Fallos del tipo CWE-862
6960 resultadosCVE-2025-31529MEDIUMWordPress Slider Path for Elementor plugin <= 3.0.0 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2026-45552CRITICALRoxy-WI: Cross-tenant authorization bypass on /install/* — guest can run Ansible / SSH on every registered serverEPSS 0.3%CVE-2024-42380MEDIUMMultiple vulnerabilities in SAP NetWeaver Application Server for ABAP and ABAP PlatformEPSS 0.3%CVE-2025-58969MEDIUMWordPress Custom Login URL Plugin <= 1.0.2 - Broken Access Control VulnerabilityEPSS 0.3%CVE-2026-44569HIGHOpen WebUI: Insecure Message Access Breaks AuthorizationEPSS 0.3%CVE-2025-11564MEDIUMTutor LMS – eLearning and online course solution <= 3.8.3 - Missing Authorization to Unauthenticated Payment Status UpdateEPSS 0.3%CVE-2025-4520MEDIUMUncanny Automator <= 6.4.0.2 - Missing Authorization to Authenticated (Subscriber+) Plugin Settings UpdateEPSS 0.3%CVE-2024-7380MEDIUMGeo Controller <= 8.7.3 - Missing Authorization to Authenticated (Subscriber+) Menu Creation/DeletionEPSS 0.3%CVE-2026-48119HIGHNezha Monitoring: Authenticated agents can forge service-monitor results for other users' servicesEPSS 0.3%CVE-2025-54004LOWWordPress WCFM – Frontend Manager for WooCommerce plugin <= 6.7.24 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2026-1104HIGHFastDup – Fastest WordPress Migration & Duplicator <= 2.7.1 - Missing Authorization to Authenticated (Contributor+) Backup Creation and DownloadEPSS 0.3%CVE-2025-62874MEDIUMWordPress AnyComment plugin <= 0.3.6 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2026-5753MEDIUMAll-in-One WP Migration Unlimited Extension <= 2.83 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Backup Schedule Creation and Backup File DownloadEPSS 0.3%CVE-2025-2506MEDIUMWhen pglogical attempts to replicate data, it does not verify it is using a replication connection, which means a user with CONNECT access tEPSS 0.3%CVE-2026-0727MEDIUMAccordion and Accordion Slider <= 1.4.5 - Missing Authorization to Authenticated (Contributor+) Attachment Metadata ModificationEPSS 0.3%CVE-2026-42436MEDIUMOpenClaw < 2026.4.14 - Internal Page Content Exposure via Browser Snapshot and Screenshot RoutesEPSS 0.3%CVE-2025-10040HIGHWP Import – Ultimate CSV XML Importer for WordPress <= 7.27 - Missing Authorization to Authenticated (Subscriber+) FTP/SFTP Credential ExposureEPSS 0.3%CVE-2026-35175HIGHAjenti has an authorization bypass during custom package installationEPSS 0.3%CVE-2026-24560MEDIUMWordPress Cloudinary plugin <= 3.3.2 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2025-32296MEDIUMWordPress Simple Link Directory Pro plugin < 14.8.1 - Broken Access Control VulnerabilityEPSS 0.3%