Fallos del tipo CWE-862

6824 resultados
CVE-2023-4606HIGHAn authenticated XCC user with Read-Only permission can change a different user’s password through a crafted API command.   This affects ThEPSS 0.5%CVE-2023-27456MEDIUMWordPress Total theme <= 2.1.19 - Authenticated Arbitrary Plugin ActivationEPSS 0.5%CVE-2022-43427MEDIUMJenkins Compuware Topaz for Total Test Plugin 2.4.8 and earlier does not perform permission checks in several HTTP endpoints, allowing attacEPSS 0.5%CVE-2024-49689MEDIUMWordPress HD Quiz – Save Results Light plugin <= 0.5 - Broken Access Control vulnerabilityEPSS 0.5%CVE-2021-24890HIGHScripts Organizer < 3.0 - Unauthenticated Arbitrary File UploadEPSS 0.5%CVE-2024-43431HIGHMoodle: idor in badges allows deletion of arbitrary badgesEPSS 0.5%CVE-2024-38726HIGHWordPress Product Designer plugin <= 1.0.33 - Arbitrary Content Deletion vulnerabilityEPSS 0.5%CVE-2023-41848MEDIUMWordPress Carousel Slider plugin <= 2.2.2 - Broken Access Control vulnerabilityEPSS 0.5%CVE-2024-6180HIGHEventON <= 2.2.15 - Missing Authorization to Unauthenticated Stored Cross-Site Scripting and Plugin Settings UpdatesEPSS 0.5%CVE-2026-47100HIGHFunnel Builder for WooCommerce Checkout < 3.15.0.3 Missing Authorization via AJAXEPSS 0.5%CVE-2024-1688MEDIUMWoo Total Sales <= 3.1.4 - Missing Authorization to Unauthenticated Sales Report RetrievalEPSS 0.5%CVE-2024-37111HIGHWordPress WishList Member X plugin < 3.26.7 - Unauthenticated Denial of Service Attack vulnerabilityEPSS 0.5%CVE-2025-7664HIGHAl Pack <= 1.1.1 - Missing Authorization to Unauthenticated Premium Feature Activation via check_activate_permission FunctionEPSS 0.5%CVE-2023-27454MEDIUMWordPress Rife Elementor Extensions & Templates plugin <= 1.1.10 - Broken Access Control vulnerabilityEPSS 0.5%CVE-2024-32776MEDIUMWordPress AppPresser plugin <= 4.3.0 - Broken Access Control vulnerabilityEPSS 0.5%CVE-2023-47871MEDIUMWordPress Contact Form to Any API plugin <= 1.1.6 - Broken Access Control vulnerabilityEPSS 0.5%CVE-2024-20477MEDIUMCisco Nexus Dashboard Fabric Controller Unauthorized REST API Endpoint VulnerabilityEPSS 0.5%CVE-2024-56238MEDIUMWordPress Floating Action Buttons plugin <= 0.9.1 - Broken Access Control vulnerabilityEPSS 0.5%CVE-2025-49950HIGHWordPress Official Integration for Billingo plugin <= 4.3.0 - Privilege Escalation vulnerabilityEPSS 0.5%CVE-2025-23477HIGHWordPress Realty Workstation plugin <= 1.0.45 - Broken Access Control vulnerabilityEPSS 0.5%