Fallos del tipo CWE-862

6841 resultados
CVE-2026-6214MEDIUMForminator Forms <= 1.53.0 - Missing Authorization to Authenticated (Subscriber+) Scheduled Form Submission Export via forminator_export_entries Action on wp_loaded HookEPSS 0.4%CVE-2024-32951MEDIUMWordPress Max Addons Pro for Bricks plugin <= 1.6.1 - Unauthenticated Plugin Settings Reset vulnerabilityEPSS 0.4%CVE-2025-8898CRITICALTaxi Booking Manager for Woocommerce | E-cab <= 1.3.0 - Missing Authorization to Unauthenticated Privilege Escalation via Account TakeoverEPSS 0.4%CVE-2024-10530MEDIUMKognetiks Chatbot for WordPress <= 2.1.7 - Missing Authorization to Authenticated (Subscriber+) Assistant AdditionEPSS 0.4%CVE-2025-30416CRITICALSensitive data disclosure and manipulation due to missing authorization. The following products are affected: Acronis Cyber Protect 16 (LinuEPSS 0.4%CVE-2024-30529MEDIUMWordPress Tainacan plugin <= 0.20.7 - Broken Access Control vulnerabilityEPSS 0.4%CVE-2023-2783MEDIUMApp Framework does not checks for the secret provided in the incoming webhook requestEPSS 0.4%CVE-2023-48332MEDIUMWordPress Mail Bank – #1 Mail SMTP Plugin for WordPress plugin <= 4.0.14 - Broken Access Control vulnerabilityEPSS 0.4%CVE-2024-34378HIGHWordPress LeadConnector plugin <= 1.7 - API Broken Access Control vulnerabilityEPSS 0.4%CVE-2024-54381HIGHWordPress Advance Menu Manager plugin <= 3.1.1 - Settings Change vulnerabilityEPSS 0.4%CVE-2026-24611CRITICALWordPress MetForm Pro plugin <= 3.9.1 - Broken Access Control vulnerabilityEPSS 0.4%CVE-2024-52383HIGHWordPress Ai Auto Tool Content Writing Assistant plugin <= 2.1.2 - Broken Access Control vulnerabilityEPSS 0.4%CVE-2024-32509MEDIUMWordPress WP Cost Estimation & Payment Forms Builder plugin <= 10.1.76 - Broken Access Control vulnerabilityEPSS 0.4%CVE-2026-39386HIGHNeko has Self-service Privilege Escalation for Authenticated UsersEPSS 0.4%CVE-2026-45395HIGHOpen WebUI: Missing `workspace.tools` Authorization Check on Tool Update Endpoint Allows Privilege Escalation to Code ExecutionEPSS 0.4%CVE-2024-34820MEDIUMWordPress If-So Dynamic Content Personalization plugin <= 1.7.1 - Broken Access Control vulnerabilityEPSS 0.4%CVE-2024-31368MEDIUMWordPress Soledad theme <= 8.4.2 - Unauthenticated Broken Access Control vulnerabilityEPSS 0.4%CVE-2024-44021MEDIUMWordPress Truepush plugin <= 1.0.8 - Broken Access Control vulnerabilityEPSS 0.4%CVE-2025-6190HIGHRealty Portal – Agent <= 0.3.9 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation via rp_user_profile() FunctionEPSS 0.4%CVE-2026-3335MEDIUMCanto <= 3.1.1 - Missing Authorization to Unauthenticated File UploadEPSS 0.4%