Fallos del tipo CWE-862

6923 resultados
CVE-2026-25398MEDIUMWordPress Vertex Addons for Elementor plugin <= 1.6.4 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2023-23639MEDIUMWordPress MainWP Staging Extension Plugin <= 4.0.3 - Subscriber+ Arbitrary Plugin Activation VulnerabilityEPSS 0.3%CVE-2025-5956MEDIUMWP Human Resource Management 2.0.0 - 2.2.17 - Missing Authorization to Authenticated (Employee+) Arbitrary User Deletion via ajax_delete_employee FunctionEPSS 0.3%CVE-2025-69393HIGHWordPress Exzo theme <= 1.2.4 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2026-45285MEDIUMNextcloud: Hidden Public Link creation when sharing to a Team External MemberEPSS 0.3%CVE-2026-23541HIGHWordPress Mail Mint plugin <= 1.19.4 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2025-41337HIGHMissing Authorization vulnerability in CanalDenuncia.appEPSS 0.3%CVE-2026-1831LOWYayMail <= 4.3.2 - Missing Authorization to Authenticated (Shop Manager+) Plugin Installation and ActivationEPSS 0.3%CVE-2025-67970MEDIUMWordPress Schedula plugin <= 1.0 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2026-34903MEDIUMWordPress Ocean Extra plugin <= 2.5.3 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2025-62085MEDIUMWordPress BERTHA AI plugin <= 1.13 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2024-6458MEDIUMWooCommerce Product Table Lite <= 3.5.1 - Missing Authorization to (Subscriber+) Stored Cross-Site ScriptingEPSS 0.3%CVE-2025-6718HIGHB1.lt for WooCommerce <= 2.2.57 - Missing Authorization to Authenticated (Subscriber+) Arbitrary SQL InjectionEPSS 0.3%CVE-2024-7888MEDIUMClassified Listing – Classified ads & Business Directory Plugin <= 3.1.7 - Missing AuthorizationEPSS 0.3%CVE-2024-5309MEDIUMForm Vibes – Database Manager for Forms <= 1.4.12 - Missing Authorization in Multiple FunctionsEPSS 0.3%CVE-2026-1280HIGHFrontend File Manager Plugin <= 23.5 - Missing Authorization to Unauthenticated Arbitrary File Sharing via 'file_id' ParameterEPSS 0.3%CVE-2025-47887MEDIUMMissing permission checks in Jenkins Cadence vManager Plugin 4.0.1-286.v9e25a_740b_a_48 and earlier allows attackers with Overall/Read permiEPSS 0.3%CVE-2026-41160MEDIUMEspoCRM: Broken Access Control / IDOR in Note Pinning API allows unauthorized modification of notesEPSS 0.3%CVE-2025-53452MEDIUMWordPress Event Rocket Plugin <= 3.3 - Broken Access Control VulnerabilityEPSS 0.3%CVE-2024-13303MEDIUMDownload All Files - Critical - Access bypass - SA-CONTRIB-2024-069EPSS 0.3%