Fallos del tipo CWE-862
7035 resultadosCVE-2025-12372MEDIUMThe Permalinks Cascade <= 2.2 - Missing Authorization To Authenticated (Subscriber+) Plugin Settings UpdateEPSS 0.2%CVE-2025-62964MEDIUMWordPress MDTF plugin <= 1.3.6 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2024-58101HIGHSamsung Galaxy Buds and Galaxy Buds 2 audio devices are Bluetooth pairable by default without user input nor a way to stop this mode. As a cEPSS 0.2%CVE-2025-12170MEDIUMCheckbox <= 2.8.10 - Missing Authorization to Unauthenticated Log ClearingEPSS 0.2%CVE-2025-69016MEDIUMWordPress Shortcodes and extra features for Phlox theme plugin <= 2.17.15 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2026-24545MEDIUMWordPress QR Redirector plugin <= 2.0.3 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2026-59709MEDIUMGhostfolio - Unauthorized Portfolio Holding Tag Modification via Missing Permission CheckEPSS 0.2%CVE-2026-24527MEDIUMWordPress Autoship Cloud for WooCommerce Subscription Products plugin <= 2.14.0 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2026-2608MEDIUMGutenberg Blocks by Kadence Blocks <= 3.5.32 - Missing AuthorizationEPSS 0.2%CVE-2025-8505MEDIUM495300897 wx-shop cross-site request forgeryEPSS 0.2%CVE-2026-3226MEDIUMLearnPress <= 4.3.2.8 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Email Notification TriggeringEPSS 0.2%CVE-2026-58373MEDIUMCVAT < 2.69.0 - Missing Authorization on Quality Reports parent_id Filter Leaks Cross-Organization Report ExistenceEPSS 0.2%CVE-2026-6372HIGHWordPress Accept Cryptocurrencies with Plisio plugin <= 2.0.5 - Payment Bypass vulnerabilityEPSS 0.2%CVE-2025-1326MEDIUMHomey - Booking and Rentals WordPress Theme <= 2.4.4 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Reservation & Post DeletionEPSS 0.2%CVE-2026-35662MEDIUMOpenClaw < 2026.3.22 - Missing controlScope Enforcement in Send ActionEPSS 0.2%CVE-2025-62970MEDIUMWordPress Link Whisper Free plugin <= 0.9.2 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2025-14441MEDIUMPopupkit <= 2.2.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Subscriber Data DeletionEPSS 0.2%CVE-2025-42911MEDIUMMissing Authorization check in SAP NetWeaver (Service Data Download)EPSS 0.2%CVE-2026-27055MEDIUMWordPress Penci AI SmartContent Creator plugin <= 2.0 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2026-55476MEDIUMSnipe-IT: Unauthorized Asset Request Cancellation via Unguarded cancel_by_admin ParameterEPSS 0.2%