Fallos del tipo CWE-862
6997 resultadosCVE-2025-69388MEDIUMWordPress Cliengo – Chatbot plugin <= 3.0.4 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2026-8077HIGHWeak credentials vulnerability in the CashDro 3 web administration panelEPSS 0.2%CVE-2026-2992HIGHKiviCare <= 4.1.2 - Missing Authorization to Unauthenticated Privilege Escalation via Setup WizardEPSS 0.2%CVE-2024-13358MEDIUMBuddyPress WooCommerce My Account Integration. Create WooCommerce Member Pages <= 3.4.24 - Missing Authorization to Authenticated (Subscriber+) Limited Settings UpdateEPSS 0.2%CVE-2025-60097MEDIUMWordPress TheGem Theme <= 5.10.5 - Broken Access Control VulnerabilityEPSS 0.2%CVE-2025-15369MEDIUMXpro Addons — 140+ Widgets for Elementor <= 1.5.0 - Missing Authorization to Unauthenticated Xpro Template CreationEPSS 0.2%CVE-2025-60096MEDIUMWordPress TheGem (Elementor) Theme <= 5.10.5 - Broken Access Control VulnerabilityEPSS 0.2%CVE-2026-24941HIGHWordPress WP Job Portal plugin <= 2.4.4 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2026-57521MEDIUMBitwarden Server < 2026.5.0 Broken Access Control via PreviewInvoiceControllerEPSS 0.2%CVE-2025-1780MEDIUMBuddyPress WooCommerce My Account Integration. Create WooCommerce Member Pages <= 3.4.25 - Cross-Site Request Forgery to Limited Settings UpdateEPSS 0.2%CVE-2025-12783MEDIUMPremmerce Brands for WooCommerce <= 1.2.13 - Missing Authorization To Authenticated (Subscriber+) Brand Permalink Settings UpdateEPSS 0.2%CVE-2025-53291MEDIUMWordPress Spreadconnect plugin <= 2.1.5 - Broken Access Control VulnerabilityEPSS 0.2%CVE-2025-6284MEDIUMPHPGurukul Car Rental Portal cross-site request forgeryEPSS 0.2%CVE-2025-58919MEDIUMWordPress Wide Banner plugin <= 1.0.4 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2022-3322MEDIUMLock WARP switch bypass on WARP mobile client using iOS quick actionEPSS 0.2%CVE-2025-58000MEDIUMWordPress Memberful plugin <= 1.75.0 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2026-0548MEDIUMTutor LMS – eLearning and online course solution <= 3.9.4 - Missing Authorization to Authenticated (Subscriber+) Limited Attachment DeletionEPSS 0.2%CVE-2025-3780MEDIUMWCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible <= 6.7.16 - Missing Authorization to Unauthenticated Plugin Settings ModificationEPSS 0.2%CVE-2023-40679MEDIUMWordPress Master Elementor Addons plugin <= 2.0.5.3 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2026-4100HIGHPaid Memberships Pro <= 3.6.5 - Missing Authorization to Authenticated (Subscriber+) Stripe Webhook Deletion and Payment Processing DisruptionEPSS 0.2%