Fallos del tipo CWE-862
7021 resultadosCVE-2026-39668MEDIUMWordPress Book Previewer for Woocommerce plugin <= 1.0.6 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2026-0506HIGHMissing Authorization check in SAP NetWeaver Application Server ABAP and ABAP PlatformEPSS 0.2%CVE-2025-69009MEDIUMWordPress Medicalequipment theme <= 1.0.9 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2026-24967MEDIUMWordPress Amelia plugin <= 1.2.38 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2026-25333MEDIUMWordPress Shopwell theme <= 1.0.11 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2026-39669MEDIUMWordPress NitroPack plugin <= 1.19.3 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2025-12527MEDIUMPage & Post Notes <= 1.3.4 - Missing Authorization to Authenticated (Subscriber+) Note Update/DeletionEPSS 0.2%CVE-2026-25370MEDIUMWordPress WP Compress plugin <= 6.60.28 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2026-39637MEDIUMWordPress Mogi theme <= 1.2.3 - Arbitrary Shortcode Execution vulnerabilityEPSS 0.2%CVE-2026-8688MEDIUMAdvance Nav Menu Manager <= 1.3 - Missing Authorization to Authenticated (Subscriber+) Nav Menu Item Modification via anmm_save_menu_data AJAX ActionEPSS 0.2%CVE-2025-49976MEDIUMWordPress WANotifier plugin <= 2.7.12 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2025-12449MEDIUMaBlocks – WordPress Gutenberg Blocks <= 2.4.0 - Missing Authorization to Authenticated (Subscriber+) Settings ModificationEPSS 0.2%CVE-2025-14880MEDIUMNetcash WooCommerce Payment Gateway <= 4.1.3 - Missing Authorization to Unauthenticated Order Status ModificationEPSS 0.2%CVE-2025-14608MEDIUMWP Last Modified Info <= 1.9.5 - Insecure Direct Object Reference to Authenticated (Author+) Post Metadata ModificationEPSS 0.2%CVE-2025-12639MEDIUMwModes – Catalog Mode, Product Pricing, Enquiry Forms & Promotions | for WooCommerce <= 1.2.2 - Missing Authorization to Sensitive Information DisclosureEPSS 0.2%CVE-2025-14061MEDIUMCookie Banner, Cookie Consent, Consent Log, Cookie Scanner, Script Blocker (for GDPR, CCPA & ePrivacy) : WP Cookie Consent <= 4.0.7 - Missing Authorization to Unauthenticated Arbitrary Post DeletionEPSS 0.2%CVE-2026-41658MEDIUMAdmidio: Missing Authorization on Inventory Module Destructive Endpoints Allows Any Authenticated User to Delete ItemsEPSS 0.2%CVE-2025-12895MEDIUMKalium <= 3.29 - Missing Authorization to Unauthenticated Mail Relay via kalium_vc_contact_form_requestEPSS 0.2%CVE-2022-45813MEDIUMWordPress Advanced AJAX Product Filters plugin <= 1.6.3.3 - Broken Access Control + CSRFEPSS 0.2%CVE-2025-12900MEDIUMFileBird – WordPress Media Library Folders & File Manager <= 6.5.1 - Missing Authorization to Authenticated (Author+) Global Folders TamperingEPSS 0.2%