Fallos del tipo CWE-862

6816 resultados
CVE-2022-20572MEDIUMIn verity_target of dm-verity-target.c, there is a possible way to modify read-only files due to a missing permission check. This could leadEPSS 0.5%CVE-2024-43162MEDIUMWordPress Easy Digital Downloads plugin <= 3.2.12 - Broken Access Control vulnerabilityEPSS 0.5%CVE-2024-43925MEDIUMWordPress Envira Gallery Lite plugin <= 1.8.14 - Broken Access Control vulnerabilityEPSS 0.5%CVE-2023-2414MEDIUMOnline Booking & Scheduling Calendar for WordPress by vcita <= 4.4.6 - Missing Authorization to Settings Update and Arbitrary File UploadEPSS 0.5%CVE-2026-33638MEDIUMEch0 authenticated user-list exposed data via public `/api/allusers` endpointEPSS 0.5%CVE-2024-5130HIGHIncorrect Authorization in lunary-ai/lunaryEPSS 0.5%CVE-2026-3098MEDIUMSmart Slider 3 <= 3.5.1.33 - Authenticated (Subscriber+) Arbitrary File Read via actionExportAllEPSS 0.5%CVE-2023-4943MEDIUMBEAR <= 1.1.3.3 - Missing Authorization to Product ManipulationEPSS 0.5%CVE-2020-36667MEDIUMJetBackup – WP Backup, Migrate & Restore <= 1.4.1 - Missing Authorization to Unauthorized Backup Location ChangeEPSS 0.5%CVE-2024-12171HIGHELEX WordPress HelpDesk & Customer Ticketing System <= 3.2.6 - Missing Authorization to Authenticated (Subscriber+) Privilege EscalationEPSS 0.5%CVE-2024-38777MEDIUMWordPress Titan Anti-spam & Security plugin <= 7.3.6 - Broken Access Control vulnerabilityEPSS 0.5%CVE-2024-30487HIGHWordPress MP3 Audio Player for Music, Radio & Podcast by Sonaar plugin <= 5.1 - Broken Access Control vulnerabilityEPSS 0.5%CVE-2024-40852HIGHThis issue was addressed by restricting options offered on a locked device. This issue is fixed in iOS 18 and iPadOS 18. An attacker may be EPSS 0.5%CVE-2023-35052MEDIUMWordPress Directorist plugin <= 7.5.4 - Arbitrary Content Deletion vulnerabilityEPSS 0.5%CVE-2023-36504MEDIUMWordPress BBS e-Popup plugin <= 2.4.5 - Broken Access Control vulnerabilityEPSS 0.5%CVE-2024-2906MEDIUMWordPress Radio Player plugin <= 2.0.73 - Unauthenticated Broken Access Control vulnerabilityEPSS 0.5%CVE-2024-4319MEDIUMAdvanced Contact form 7 DB <= 2.0.2 - Missing Authorization to Unauthenticated Information DisclosureEPSS 0.5%CVE-2024-7032MEDIUMSmart Online Order for Clover <= 1.5.6 - Missing Authorization to Plugin Deactivation and Data DeletionEPSS 0.5%CVE-2022-41786MEDIUMWordPress WP Job Portal Plugin <= 2.0.1 is vulnerable to Broken Access ControlEPSS 0.5%CVE-2025-24618MEDIUMWordPress ElementInvader Addons for Elementor Plugin <= 1.3.1 - Broken Access Control vulnerabilityEPSS 0.5%