Fallos del tipo CWE-862
6946 resultadosCVE-2025-62754MEDIUMWordPress Payment Gateway bKash for WC plugin <= 3.1.0 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2025-5957MEDIUMGuest Support – Complete customer support ticket system for WordPress <= 1.2.2 - Missing Authorization to Unauthenticated Ticket DeletionEPSS 0.3%CVE-2025-8152MEDIUMWP CTA – Call To Action Plugin, Sticky CTA, Sticky Buttons <= 1.7.0 - Missing Authorization to Unauthenticated Sticky Status UpdateEPSS 0.3%CVE-2025-13416MEDIUMProfileGrid – User Profiles, Groups and Communities <= 5.9.7.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary User SuspensionEPSS 0.3%CVE-2026-39658MEDIUMWordPress Panda Pods Repeater Field plugin <= 1.5.12 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2025-14895MEDIUMPopupKit <= 2.2.0 - Missing Authorization to Sensitive Information Disclosure and Data DeletionEPSS 0.3%CVE-2024-6883MEDIUMEvent Espresso 4 Decaf – Event Registration Event Ticketing <= 4.10.46.decaf- Authenticated (Subscriber+) Missing Authorization to Limited Plugin Settings ModificationEPSS 0.3%CVE-2023-31214MEDIUMWordPress WP Quick Post Duplicator plugin <= 2.0 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2025-68058HIGHWordPress Institutions Directory plugin <= 1.3..4 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2022-32966MEDIUMRealtek RTL8111FP-CG - Missing AuthorizationEPSS 0.3%CVE-2025-32208MEDIUMWordPress Hive Support plugin <= 1.2.5 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2026-1000MEDIUMMailerLite - WooCommerce integration <= 3.1.3 - Missing Authorization to Data DeletionEPSS 0.3%CVE-2025-47563MEDIUMWordPress CURCY plugin <= 2.3.7 - Arbitrary Shortcode Execution vulnerabilityEPSS 0.3%CVE-2025-66071MEDIUMWordPress Custom Order Numbers for WooCommerce plugin <= 1.11.0 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2026-25441MEDIUMWordPress LeadConnector plugin <= 3.0.21 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2026-1655MEDIUMEventPrime <= 4.2.8.4 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Event Modification via 'event_id' ParameterEPSS 0.3%CVE-2026-0692HIGHBlueSnap Payment Gateway for WooCommerce <= 3.4.0 - Missing Authorization to Unauthenticated Arbitrary Order Status ManipulationEPSS 0.3%CVE-2025-60247MEDIUMWordPress Bux Woocommerce plugin <= 1.2.3 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2026-12404MEDIUMNEX-Forms <= 9.2.2 - Missing Authorization to Unauthenticated Sensitive Information Disclosure via CSVExport ClassEPSS 0.3%CVE-2024-49687MEDIUMWordPress Smart Manager plugin <= 8.45.0 - Broken Access Control vulnerabilityEPSS 0.3%