Fallos del tipo CWE-862
6960 resultadosCVE-2026-25332MEDIUMWordPress Endless Posts Navigation plugin <= 2.2.9 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2026-9233MEDIUMQuiz and Survey Master (QSM) <= 11.1.4 - Missing Authorization to Authenticated (Contributor+) Arbitrary Modification via qsm_insert_quiz_template AJAX ActionEPSS 0.3%CVE-2026-35660HIGHOpenClaw < 2026.3.23 - Insufficient Access Control in Gateway Agent Session ResetEPSS 0.3%CVE-2025-24654HIGHWordPress Squirrly SEO plugin <= 12.4.07 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2023-7288MEDIUMPaytium: Mollie payment forms & donations <= 4.3.7 - Missing Authorization in 'update_profile_preference'EPSS 0.3%CVE-2023-46628MEDIUMWordPress WP Word Count plugin <= 3.2.4 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2026-11592MEDIUMEmail Subscribers & Newsletters <= 5.9.27 - Missing Authorization to Authenticated (Contributor+) Settings Modification via ig_es_handle_request AJAX ActionEPSS 0.3%CVE-2026-25367MEDIUMWordPress CitiLights theme < 3.7.2 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2026-49956HIGHHermes WebUI < 0.51.269 Profile Isolation Bypass via sessions searchEPSS 0.3%CVE-2024-13526MEDIUMEventPrime – Events Calendar, Bookings and Tickets <= 4.0.7.3 - Missing Authorization to Authenticated (Subscriber+) Event Attendees ExportEPSS 0.3%CVE-2025-5018HIGHHive Support <= 1.2.5 - Authenticated (Subscriber+) Missing Authorization via hs_update_ai_chat_settings and hive_lite_support_get_all_binboxEPSS 0.3%CVE-2026-25374MEDIUMWordPress Spa and Salon theme <= 1.3.2 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2023-7292MEDIUMPaytium: Mollie payment forms & donations <= 4.3.7 - Missing Authorization in 'paytium_notice_dismiss'EPSS 0.3%CVE-2025-54741MEDIUMWordPress Super Blank Plugin <= 1.2.0 - Arbitrary Content Deletion VulnerabilityEPSS 0.3%CVE-2026-34892MEDIUMWordPress Rank Math SEO plugin <= 1.0.271 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2025-43805MEDIUMLiferay Portal 7.3.0 through 7.4.3.111, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, and 7.3 GA throughEPSS 0.3%CVE-2025-15347HIGHCreator LMS – The LMS for Creators, Coaches, and Trainers <= 1.1.12 - Missing Authorization to Authenticated (Contributor+) Arbitrary Options UpdateEPSS 0.3%CVE-2026-40795MEDIUMWordPress Amelia plugin <= 2.2 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2026-42659MEDIUMWordPress Advanced Form Integration plugin <= 1.126.12 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2024-54470MEDIUMA logic issue was addressed with improved checks. This issue is fixed in iOS 17.7.1 and iPadOS 17.7.1, iOS 18.1 and iPadOS 18.1. An attackerEPSS 0.3%