Fallos del tipo CWE-862

7018 resultados
CVE-2025-11051MEDIUMSourceCodester Pet Grooming Management Software cross-site request forgeryEPSS 0.2%CVE-2026-33495MEDIUMOry Oathkeeper has an authentication bypass by usage of untrusted headerEPSS 0.2%CVE-2026-5572MEDIUMTechnostrobe HI-LED-WR120-G2 cross-site request forgeryEPSS 0.2%CVE-2026-42677HIGHWordPress WP Document Revisions plugin <= 3.8.1 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2025-39367MEDIUMWordPress Kleo theme < 5.4.4 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2025-14173MEDIUMPerfit WooCommerce <= 1.0.1 - Missing Authorization to Unauthenticated Arbitrary Plugin Settings DeletionEPSS 0.2%CVE-2026-24356MEDIUMWordPress GetGenie plugin <= 4.3.0 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2025-68595MEDIUMWordPress Widgets for Social Photo Feed plugin <= 1.8 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2025-14351MEDIUMCustom Fonts – Host Your Fonts Locally <= 2.1.16 - Missing Authorization to Unauthenticated Font DeletionEPSS 0.2%CVE-2025-8682MEDIUMNewsup <= 5.0.10 - Missing Authorization to Authenticated (Subscriber+) Plugin InstallationEPSS 0.2%CVE-2025-15512MEDIUMAplazo Payment Gateway <= 1.4.3 - Missing Authorization to Unauthenticated Order Status ManipulationEPSS 0.2%CVE-2026-12435MEDIUMMotors <= 1.4.111 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Meta Modification via 'stm_mark_as_sold_car' ParameterEPSS 0.2%CVE-2026-56038HIGHWordPress Frisbii Pay plugin <= 1.8.2 - Privilege Escalation vulnerabilityEPSS 0.2%CVE-2025-31887MEDIUMWordPress MyBookProgress plugin <= 1.0.8 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2026-52711HIGHWordPress WooCommerce POS plugin <= 1.8.14 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2025-13964MEDIUMLearnPress – WordPress LMS Plugin <= 4.3.2 - Missing Authentication to Unauthenticated Course ModificationEPSS 0.2%CVE-2025-5816MEDIUMPlugin Pengiriman WooCommerce Kurir Reguler, Instan, Kargo – Biteship <= 3.2.0 - Insecure Direct Object Reference to Authenticated (Subscriber+) View Order Tracking DetailsEPSS 0.2%CVE-2026-1054MEDIUMRegistrationMagic <= 6.0.7.4 - Missing Authorization to Unauthenticated Arbitrary Settings ModificationEPSS 0.2%CVE-2026-1674MEDIUMGutena Forms – Contact Form, Survey Form, Feedback Form, Booking Form, and Custom Form Builder <= 1.6.0 - Authenticated (Contributor+) Limited Options Update in save_gutena_forms_schema()EPSS 0.2%CVE-2026-12134MEDIUMJoomSport <= 5.7.8 - Authenticated (Subscriber+) Missing Authorization to Arbitrary Group Creation/Modification via season_groupedit AJAX actionEPSS 0.2%