Fallos del tipo CWE-862

7039 resultados
CVE-2026-24939MEDIUMWordPress Modula Image Gallery plugin <= 2.13.6 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2026-24544MEDIUMWordPress HD Quiz plugin <= 2.0.9 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2026-24541MEDIUMWordPress Download After Email plugin <= 2.1.9 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2026-30920HIGHOneUptime has broken access control in GitHub App installation flow that allows unauthorized project bindingEPSS 0.2%CVE-2026-12955MEDIUMCookie Banner for GDPR / CCPA <= 4.3.6 - Missing Authorization to Authenticated (Subscriber+) Scan Schedule Modification via gcc_save_schedule_scan AJAX ActionEPSS 0.2%CVE-2026-57334MEDIUMWordPress WP User Frontend plugin <= 4.3.7 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2025-13643LOWMongoDB Server may allow queries to be terminated by unauthorized usersEPSS 0.2%CVE-2026-9235MEDIUMDHL eCommerce (Benelux) for WooCommerce <= 2.2.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Shipping Label Creation and Deletion via dhlpwc_label_create and dhlpwc_label_delete AJAX ActionsEPSS 0.2%CVE-2026-57339MEDIUMWordPress Business Directory plugin <= 6.4.23 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2026-12471MEDIUMSpexo <= 2.0.11 - Missing Authorization to Authenticated (Subscriber+) Limited Plugin ActivationEPSS 0.2%CVE-2026-42671MEDIUMWordPress GeoDirectory plugin <= 2.8.157 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2025-53910MEDIUMUnauthorized Channel Subscription Edit in Mattermost Confluence PluginEPSS 0.2%CVE-2023-20955HIGHIn onPrepareOptionsMenu of AppInfoDashboardFragment.java, there is a possible way to bypass admin restrictions and uninstall applications foEPSS 0.2%CVE-2025-3701MEDIUMWordPress Malcure Malware Scanner plugin <= 16.8 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2026-54190MEDIUMWordPress Envira Photo Gallery plugin <= 1.12.5 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2026-3072MEDIUMMedia Library Assistant <= 3.33 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Attachment Taxonomy ModificationEPSS 0.2%CVE-2026-5296MEDIUMMissing Authorization in GitLabEPSS 0.2%CVE-2025-12579MEDIUMReuters Direct <= 3.0.0 - Missing Authorization to Unauthenticated Settings ResetEPSS 0.2%CVE-2026-57812MEDIUMWordPress Simply Schedule Appointments plugin <= 1.6.12.4 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2026-9240MEDIUMColissimo Officiel : Méthodes de livraison pour WooCommerce <= 2.9.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Order Shipment Modification via lpc_order_affect AJAX actionEPSS 0.2%