Fallos del tipo CWE-862

6810 resultados
CVE-2023-2084MEDIUMEssential Blocks <= 4.0.6 - Missing Authorization via getEPSS 0.5%CVE-2024-54417MEDIUMWordPress PixProof plugin <= 2.0.1 - Broken Access Control vulnerabilityEPSS 0.5%CVE-2024-10402HIGHForminator Forms – Contact Form, Payment Form & Custom Form Builder <= 1.35.1 - Missing Authorization to Authenticated (Contributor+) Form Update and CreationEPSS 0.5%CVE-2022-46811MEDIUMWordPress ALD Dropshipping and Fulfillment for AliExpress and WooCommerce plugin <= 1.0.21 - Broken Access Control + CSRFEPSS 0.5%CVE-2022-46807MEDIUMWordPress Stock Sync for WooCommerce plugin <= 2.3.2 - Broken Access ControlEPSS 0.5%CVE-2023-4668MEDIUMAd Inserter <= 2.7.30 - Unauthenticated Sensitive Information Exposure via ai-debug-processing-feEPSS 0.5%CVE-2023-49856HIGHWordPress Smart Forms plugin <= 2.6.84 - Authenticated Arbitrary Options Change VulnerabilityEPSS 0.5%CVE-2023-49857MEDIUMWordPress Awesome Support plugin <= 6.1.7 - Broken Access Control vulnerabilityEPSS 0.5%CVE-2024-0702HIGHOliver POS – A WooCommerce Point of Sale (POS) <= 2.4.2.1 - Missing AuthorizationEPSS 0.5%CVE-2023-25766MEDIUMA missing permission check in Jenkins Azure Credentials Plugin 253.v887e0f9e898b and earlier allows attackers with Overall/Read permission tEPSS 0.5%CVE-2023-48273MEDIUMWordPress Preloader for Website plugin <= 1.2.2 - Unauthenticated Broken Access Control vulnerabilityEPSS 0.5%CVE-2023-23716MEDIUMWordPress Zendesk Support for WordPress plugin <= 1.8.4 - Broken Access Control vulnerabilityEPSS 0.5%CVE-2023-41649MEDIUMWordPress Ovic Product Bundle plugin <= 1.1.2 - Broken Access Control vulnerabilityEPSS 0.5%CVE-2024-13371MEDIUMWP Job Portal <= 2.2.6 - Missing Authorization to Unauthenticated Arbitrary Email SendingEPSS 0.5%CVE-2024-9000HIGHImproper Authorization and Duplicate Slug Vulnerability in lunary-ai/lunaryEPSS 0.5%CVE-2024-1177MEDIUMWP Club Manager – WordPress Sports Club Plugin <= 2.2.10 - Missing Authorization to Unauthenticated Event Permalink UpdateEPSS 0.5%CVE-2023-28672MEDIUMJenkins OctoPerf Load Testing Plugin Plugin 4.5.1 and earlier does not perform a permission check in a connection test HTTP endpoint, allowiEPSS 0.5%CVE-2025-23486MEDIUMWordPress Database Sync plugin <= 0.5.1 - Sensitive Data Exposure vulnerabilityEPSS 0.5%CVE-2023-47754MEDIUMWordPress Delete Duplicate Posts Plugin <= 4.8.9 is vulnerable to Broken Access ControlEPSS 0.5%CVE-2024-39824MEDIUMZoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers - Missing AuthorizationEPSS 0.5%