Fallos del tipo CWE-862

7019 resultados
CVE-2023-52217MEDIUMWordPress WooCommerce Conversion Tracking plugin <= 2.0.11 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2025-31877MEDIUMWordPress RestroPress plugin <= 3.2.8 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2026-1054MEDIUMRegistrationMagic <= 6.0.7.4 - Missing Authorization to Unauthenticated Arbitrary Settings ModificationEPSS 0.2%CVE-2026-42677HIGHWordPress WP Document Revisions plugin <= 3.8.1 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2025-24096MEDIUMThis issue was addressed through improved state management. This issue is fixed in macOS Sequoia 15.3. A malicious app may be able to accessEPSS 0.2%CVE-2025-14173MEDIUMPerfit WooCommerce <= 1.0.1 - Missing Authorization to Unauthenticated Arbitrary Plugin Settings DeletionEPSS 0.2%CVE-2026-12435MEDIUMMotors <= 1.4.111 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Meta Modification via 'stm_mark_as_sold_car' ParameterEPSS 0.2%CVE-2025-31886MEDIUMWordPress Social proof testimonials and reviews by Repuso plugin <= 5.21 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2026-12134MEDIUMJoomSport <= 5.7.8 - Authenticated (Subscriber+) Missing Authorization to Arbitrary Group Creation/Modification via season_groupedit AJAX actionEPSS 0.2%CVE-2026-24592MEDIUMWordPress Auto Affiliate Links plugin <= 6.8.8.3 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2025-12898MEDIUMPretty Google Calendar <= 2.0.0 - Missing Authorization to Unauthenticated Google API Key ExposureEPSS 0.2%CVE-2026-44734MEDIUMOpenProject: Improper Access Control on OpenProject through the POST request to /projects/[PROJECT_NAME]/cost_reports/[REPORT_ID]/renameEPSS 0.2%CVE-2026-57949HIGHruoyi-vue-pro - Missing Authorization in CRM Follow-up Record GET EndpointEPSS 0.2%CVE-2026-49821HIGHFission: Cross-namespace Environment reference in Package allows build-time command execution and SA token exfiltrationEPSS 0.2%CVE-2026-39655MEDIUMWordPress Mayosis Core plugin <= 5.4.7 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2026-2720MEDIUMHr Press Lite <= 1.0.2 - Missing Authorization to Authenticated (Subscriber+) Sensitive Employee Information ExposureEPSS 0.2%CVE-2026-56668HIGHZITADEL: Unauthorized Token Privilege Escalation in OAuth2 Token ExchangeEPSS 0.2%CVE-2025-58795MEDIUMWordPress Payoneer Checkout Plugin <= 3.4.0 - Content Spoofing VulnerabilityEPSS 0.2%CVE-2026-43572MEDIUMOpenClaw 2026.4.10 < 2026.4.14 - Missing Sender Authorization in Microsoft Teams SSO Invoke HandlerEPSS 0.2%CVE-2024-13424MEDIUMNi Sales Commission For WooCommerce <= 1.2.4 - Missing Authorization to Authenticated (Subscriber+) Commission UpdateEPSS 0.2%