Fallos del tipo CWE-862
6789 resultadosCVE-2024-1862HIGHWooCommerce Add to Cart Custom Redirect <= 1.2.13 - Authenticated(Contributor+) Missing Authorization to Limited Arbitrary Options UpdateEPSS 0.7%CVE-2022-24190HIGHThe /device/acceptBind end-point for Ourphoto App version 1.4.1 does not require authentication or authorization. The user_token header is nEPSS 0.7%CVE-2021-4350HIGHFrontend File Manager <= 18.2 - Unauthenticated HTML Injection leading to Spam EmailsEPSS 0.7%CVE-2022-2108MEDIUMWbcom Designs – BuddyPress Group Reviews <= 2.8.3 - Unauthorized AJAX Actions due to Nonce BypassEPSS 0.7%CVE-2025-6187CRITICALbSecure 1.3.7 - 1.7.9 - Missing Authorization to Unauthenticated Privilege Escalation via order_info REST EndpointEPSS 0.7%CVE-2023-2434LOWNested Pages <= 3.2.3 - Missing Authorization to Authenticated (Editor+) Plugin Settings ResetEPSS 0.7%CVE-2023-40362MEDIUMAn issue was discovered in CentralSquare Click2Gov Building Permit before October 2023. Lack of access control protections allows remote attEPSS 0.7%CVE-2022-0726MEDIUMMissing Authorization in chocobozzz/peertubeEPSS 0.7%CVE-2024-11104HIGHSky Addons for Elementor (Free Templates Library, Live Copy, Animations, Post Grid, Post Carousel, Particles, Sliders, Chart, Blogs) <= 2.6.2 - Missing Authorization to Authenticated (Subscriber+) Limited Arbitrary Options UpdateEPSS 0.7%CVE-2022-32769MEDIUMMultiple authentication bypass vulnerabilities exist in the objects id handling functionality of WWBN AVideo 11.6 and dev master commit 3f7cEPSS 0.7%CVE-2022-4555MEDIUMWP Shamsi <= 4.1.0 - Missing Authorization to Arbitrary Plugin DeactivationEPSS 0.7%CVE-2022-4169MEDIUMTheme and plugin translation for Polylang <= 3.2.16 - Missing AuthorizationEPSS 0.7%CVE-2022-43421MEDIUMA missing permission check in Jenkins Tuleap Git Branch Source Plugin 3.2.4 and earlier allows unauthenticated attackers to trigger Tuleap pEPSS 0.7%CVE-2022-0178MEDIUMMissing Authorization in snipe/snipe-itEPSS 0.7%CVE-2021-4371MEDIUMWP Quick FrontEnd Editor <= 5.5 - Authenticated Settings ChangeEPSS 0.7%CVE-2021-43781MEDIUMPermissions not properly checked in Invenio-Drafts-ResourcesEPSS 0.7%CVE-2022-36024HIGHBots using py-cord as discord api wrapper are vulnerable to shutdowns through remote code executionEPSS 0.7%CVE-2023-24436MEDIUMA missing permission check in Jenkins GitHub Pull Request Builder Plugin 1.42.2 and earlier allows attackers with Overall/Read permission toEPSS 0.7%CVE-2021-4348HIGHUltimate GDPR & CCPA <= 2.4 - Unauthenticated Settings Import & ExportEPSS 0.7%CVE-2022-3920MEDIUMConsul Peering Imported Nodes/Services LeakEPSS 0.7%