManipulationEPSS 0.3%CVE-2025-30958MEDIUMWordPress onOffice for WP-Websites plugin <= 6.5.1 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2026-32483MEDIUMWordPress Contact Form Email plugin <= 1.3.63 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2023-39993MEDIUMWordPress ElementsKit Lite plugin <= 2.9.0 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2025-65029HIGHRallly Has an IDOR Vulnerability in Participant Deletion Endpoint Allows Unauthorized Removal of Poll ParticipantsEPSS 0.3%CVE-2024-21748MEDIUMWordPress Icegram Engage plugin <= 3.1.21 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2026-25036MEDIUMWordPress Passster plugin <= 4.2.25 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2026-49057HIGHWordPress JobSearch plugin <= 3.2.7 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2026-7617MEDIUMSecufor_OAuth <= 1.0.7 - Missing Authorization to Unauthenticated Account Logout via 'secuforoauth_unregister_action' AJAX ActionEPSS 0.3%CVE-2023-37394MEDIUMWordPress WP Dummy Content Generator plugin <= 2.3.0 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2026-32270LOWCraft Commerce: Unauthenticated information disclosure in `commerce/payments/pay` can leak some customer order data on anonymous paymentsEPSS 0.3%CVE-2026-12094MEDIUMAdvanced Contact Form 7 <= 1.0.0 - Missing Authorization to Unauthenticated Arbitrary Contact Form Submission Deletion via 'form_id' ParameterEPSS 0.3%CVE-2023-40672MEDIUMWordPress Sticky Social Media Icons plugin <= 2.1 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2025-7822MEDIUMWP Wallcreeper <= 1.6.1 - Missing Authorization to Authenticated (Susbcriber+) Cache Enable/DisableEPSS 0.3%CVE-2026-33759MEDIUMAVideo: Unauthenticated IDOR in playlistsVideos.json.php Exposes Private Playlist ContentsEPSS 0.3%CVE-2024-35716MEDIUMWordPress Copymatic plugin <= 1.9 - Broken Access Control vulnerabilityEPSS 0.3%