Fallos del tipo CWE-862

7000 resultados
CVE-2026-11359MEDIUMMemberships and User Profiles for WooCommerce <= 3.4 - Missing Authorization to Authenticated (Subscriber+) ProfileGrid Plugin Installation and ActivationEPSS 0.2%CVE-2026-39524HIGHWordPress Masteriyo - LMS plugin <= 2.1.5 - Payment Bypass vulnerabilityEPSS 0.2%CVE-2026-39503HIGHWordPress Easy Digital Downloads plugin <= 3.6.5 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2026-25876MEDIUMPlaciPy is Missing Authorization on Assessment Results EndpointEPSS 0.2%CVE-2026-23517MEDIUMFleet has an Access Control vulnerability in debug/pprof endpointsEPSS 0.2%CVE-2026-50007HIGHActual: Shared users can perform owner-only file management actionsEPSS 0.2%CVE-2025-68882HIGHWordPress Scalenut plugin <= 1.1.5 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2024-37542MEDIUMWordPress Gallery – Image and Video Gallery with Thumbnails plugin <= 2.0.3 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2025-60086HIGHWordPress WP Voting Contest plugin <= 5.8 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2026-40741HIGHWordPress Redsys for WooCommerce Light plugin <= 7.0.0 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2025-66136MEDIUMWordPress Carter for Elementor plugin <= 1.0.2 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2023-35998MEDIUMITM Server Missing Authorization in SOAP EndpointsEPSS 0.2%CVE-2025-26765MEDIUMWordPress Distance Based Shipping Calculator plugin <= 2.0.22 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2025-13358MEDIUMAccessiy By CodeConfig Accessibility <= 1.0.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Page CreationEPSS 0.2%CVE-2025-23954MEDIUMWordPress Salvador – AI Image Generator plugin <= 1.0.11 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2025-23962MEDIUMWordPress Goldstar plugin <= 2.1.1 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2025-68028MEDIUMWordPress GA4WP: Google Analytics for WordPress plugin <= 2.10.0 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2025-14047MEDIUMWP User Frontend <= 4.2.4 - Missing Authorization to Unauthenticated Arbitrary Attachment DeletionEPSS 0.2%CVE-2025-23930MEDIUMWordPress PayPal Marketing Solutions plugin <= 1.2 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2025-64148MEDIUMA missing permission check in Jenkins Publish to Bitbucket Plugin 0.4 and earlier allows attackers with Overall/Read permission to enumerateEPSS 0.2%