Fallos del tipo CWE-862
7071 resultadosCVE-2025-9549MEDIUMFacets - Moderately critical - Information Disclosure - SA-CONTRIB-2025-099EPSS 0.2%CVE-2025-68577MEDIUMWordPress Virusdie plugin <= 1.1.6 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2025-68588MEDIUMWordPress TS Poll plugin <= 2.5.5 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2026-25460MEDIUMWordPress Ave Core plugin <= 2.9.1 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2025-64192MEDIUMWordPress XStore theme < 9.6 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2025-7782HIGHWP JobHunt <= 7.7 - Missing Authorization to Authenticated (Candidate+) Stored Cross-Site Scripting via 'status'EPSS 0.2%CVE-2025-13391MEDIUMProduct Options and Price Calculation Formulas for WooCommerce – Uni CPO (Premium) <= 4.9.60 - Missing Authorization to Unauthenticated Arbitrary Attachment and Dropbox File DeletionEPSS 0.2%CVE-2026-28071MEDIUMWordPress pixfort Core plugin <= 3.2.22 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2025-15565MEDIUMNexi XPay <= 8.3.0 - Missing Authorization to Unauthenticated Order Status ModificationEPSS 0.2%CVE-2025-68587MEDIUMWordPress Watu Quiz plugin <= 3.4.5 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2025-11975MEDIUMFuseWP – WordPress User Sync to Email List & Marketing Automation (Mailchimp, Constant Contact, ActiveCampaign etc.) <= 1.1.23.0 - Missing Authorization to Authenticated (Subscriber+) Sync Rule CreationEPSS 0.2%CVE-2026-42640MEDIUMWordPress Classified Listing plugin <= 5.3.8 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2025-68521MEDIUMWordPress WpStream plugin <= 4.9.5 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2025-15466MEDIUMImage Photo Gallery Final Tiles Grid <= 3.6.9 - Missing Authorization to Authenticated (Contributor+) Arbitrary Gallery ManagementEPSS 0.2%CVE-2025-42914LOWMissing Authorization check in SAP HCM (My Timesheet Fiori 2.0 application)EPSS 0.2%CVE-2026-40722MEDIUMWordPress Yoast SEO Premium plugin <= 26.6 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2025-22178MEDIUMJira Align is vulnerable to an authorization issue. A low-privilege user can access unexpected endpoints that disclose a small amount of senEPSS 0.2%CVE-2025-7828MEDIUMWP Filter & Combine RSS Feeds <= 0.4 - Missing Authorization to Authenticated (Contributor+) Feed DeletionEPSS 0.2%CVE-2025-7827MEDIUMNi WooCommerce Customer Product Report <= 1.2.4 - Missing Authorization to Authenticated (Subscriber+) Settings UpdateEPSS 0.2%CVE-2025-15043MEDIUMThe Events Calendar <= 6.15.13 - Missing Authorization to Authenticated (Subscriber+) Data Migration ControlEPSS 0.2%