Fallos del tipo CWE-862
6795 resultadosCVE-2023-33252—iden3 snarkjs through 0.6.11 allows double spending because there is no validation that the publicSignals length is less than the field moduEPSS 0.6%CVE-2025-30861MEDIUMWordPress Five Star Restaurant Reservations plugin <= 2.6.29 - Broken Access Control vulnerabilityEPSS 0.6%CVE-2023-43846MEDIUMIncorrect access control in logs management function of web interface in Aten PE6208 2.3.228 and 2.4.232 allows remote attackers to get the EPSS 0.6%CVE-2024-54268MEDIUMWordPress SiteOrigin Widgets Bundle plugin <= 1.64.0 - Broken Access Control vulnerabilityEPSS 0.6%CVE-2023-6554MEDIUMMissing authorisation in TCExamEPSS 0.6%CVE-2022-46795MEDIUMWordPress Print Invoice & Delivery Notes for WooCommerce plugin <= 4.7.2 - CSRF Plugin Settings Reset vulnerabilityEPSS 0.6%CVE-2021-25014—Ibtana < 1.1.4.9 - Subscriber+ Settings Update to Stored XSSEPSS 0.6%CVE-2023-35046MEDIUMWordPress Dynamic Visibility for Elementor plugin <= 5.0.5 - Broken Access Control vulnerabilityEPSS 0.6%CVE-2024-1995MEDIUMSmart Custom Fields <= 4.2.2 - Missing Authorization to Authenticated (Subscriber+) Post Content DisclosureEPSS 0.6%CVE-2024-54402MEDIUMWordPress Arabic Webfonts plugin <= 1.4.6 - Broken Access Control vulnerabilityEPSS 0.6%CVE-2024-1169HIGHPost Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC) <= 2.8.7 - Missing Authorization to Unauthenticated Media UploadEPSS 0.6%CVE-2026-24042CRITICALAppsmith public apps can execute unpublished actions (viewMode confusion)EPSS 0.6%CVE-2023-32581MEDIUMWordPress WP-Chatbot for Messenger plugin <= 4.7 - Broken Access ControlEPSS 0.6%CVE-2024-0385MEDIUMCategorify <= 1.0.7.4 - Missing Authorization in categorifyAjaxAddCategoryEPSS 0.6%CVE-2026-4326HIGHVertex Addons for Elementor <= 1.6.4 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Installation and Activation via 'afeb_activate_required_plugins'EPSS 0.6%CVE-2026-6235CRITICALSendmachine for WordPress <= 1.0.20 - Unauthenticated SMTP Hijack to Privilege Escalation via manage_admin_requestsEPSS 0.6%CVE-2025-1214MEDIUMpihome-shc PiHome Role-Based Access Control user_accounts.php authorizationEPSS 0.6%CVE-2023-35875MEDIUMWordPress Gutenverse – Gutenberg Blocks – Page Builder for Site Editor plugin <= 1.8.5 - Broken Access Control vulnerabilityEPSS 0.6%CVE-2023-1026MEDIUMWP Meta SEO <= 4.5.3 - Missing Authorization in 'listPostsCategory'EPSS 0.6%CVE-2023-0717MEDIUMWicked Folders <= 2.18.16 - Missing Authorization via ajax_delete_folderEPSS 0.6%