Fallos del tipo CWE-862

6959 resultados
CVE-2025-54745MEDIUMWordPress miniOrange's Google Authenticator Plugin <= 6.1.1 - Broken Access Control VulnerabilityEPSS 0.3%CVE-2026-40543HIGHMissing Authorization in SOPlanningEPSS 0.3%CVE-2024-9626MEDIUMEditorial Assistant by Sovrn <= 1.3.3 - Missing Authorization to Authenticated (Subscriber+) Attachment Upload and Set Post Featured ImageEPSS 0.3%CVE-2026-32441HIGHWordPress Comments Import & Export plugin <= 2.4.9 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2025-28997MEDIUMWordPress WP AutoKeyword plugin <= 1.0 - Broken Access Control VulnerabilityEPSS 0.3%CVE-2025-5811MEDIUMListly: Listicles For WordPress <= 2.7 - Unauthenticated Arbitrary Transient DeletionEPSS 0.3%CVE-2025-28985MEDIUMWordPress Elastic Email Subscribe Form plugin <= 1.2.2 - Broken Access Control VulnerabilityEPSS 0.3%CVE-2026-12902MEDIUMKadence Blocks <= 3.7.7 - Missing Authorization to Authenticated (Contributor+) Arbitrary Media Attachment Creation via kadence_import_process_pattern/kadence_import_process_data AJAX ActionsEPSS 0.3%CVE-2026-9233MEDIUMQuiz and Survey Master (QSM) <= 11.1.4 - Missing Authorization to Authenticated (Contributor+) Arbitrary Modification via qsm_insert_quiz_template AJAX ActionEPSS 0.3%CVE-2023-7292MEDIUMPaytium: Mollie payment forms & donations <= 4.3.7 - Missing Authorization in 'paytium_notice_dismiss'EPSS 0.3%CVE-2026-22447MEDIUMWordPress Prowess theme <= 1.8.1 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2026-35660HIGHOpenClaw < 2026.3.23 - Insufficient Access Control in Gateway Agent Session ResetEPSS 0.3%CVE-2024-10614MEDIUMCustomer Reviews for WooCommerce <= 5.61.0 - Missing Authorization to Authenticated (Subscriber+) Import CancellationEPSS 0.3%CVE-2024-13526MEDIUMEventPrime – Events Calendar, Bookings and Tickets <= 4.0.7.3 - Missing Authorization to Authenticated (Subscriber+) Event Attendees ExportEPSS 0.3%CVE-2026-57946MEDIUMInvidious - Private Playlist Disclosure via Unauthenticated RSS Feed EndpointEPSS 0.3%CVE-2024-47585MEDIUMMissing Authorization check in SAP NetWeaver Application Server for ABAP and ABAP PlatformEPSS 0.3%CVE-2025-11228MEDIUMGiveWP – Donation Plugin and Fundraising Platform <= 4.10.0 - Missing Authorization to Unauthenticated Forms-Campaign AssociationEPSS 0.3%CVE-2025-42983HIGHMissing Authorization check in SAP Business Warehouse and SAP Plug-In BasisEPSS 0.3%CVE-2026-25320MEDIUMWordPress Elementor Contact Form DB plugin <= 2.1.3 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2026-49956HIGHHermes WebUI < 0.51.269 Profile Isolation Bypass via sessions searchEPSS 0.3%