Fallos del tipo CWE-862
7018 resultadosCVE-2026-28193HIGHIn JetBrains YouTrack before 2025.3.121962 apps were able to send requests to the app permissions endpointEPSS 0.2%CVE-2026-45442MEDIUMWordPress Presto Player plugin <= 4.1.3 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2026-8614MEDIUMAssistio <= 1.1.2 - Missing Authorization to Authenticated (Subscriber+) Plugin Settings Deletion via assistio_plugin_delete_assistio_settings AJAX ActionEPSS 0.2%CVE-2025-15327MEDIUMTanium addressed an improper access controls vulnerability in Deploy.EPSS 0.2%CVE-2025-69297HIGHWordPress Aardvark Plugin plugin <= 2.19 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2025-15326MEDIUMTanium addressed an improper access controls vulnerability in Patch.EPSS 0.2%CVE-2026-47352MEDIUMTYPO3 CMS - Broken Access Control in Backend APIEPSS 0.2%CVE-2025-4047MEDIUMBroken Link Checker <= 2.4.4 - Missing Autorization to Authenticated (Subscriber+) Plugin Status Dashboard ViewEPSS 0.2%CVE-2025-55038HIGHAutomationDirect CLICK PLUS Missing AuthorizationEPSS 0.2%CVE-2025-10732MEDIUMSureForms – Drag and Drop Form Builder for WordPress <= 1.12.1 - Missing Authorization to Authenticated (Contributor+) Information DisclosureEPSS 0.2%CVE-2025-52818HIGHWordPress Trusty Whistleblowing plugin <= 2.0.1 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2025-58210MEDIUMWordPress Makeaholic Theme <= 1.8.5 - Broken Access Control VulnerabilityEPSS 0.2%CVE-2025-68850HIGHWordPress Sell Downloads plugin <= 1.1.12 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2026-49065HIGHWordPress Hippoo Mobile App for WooCommerce plugin <= 1.9.5 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2026-42174MEDIUMKirby: User avatar creation, replacement and deletion are not gated by user update permissionsEPSS 0.2%CVE-2025-12356MEDIUMTickera – WordPress Event Ticketing <= 3.5.6.4 - Missing Authorization to Authenticated (Subscriber+) Event/Post Status UpdateEPSS 0.2%CVE-2025-66070HIGHWordPress wpForo Forum plugin <= 2.4.10 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2025-4202MEDIUMMulticollab: Content Team Collaboration and Editorial Workflow <= 5.2 - Missing Authorization to Authenticated (Subscriber+) Collaboration CommentEPSS 0.2%CVE-2025-68036HIGHWordPress CubeWP plugin <= 1.1.27 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2024-13335MEDIUMSastra Essential Addons for Elementor – Free Elementor Addons, Widgets and Templates <= 1.0.14 - Missing Authorization to Spexo Theme InstallEPSS 0.2%