Fallos del tipo CWE-862

6808 resultados
CVE-2024-2797MEDIUMMailerLite – Signup forms (official) <= 1.7.6 - Missing AuthorizationEPSS 0.5%CVE-2024-24799MEDIUMWordPress WooCommerce Box Office plugin <= 1.2.2 - Broken Access Control vulnerabilityEPSS 0.5%CVE-2024-21254HIGHVulnerability in the Oracle BI Publisher product of Oracle Analytics (component: Web Server). Supported versions that are affected are 7.0.EPSS 0.5%CVE-2023-37869MEDIUMWordPress Premium Addons PRO plugin <= 2.9.0 - Broken Access Control vulnerabilityEPSS 0.5%CVE-2023-2869MEDIUMWP-Members Membership <= 3.4.7.3 - Missing Authorization to Settings UpdateEPSS 0.5%CVE-2023-36683MEDIUMWordPress Schema Pro plugin <= 2.7.8 - Broken Access Control vulnerabilityEPSS 0.5%CVE-2023-3053MEDIUMPage Builder by AZEXO <= 1.27.133 - Missing Authorization to Post CreationEPSS 0.5%CVE-2023-33923MEDIUMBroken Access Control leading to Arbitrary Plugin Activation in multiple HashThemes themesEPSS 0.5%CVE-2022-41230MEDIUMJenkins Build-Publisher Plugin 1.22 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/ReaEPSS 0.5%CVE-2022-41233MEDIUMJenkins Rundeck Plugin 3.6.11 and earlier does not perform Run/Artifacts permission checks in multiple HTTP endpoints, allowing attackers wiEPSS 0.5%CVE-2024-6120MEDIUMSparkle Demo Importer <= 1.4.7 - Missing Authorization to Authorized(Subscriber+) Post/Pages/Attachements Deletion and Demo Data ImportEPSS 0.5%CVE-2023-25552HIGH A CWE-862: Missing Authorization vulnerability exists that could allow viewing of unauthorized content, changes or deleting of content, oEPSS 0.5%CVE-2023-33928MEDIUMWordPress WordPress Backup & Migration plugin <= 1.4.0 - Broken Access Control vulnerabilityEPSS 0.5%CVE-2023-27264HIGHIDOR: Updating a playbook via the Playbooks APIEPSS 0.5%CVE-2022-45806MEDIUMWordPress Formidable Forms plugin <= 5.5.4 - Broken Access Control vulnerabilityEPSS 0.5%CVE-2026-46414HIGHMicrosoft UFO WebSocket role spoofing allows authenticated peer task hijackingEPSS 0.5%CVE-2024-13468HIGHTrash Duplicate and 301 Redirect <= 1.9 - Missing Authorization to Unauthenticated Arbitrary Post DeletionEPSS 0.5%CVE-2023-32293MEDIUMWordPress WRC Pricing Tables plugin <= 2.3.7 - Broken Access Control vulnerabilityEPSS 0.5%CVE-2023-25014HIGHAn issue was discovered in the femanager extension before 5.5.3, 6.x before 6.3.4, and 7.x before 7.1.0 for TYPO3. Missing access checks in EPSS 0.5%CVE-2026-4024MEDIUMRoyal Addons for Elementor <= 1.7.1056 - Missing Authorization to Unauthenticated Form Action Meta ModificationEPSS 0.5%