Fallos del tipo CWE-862
6960 resultadosCVE-2025-64255LOWWordPress Admin and Site Enhancements (ASE) plugin <= 8.0.8 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2025-49997MEDIUMWordPress Giveaways and Contests by RafflePress plugin <= 1.12.18 - Broken Access Control + CSRF VulnerabilityEPSS 0.3%CVE-2024-43214MEDIUMWordPress myCred plugin <= 2.7.2 - Sensitive Data Exposure vulnerabilityEPSS 0.3%CVE-2025-49989MEDIUMWordPress App Builder plugin <= 5.5.6 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2025-63056MEDIUMWordPress Contact Form by BestWebSoft plugin <= 4.3.6 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2025-48155MEDIUMWordPress Residential Address Detection plugin <= 2.5.9 - Broken Access Control VulnerabilityEPSS 0.3%CVE-2022-2405MEDIUMWP Popup Builder < 1.3.0 - Subscriber+ Arbitrary Popup DeletionEPSS 0.3%CVE-2026-24560MEDIUMWordPress Cloudinary plugin <= 3.3.2 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2026-24587MEDIUMWordPress AJAX Hits Counter + Popular Posts Widget plugin <= 0.10.210305 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2026-24595MEDIUMWordPress Zoho CRM Lead Magnet plugin <= 1.8.1.9 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2025-48166MEDIUMWordPress Stop and Block bots plugin Anti bots <= 1.48 - Broken Access Control VulnerabilityEPSS 0.3%CVE-2026-26742HIGHPX4 Autopilot versions 1.12.x through 1.15.x contain a protection mechanism failure in the "Re-arm Grace Period" logic. The system incorrectEPSS 0.3%CVE-2025-31071MEDIUMWordPress HotStar – Multi-Purpose Business Theme <= 1.4 - Broken Access Control VulnerabilityEPSS 0.3%CVE-2025-13921MEDIUMweDocs <= 2.1.16 - Missing Authorization to Authenticated (Subscriber+) Documentation Post UpdateEPSS 0.3%CVE-2025-41765CRITICALUnchecked role in wwwupload.cgiEPSS 0.3%CVE-2025-3687MEDIUMmisstt123 oasys Sticky Notes cross-site request forgeryEPSS 0.3%CVE-2026-24561MEDIUMWordPress FluentBoards plugin <= 1.91.1 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2025-53986MEDIUMWordPress Hestia theme <= 3.2.10 - Broken Access Control VulnerabilityEPSS 0.3%CVE-2025-12202MEDIUMajayrandhawa User-Management-PHP-MYSQL web cross-site request forgeryEPSS 0.3%CVE-2026-27708HIGHFOSSBilling: IDOR in Servicecustom Client API allows cross-client data accessEPSS 0.3%