Fallos del tipo CWE-862

6923 resultados
CVE-2025-32259MEDIUMWordPress WP ULike plugin <= 4.7.9.1 - Content Spoofing VulnerabilityEPSS 0.3%CVE-2026-24606MEDIUMWordPress Bayarcash WooCommerce plugin <= 4.3.13 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2024-35716MEDIUMWordPress Copymatic plugin <= 1.9 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2025-64348CRITICALELOG configuration file authorization bypassEPSS 0.3%CVE-2026-44554HIGHOpen WebUI: Knowledge Base Destruction and RAG Poisoning via Unauthorized Collection OverwriteEPSS 0.3%CVE-2024-12620MEDIUMAnimateGL Animations for WordPress – Elementor & Gutenberg Blocks Animations <= 1.4.23 - Missing Authorization to Unauthenticated Settings UpdateEPSS 0.3%CVE-2026-24134MEDIUMStudioCMS has an Authorization Bypass Through User-Controlled KeyEPSS 0.3%CVE-2025-8357MEDIUMMedia Library Assistant <= 3.27 - Authenticated (Author+) Limited File DeletionEPSS 0.3%CVE-2023-51413MEDIUMWordPress Piotnet Forms plugin <= 1.0.29 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2023-37394MEDIUMWordPress WP Dummy Content Generator plugin <= 2.3.0 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2026-32270LOWCraft Commerce: Unauthenticated information disclosure in `commerce/payments/pay` can leak some customer order data on anonymous paymentsEPSS 0.3%CVE-2025-11438MEDIUMJhumanJ OpnForm API Endpoint custom-domains authorizationEPSS 0.3%CVE-2026-33759MEDIUMAVideo: Unauthenticated IDOR in playlistsVideos.json.php Exposes Private Playlist ContentsEPSS 0.3%CVE-2024-32814MEDIUMWordPress Advanced Local Pickup for WooCommerce plugin <= 1.6.1 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2026-12094MEDIUMAdvanced Contact Form 7 <= 1.0.0 - Missing Authorization to Unauthenticated Arbitrary Contact Form Submission Deletion via 'form_id' ParameterEPSS 0.3%CVE-2024-5600MEDIUMHappy SCSS Compiler - Compile SCSS to CSS automatically <= 1.3.10 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site ScriptingEPSS 0.3%CVE-2025-7822MEDIUMWP Wallcreeper <= 1.6.1 - Missing Authorization to Authenticated (Susbcriber+) Cache Enable/DisableEPSS 0.3%CVE-2023-41240MEDIUMWordPress Pricing Deals for WooCommercePricing Deals for WooCommerce plugin <= 2.0.3.2 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2023-51670MEDIUMWordPress FunnelKit Checkout plugin <= 3.10.3 - Authenticated Arbitrary Plugin Activation vulnerabilityEPSS 0.3%CVE-2025-15070MEDIUMData Exposure in Gmission Web FAXEPSS 0.3%