Fallos del tipo CWE-862
6960 resultadosCVE-2025-64639MEDIUMWordPress WP Compress for MainWP plugin <= 6.50.17 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2025-20302MEDIUMCisco Secure Firewall Management Center Software Authorization Bypass VulnerabilityEPSS 0.3%CVE-2024-13686MEDIUMVW Storefront <= 0.9.9 - Missing Authorization to Authenticated (Subscriber+) Settings ResetEPSS 0.3%CVE-2025-68073MEDIUMWordPress GDPR CCPA Compliance Support plugin <= 2.7.4 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2024-4102MEDIUMPricing Table <= 2.0.1 - Missing AuthorizationEPSS 0.3%CVE-2025-31882MEDIUMWordPress Webinar Plugin <= 1.33.28 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2026-22522MEDIUMWordPress Block Slider plugin <= 2.2.3 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2022-47339MEDIUMIn cmd services, there is a OS command injection issue due to missing permission check. This could lead to local escalation of privilege witEPSS 0.3%CVE-2026-9014MEDIUMWP Promoter <= 1.3 - Missing Authorization to Unauthenticated Statistics Reset via wpp-reset_stats AJAX ActionEPSS 0.3%CVE-2025-52775HIGHWordPress Project Cost Calculator Plugin <= 1.0.0 - Broken Access Control VulnerabilityEPSS 0.3%CVE-2025-59416HIGHThe Scratch Channel forks can publish articlesEPSS 0.3%CVE-2025-66736HIGHyoulai-boot V2.21.1 is vulnerable to Incorrect Access Control. The importUsers function in SysUserController.java does not perform a permissEPSS 0.3%CVE-2026-28554MEDIUMwpForo Forum 2.4.14 Missing Authorization via Post Approval AJAX HandlerEPSS 0.3%CVE-2026-28555MEDIUMwpForo Forum 2.4.14 Missing Authorization via Topic Close AJAX HandlerEPSS 0.3%CVE-2026-59217MEDIUMOpen WebUI: Upload `metadata.knowledge_id` bypasses the knowledge-base write-access check (read-only users can add files to KB)EPSS 0.3%CVE-2024-55072MEDIUMA Broken Object Level Authorization vulnerability in the component /api/users/{user-id} of hay-kot mealie v2.2.0 allows users to edit their EPSS 0.3%CVE-2023-48761MEDIUMWordPress JetElements For Elementor plugin <= 2.6.13 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2025-14079MEDIUMELEX WordPress HelpDesk & Customer Ticketing System <= 3.3.5 - Missing Authorization to Authenticated (Subscriber+) Settings UpdateEPSS 0.3%CVE-2023-4302MEDIUMMissing permission checks in Fortify Plugin allow capturing credentialsEPSS 0.3%CVE-2026-28254MEDIUMMissing Authorization vulnerability in Trane Tracer SC, Tracer SC+, and Tracer ConciergeEPSS 0.3%