Fallos del tipo CWE-862
7018 resultadosCVE-2024-34690MEDIUMMissing Authorization check in SAP Student Life Cycle Management (SLcM)EPSS 0.2%CVE-2024-13747MEDIUMWooMail - WooCommerce Email Customizer <= 3.0.34 - Authenticated (Subscriber+) Missing Authorization to SQL InjectionEPSS 0.2%CVE-2026-15026MEDIUMImport and export users and customers <= 2.4.0 - Missing Authorization to Authenticated (Subscriber+) Sensitive Information Exposure via email_template_selected AJAX ActionEPSS 0.2%CVE-2026-2899MEDIUMFluent Forms Pro Add On Pack <= 6.1.17 - Missing Authorization to Unauthenticated Arbitrary Attachment DeletionEPSS 0.2%CVE-2026-57661MEDIUMWordPress WPComplete plugin <= 2.9.5.5 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2026-32389MEDIUMWordPress NanoCare theme < 1.2.2 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2026-11600MEDIUMEnvo's Templates & Widgets for Elementor and WooCommerce <= 1.4.26 - Missing Authorization to Authenticated (Author+) Private Content Disclosure via Envo Tabs Widget 'templates' SettingEPSS 0.2%CVE-2026-27366HIGHWordPress MainWP Child plugin <= 6.1.1 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2026-3897MEDIUMLivemesh Addons for Beaver Builder <= 3.9.2 - Authenticated (Subscriber+) Stored Cross-Site Scripting via Missing AuthorizationEPSS 0.2%CVE-2026-12557MEDIUMNinja Forms - File Uploads <= 3.3.29 - Missing Authorization to Unauthenticated Log Disclosure and Deletion via debug-log/delete-all and debug-log/get-all REST EndpointsEPSS 0.2%CVE-2026-25531MEDIUMKanboard TaskCreationController::duplicateProjects() endpoint does not validate user permissions for target projectsEPSS 0.2%CVE-2026-57498CRITICALCoolify Cross-Team IDOR: Livewire Components Accept Unscoped server_id and destination_uuid — Deploy to Other Teams' ServersEPSS 0.2%CVE-2026-3896MEDIUMLivemesh SiteOrigin Widgets <= 3.9.2 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site ScriptingEPSS 0.2%CVE-2026-48969MEDIUMWordPress Really Simple SSL plugin <= 9.5.9 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2025-67574MEDIUMWordPress Booking calendar, Appointment Booking System plugin <= 3.2.30 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2025-53288MEDIUMWordPress PlatiOnline Payments plugin <= 7.0.0 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2025-67578MEDIUMWordPress WP Email Capture plugin <= 3.12.4 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2025-63023MEDIUMWordPress Payment Gateway for PayPal on WooCommerce plugin <= 9.0.53 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2026-21865MEDIUMDiscourse topic conversion permission vulnerability for moderatorsEPSS 0.2%CVE-2025-67569MEDIUMWordPress AdForest theme <= 6.0.11 - Broken Access Control vulnerabilityEPSS 0.2%