Fallos del tipo CWE-862
6926 resultadosCVE-2025-24763MEDIUMWordPress bbPress API plugin <= 1.0.14 - Broken Access Control VulnerabilityEPSS 0.3%CVE-2026-1860MEDIUMKali Forms <= 2.4.8 - Insecure Direct Object Reference to Authenticated (Contributor+) Sensitive Form Data ExposureEPSS 0.3%CVE-2024-52391MEDIUMWordPress Pie Register Premium plugin < 3.8.3.3 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2026-53821HIGHOpenClaw < 2026.5.18 - Scope Elevation in trusted-proxy Control UI WebSocketEPSS 0.3%CVE-2024-13554MEDIUMThe Ultimate WordPress Toolkit – WP Extended <= 3.0.13 - Missing Authorization to Unauthenticated Post Order ManipulationEPSS 0.3%CVE-2026-45438HIGHWordPress Smart Coupons for WooCommerce plugin < 2.3.0 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2024-55073HIGHA Broken Object Level Authorization vulnerability in the component /api/users/{user-id} of hay-kot mealie v2.2.0 allows users to edit their EPSS 0.3%CVE-2025-49265HIGHWordPress Membership For WooCommerce plugin <= 2.8.1 - Broken Access Control VulnerabilityEPSS 0.3%CVE-2025-5521MEDIUMWuKongOpenSource WukongCRM updataPassword cross-site request forgeryEPSS 0.3%CVE-2025-53495CRITICALUnauthorized Disclosure of IP Reputation in AbuseFilterEPSS 0.3%CVE-2023-47770HIGHWordPress BeTheme theme <= 27.1.1 - Contributor+ Broken Access Control vulnerabilityEPSS 0.3%CVE-2026-4066MEDIUMSmart Custom Fields <= 5.0.6 - Missing Authorization to Authenticated (Contributor+) Sensitive Information Exposure via Relational Post SearchEPSS 0.3%CVE-2025-53499CRITICALUnauthorized Inspection of Protected Variables in AbuseFilterEPSS 0.3%CVE-2020-36890HIGHKentico Xperience <= 10 Administrator Access Control BypassEPSS 0.3%CVE-2026-26977MEDIUMFrappe Learning Management System exposes details of unpublished courses to unauthorized usersEPSS 0.3%CVE-2024-13520MEDIUMGift Cards (Gift Vouchers and Packages) (WooCommerce Supported) <= 4.4.9 - Missing Authorization to Unauthenticated Price, Date, and Note UpdatesEPSS 0.3%CVE-2020-26231MEDIUMBypass of fix for CVE-2020-15247, Twig sandbox escapeEPSS 0.3%CVE-2026-3426MEDIUMRTMKit Addons for Elementor <= 2.0.2 - Authenticated (Author+) Missing Authorization to Widget Configuration ModificationEPSS 0.3%CVE-2024-41624MEDIUMIncorrect access control in Himalaya Xiaoya nano smart speaker rom_version 1.6.96 allows a remote attacker to have an unspecified impact.EPSS 0.3%CVE-2024-24840MEDIUMWordPress Element Pack Elementor Addons plugin <= 5.4.11 - Broken Access Control on Duplicate Post vulnerabilityEPSS 0.3%