Fallos del tipo CWE-862
6959 resultadosCVE-2025-24590MEDIUMWordPress picu – Online Photo Proofing Gallery plugin <= 2.4.0 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2025-62033MEDIUMWordPress Togo theme < 1.0.4 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2026-41454HIGHWeKan < 8.35 Missing Authorization via Integration REST APIEPSS 0.3%CVE-2025-15260MEDIUMMyRewards – Loyalty Points and Rewards for WooCommerce <= 5.6.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Loyalty Rule ModificationEPSS 0.3%CVE-2026-28557HIGHwpForo Forum < 2.4.16 Privilege Escalation via Role Synchronization HandlerEPSS 0.3%CVE-2026-35606MEDIUMFile Browser discloses text file content via /api/resources endpoint bypassing Perm.Download checkEPSS 0.3%CVE-2025-1891MEDIUMshishuocms cross-site request forgeryEPSS 0.3%CVE-2024-6155MEDIUMGreenshift – animation and page builder blocks <= 9.0.0 - Missing Authorization to Authenticated (Subscriber+) Server-Side Request Forgery and Stored Cross-Site ScriptingEPSS 0.3%CVE-2025-23187MEDIUMMissing Authorization Check in SAP NetWeaver and ABAP Platform (SDCCN)EPSS 0.3%CVE-2025-4887MEDIUMSourceCodester Online Student Clearance System cross-site request forgeryEPSS 0.3%CVE-2025-64179MEDIUMlakeFS: Unauthenticated access to API usage metricsEPSS 0.3%CVE-2025-39554MEDIUMWordPress AI Text to Speech plugin <= 3.0.3 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2025-47526MEDIUMWordPress GS Variation Swatches for WooCommerce plugin <= 3.0.4 - Broken Access Control VulnerabilityEPSS 0.3%CVE-2023-5056MEDIUMSkupper-operator: privelege escalation via config mapEPSS 0.3%CVE-2025-29013MEDIUMWordPress Custom Category/Post Type Post order plugin <= 1.6.0 - Broken Access Control VulnerabilityEPSS 0.3%CVE-2025-11890HIGHCrypto Payment Gateway with Payeer for WooCommerce <= 1.0.3 - Unauthenticated Payment BypassEPSS 0.3%CVE-2026-4094HIGHFOX – Currency Switcher Professional for WooCommerce <= 1.4.5 - Missing Authorization to Authenticated (Contributor+) Configuration DeletionEPSS 0.3%CVE-2025-30957MEDIUMWordPress Activity Plus Reloaded for BuddyPress plugin <= 1.1.2 - Broken Access Control VulnerabilityEPSS 0.3%CVE-2026-49991HIGHRustFS Snowball Auto-Extract: Path Traversal allows cross-bucket object injectionEPSS 0.3%CVE-2025-23971MEDIUMWordPress KI Live Video Conferences plugin <= 5.5.15 - Broken Access Control VulnerabilityEPSS 0.3%