Fallos del tipo CWE-862

6948 resultados
CVE-2026-12404MEDIUMNEX-Forms <= 9.2.2 - Missing Authorization to Unauthenticated Sensitive Information Disclosure via CSVExport ClassEPSS 0.3%CVE-2025-60247MEDIUMWordPress Bux Woocommerce plugin <= 1.2.3 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2026-1655MEDIUMEventPrime <= 4.2.8.4 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Event Modification via 'event_id' ParameterEPSS 0.3%CVE-2025-1668MEDIUMSchool Management System – WPSchoolPress <= 2.2.16 - Missing Authorization to Arbitrary User DeletionEPSS 0.3%CVE-2026-0692HIGHBlueSnap Payment Gateway for WooCommerce <= 3.4.0 - Missing Authorization to Unauthenticated Arbitrary Order Status ManipulationEPSS 0.3%CVE-2025-52670HIGHMissing authorization check in Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes users on the system to delete banners owned by otEPSS 0.3%CVE-2026-34737MEDIUMAVideo: Arbitrary Stripe Subscription Cancellation via Debug Endpoint and retrieveSubscriptions() BugEPSS 0.3%CVE-2026-34233MEDIUMCtrlPanel has Missing Authentication Checks in Datatable Admin EndpointsEPSS 0.3%CVE-2024-5860MEDIUMTickera <= 3.5.2.8 - Missing Authorization to Authenticated (Susbcriber+) Ticket DeletionEPSS 0.3%CVE-2025-14720MEDIUMBooking for Appointments and Events Calendar – Amelia <= 1.2.38 - Missing Authorization to Unauthenticated Multiple AJAX ActionsEPSS 0.3%CVE-2024-56244MEDIUMWordPress Ashe Extra plugin <= 1.2.92 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2024-4088MEDIUMGutenberg Blocks and Page Layouts – Attire Blocks <= 1.9.2 - Missing AuthorizationEPSS 0.3%CVE-2026-46558HIGHPlane: Cross-workspace asset authorization bypass lets any authenticated user read, copy, delete, and overwrite assets in other Plane workspacesEPSS 0.3%CVE-2023-47828MEDIUMWordPress wpMandrill plugin <= 1.33 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2024-4661MEDIUMWP Reset <= 2.02 - Missing Authorization to License Key ModificationEPSS 0.3%CVE-2024-56002MEDIUMWordPress Contact Form, Survey & Form Builder – MightyForms plugin <= 1.3.9 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2026-11992MEDIUMEasy Appointments <= 3.12.27 - Missing Authorization to Authenticated (Author+) Bulk Appointment ManipulationEPSS 0.3%CVE-2024-47337MEDIUMWordPress Joy Of Text Lite plugin <= 2.3.1 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2026-27021MEDIUMDiscourse: Poll voters endpoint lacked post visibility checksEPSS 0.3%CVE-2025-9954HIGHAcquia DAM - Moderately critical - Access bypass, Information Disclosure - SA-CONTRIB-2025-105EPSS 0.3%