Fallos del tipo CWE-862

6840 resultados
CVE-2023-41671MEDIUMWordPress Abandoned Cart Lite for WooCommerce plugin <= 5.16.1 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.4%CVE-2025-59475MEDIUMJenkins 2.527 and earlier, LTS 2.516.2 and earlier does not perform a permission check for the authenticated user profile dropdown menu, allEPSS 0.4%CVE-2024-10591HIGHMWB HubSpot for WooCommerce – CRM, Abandoned Cart, Email Marketing, Marketing Automation & Analytics <= 1.5.9 - Missing Authorization to Authenticated (Contributor+) Arbitrary Options UpdateEPSS 0.4%CVE-2023-49851MEDIUMWordPress Square Thumbnails plugin <= 1.1.1 - Broken Access Control + CSRF vulnerabilityEPSS 0.4%CVE-2023-49755MEDIUMWordPress Elementor Timeline Widget plugin <= 2.2 - Notice Dismissal VulnerabilityEPSS 0.4%CVE-2023-30522MEDIUMA missing permission check in Jenkins Fogbugz Plugin 2.2.17 and earlier allows attackers with Item/Read permission to trigger builds of jobsEPSS 0.4%CVE-2023-49193MEDIUMWordPress Grow Social plugin <= 1.30.0 - Broken Access Control vulnerabilityEPSS 0.4%CVE-2023-48287MEDIUMWordPress TextMe SMS plugin <= 1.9.0 - Broken Access Control vulnerabilityEPSS 0.4%CVE-2025-13342CRITICALFrontend Admin by DynamiApps <= 3.28.20 - Unauthenticated Arbitrary Options UpdateEPSS 0.4%CVE-2024-55997MEDIUMWordPress Order Delivery & Pickup Location Date Time plugin <= 1.1.0 - Settings Change vulnerabilityEPSS 0.4%CVE-2025-30830MEDIUMWordPress Cool Author Box plugin <= 2.9.9 - Broken Access Control vulnerabilityEPSS 0.4%CVE-2026-9011HIGHDitty <= 3.1.65 - Missing Authorization to Unauthenticated Sensitive Information Disclosure via ditty_init AJAX ActionEPSS 0.4%CVE-2024-43962MEDIUMWordPress LWS Affiliation plugin <= 2.3.4 - Broken Access Control vulnerabilityEPSS 0.4%CVE-2023-2233LOWMissing Authorization in GitLabEPSS 0.4%CVE-2025-8059CRITICALB Blocks <= 2.0.6 - Missing Authorization to Unauthenticated Privilege Escalation via rgfr_registration FunctionEPSS 0.4%CVE-2023-35164MEDIUMUnauthorized users can manipulate a dashboard created by an administrator in DataEaseEPSS 0.4%CVE-2024-3233MEDIUMIvory Search – WordPress Search Plugin <= 5.5.5 - Missing Authorization to Authenticated (Subscriber+) Index CreationEPSS 0.4%CVE-2024-33942MEDIUMWordPress Google Typography plugin <= 1.1.2 - Broken Access Control vulnerabilityEPSS 0.4%CVE-2026-6145MEDIUMUser Registration & Membership <= 5.1.5 - Unauthenticated Missing Authorization to Admin Approval Bypass via 'action' ParameterEPSS 0.4%CVE-2025-2407CRITICALMissing Authentication & Authorization in Web-API allows adversary unrestricted accessEPSS 0.4%