Fallos del tipo CWE-862

6809 resultados
CVE-2023-25014HIGHAn issue was discovered in the femanager extension before 5.5.3, 6.x before 6.3.4, and 7.x before 7.1.0 for TYPO3. Missing access checks in EPSS 0.5%CVE-2024-12259HIGHCRM WordPress Plugin – RepairBuddy <= 3.8120 - Missing Authorization to Account Takeover/Privilege EscalationEPSS 0.5%CVE-2024-35237HIGHMIT IdentiBot User-Kerberos Mapping Publicly AvailableEPSS 0.5%CVE-2024-54256HIGHWordPress Easy Blocks pro plugin <= 1.0.21 - Broken Access Control vulnerabilityEPSS 0.5%CVE-2026-3208MEDIUMMercado Pago payments for WooCommerce <= 8.7.11 - Missing Authorization to Unauthenticated PIX Payment QR Code Image DisclosureEPSS 0.5%CVE-2024-38702MEDIUMWordPress Product Delivery Date for WooCommerce – Lite plugin <= 2.7.2 - Broken Access Control vulnerabilityEPSS 0.5%CVE-2026-7761HIGHUltimate Member <= 2.11.4 - Authenticated (Contributor+) Account Takeover via Password Reset Link DisclosureEPSS 0.5%CVE-2023-27263MEDIUMIDOR: Accessing playbook runs via the Playbooks Runs APIEPSS 0.5%CVE-2025-46557HIGHAny user with view access to the XWiki space can change the authenticatorEPSS 0.5%CVE-2025-30824MEDIUMWordPress Textmetrics plugin <= 3.6.1 - Broken Access Control vulnerabilityEPSS 0.5%CVE-2023-33995MEDIUMWordPress Photo Gallery by 10Web plugin <= 1.8.15 - Broken Access Control vulnerabilityEPSS 0.5%CVE-2023-52229MEDIUMWordPress Word Replacer Pro plugin <= 1.0 - Broken Access Control vulnerabilityEPSS 0.5%CVE-2025-23763MEDIUMWordPress WAH Forms plugin <= 1.0 - Sensitive Data Exposure vulnerabilityEPSS 0.5%CVE-2024-1637MEDIUM360 Javascript Viewer <= 1.7.12 - Missing Authorization to Plugin Settings UpdateEPSS 0.5%CVE-2023-23986MEDIUMWordPress Reviews and Rating – Google My Business plugin <= 4.14 - Broken Access Control vulnerabilityEPSS 0.5%CVE-2022-31128MEDIUMFine grained permissions are not checked in TuleapEPSS 0.5%CVE-2023-25039MEDIUMWordPress Google Maps CP plugin <= 1.0.43 - Missing Authorization Leading To Feedback Submission VulnerabilityEPSS 0.5%CVE-2023-3315MEDIUMMissing permission checks in Jenkins Team Concert Plugin 2.4.1 and earlier allow attackers with Overall/Read permission to check for the exiEPSS 0.5%CVE-2024-10274MEDIUMImproper Authorization in lunary-ai/lunaryEPSS 0.5%CVE-2025-24588MEDIUMWordPress Patreon WordPress plugin <= 1.9.1 - Broken Access Control vulnerabilityEPSS 0.5%