Fallos del tipo CWE-862
6960 resultadosCVE-2026-25396HIGHWordPress Commerce Coinbase For WooCommerce plugin <= 1.6.6 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2025-11029MEDIUMgivanz Vvveb cross-site request forgeryEPSS 0.3%CVE-2026-31921HIGHWordPress Product Rearrange for WooCommerce plugin <= 1.2.2 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2026-1640MEDIUMTaskbuilder <= 5.0.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Project/Task Comment CreationEPSS 0.3%CVE-2024-10536MEDIUMFancyPost – Best Ultimate Post Block, Post Grid, Layouts, Carousel, Slider For Gutenberg & Elementor <= 6.0.0 - Missing Authorization to Authenticated (Subscriber+) Shortcode ExportEPSS 0.3%CVE-2023-51680MEDIUMWordPress Quotes for WooCommerce plugin <= 2.0.1 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2025-69063HIGHWordPress New User Approve plugin <= 3.2.0 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2025-27437MEDIUMMissing Authorization check in SAP NetWeaver Application Server ABAP (Virus Scan Interface)EPSS 0.3%CVE-2025-67624MEDIUMWordPress Optimize More! – Images plugin <= 1.1.3 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2026-56423CRITICALMISP Core: Broken access control allows instance-wide unauthorized deletion of event reports and sharing groups via bulk deletion endpointsEPSS 0.3%CVE-2026-1930MEDIUMEmailchef <= 3.5.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Settings DeletionEPSS 0.3%CVE-2026-47120HIGHNezha Monitoring: RoleMember can fire other users' cron tasks via AlertRule.FailTriggerTasks (no ownership check)EPSS 0.3%CVE-2025-13528MEDIUMFeedback Modal for Website <= 1.0.1 - Missing Authorization to Unauthenticated Arbitrary Feedback Data Exfiltration via 'export_data' ParameterEPSS 0.3%CVE-2025-14078MEDIUMPAYGENT for WooCommerce <= 2.4.6 - Missing Authorization to Unauthenticated Payment Callback ManipulationEPSS 0.3%CVE-2026-32126HIGHOpenEMR: Inverted ACL Condition in CDR ControllerRouter Allows Any Authenticated User to Modify/Delete Clinical Rules and PlansEPSS 0.3%CVE-2026-22343HIGHWordPress WordPress Dating Theme theme <= 11.2.0 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2025-14428MEDIUMMy Sticky Elements <= 2.3.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Bulk Lead DeletionEPSS 0.3%CVE-2025-0068MEDIUMMissing Authorization check in Remote Function Call (RFC) in SAP NetWeaver Application Server ABAPEPSS 0.3%CVE-2026-28070MEDIUMWordPress WP eMember plugin <= v10.2.2 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2025-39583HIGHWordPress BERTHA AI plugin <= 1.12.10.2 - Arbitrary Content Deletion VulnerabilityEPSS 0.3%