Fallos del tipo CWE-862
7018 resultadosCVE-2024-10390MEDIUMElfsight Telegram Chat CC <= 1.1.0 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site ScriptingEPSS 0.2%CVE-2026-9616MEDIUMGenerate Security.txt <= 1.0.12 - Missing Authorization to Authenticated (Subscriber+) Security.txt Deletion via delete_securitytxt AJAX ActionEPSS 0.2%CVE-2026-49205MEDIUMphpMyFAQ: Missing userHasPermission() in 4 API write endpoints (CVE-2026-24421 Incomplete Fix)EPSS 0.2%CVE-2025-13177MEDIUMBdtask/CodeCanyon SalesERP cross-site request forgeryEPSS 0.2%CVE-2026-25375MEDIUMWordPress Image Photo Gallery Final Tiles Grid plugin <= 3.6.10 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2025-14080MEDIUMFrontend Post Submission Manager Lite <= 1.2.5 - Missing Authorization to Unauthenticated Arbitrary Post ModificationEPSS 0.2%CVE-2025-68995MEDIUMWordPress My Sticky Elements plugin <= 2.3.3 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2025-6864MEDIUMSeaCMS admin_type.php cross-site request forgeryEPSS 0.2%CVE-2025-13414MEDIUMChamber Dashboard Business Directory <= 3.3.11 - Missing Authorization to Unauthenticated Business Information ExportEPSS 0.2%CVE-2025-14029MEDIUMCommunity Events <= 1.5.6 - Missing Authorization to Unauthenticated Arbitrary Event Approval via 'eventlist' ParameterEPSS 0.2%CVE-2026-25399MEDIUMWordPress Serious Slider plugin <= 1.2.7 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2026-35063HIGHMissing Authorization in OpenPLC_V3EPSS 0.2%CVE-2026-1103MEDIUMAIKTP <= 5.0.04 - Missing Authorization to Authenticated (Subscriber+) Multiple Administrator ActionsEPSS 0.2%CVE-2025-64132MEDIUMJenkins MCP Server Plugin 0.84.v50ca_24ef83f2 and earlier does not perform permission checks in multiple MCP tools, allowing attackers to trEPSS 0.2%CVE-2026-57830HIGHJoomla Extension - joomshaper.com - Unauthenticated arbitrary file deletion < 2.2.7EPSS 0.2%CVE-2025-13354MEDIUMTag, Category, and Taxonomy Manager – AI Autotagger with OpenAI <= 3.40.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Taxonomy Term ManipulationEPSS 0.2%CVE-2025-63077MEDIUMWordPress Happy Addons for Elementor plugin <= 3.20.3 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2025-26956HIGHWordPress Traveler theme < 3.2.1 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2026-12349MEDIUMPremium Addons for KingComposer <= 1.1.1 - Missing Authorization to Unauthenticated Arbitrary Custom Sidebar Creation and Deletion via 'add_custom_sidebar' and 'remove_custom_sidebar' AJAX actionsEPSS 0.2%CVE-2025-12043MEDIUMAutochat Automatic Conversation <= 1.1.9 - Missing Authorization to Unauthenticated Settings UpdateEPSS 0.2%