Falhas do tipo CWE-862
6.883 resultadosCVE-2025-31628MEDIUMWordPress Sliced Invoices plugin <= 3.10.0 - Insecure Direct Object References (IDOR) vulnerabilityEPSS 0.4%CVE-2025-31866MEDIUMWordPress ShipDepot for WooCommerce plugin <= 1.2.19 - Broken Access Control vulnerabilityEPSS 0.4%CVE-2024-11125MEDIUMGetSimpleCMS profile.php cross-site request forgeryEPSS 0.4%CVE-2024-1687MEDIUMThank You Page Customizer for WooCommerce – Increase Your Sales <= 1.1.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Shortcode ExecutionEPSS 0.4%CVE-2023-47661MEDIUMWordPress Dragfy Addons for Elementor plugin <= 1.0.2 - Broken Access Control + CSRF vulnerabilityEPSS 0.4%CVE-2024-35674MEDIUMWordPress Unlimited Elements For Elementor plugin <= 1.5.109 - Broken Access Control vulnerabilityEPSS 0.4%CVE-2024-34763MEDIUMWordPress Builder for WooCommerce reviews shortcodes – ReviewShort plugin <= 1.01.5 - Broken Access Control vulnerabilityEPSS 0.4%CVE-2026-3642MEDIUMe-shot <= 1.0.2 - Missing Authorization to Authenticated (Subscriber+) Form Settings Modification via AJAXEPSS 0.4%CVE-2026-29789CRITICALVito: Cross-project privilege escalation in workflow site-creation actions allows unauthorized server modificationEPSS 0.4%CVE-2025-31854MEDIUMWordPress Simple Sticky Add To Cart For WooCommerce plugin <= 1.4.9 - Broken Access Control vulnerabilityEPSS 0.4%CVE-2023-52233HIGHWordPress POST SMTP Mailer plugin <= 2.8.6 - Broken Access Control on API vulnerabilityEPSS 0.4%CVE-2026-23977HIGHWordPress Helpdesk Support Ticket System for WooCommerce plugin <= 2.1.2 - Broken Access Control vulnerabilityEPSS 0.4%CVE-2024-10537MEDIUMWP User Manager – User Profile Builder & Membership <= 2.9.11 - Missing Authorization to Authenticated (Subscriber+) User Meta Key EnumerationEPSS 0.4%CVE-2025-24649MEDIUMWordPress Admin and Site Enhancements (ASE) Plugin <= 7.6.2 - Broken Access Control vulnerabilityEPSS 0.4%CVE-2024-5318MEDIUMMissing Authorization in GitLabEPSS 0.4%CVE-2025-24607MEDIUMWordPress IdeaPush plugin <= 8.71 - Broken Access Control vulnerabilityEPSS 0.4%CVE-2024-11583MEDIUMBorderless – Widgets, Elements, Templates and Toolkit for Elementor & Gutenberg <= 1.5.9 - Missing Authorization to Icon Font DeletionEPSS 0.4%CVE-2026-44560MEDIUMOpen WebUI: Unauthorized File and Knowledge Base Content Access via RAG Vector SearchEPSS 0.4%CVE-2025-2933HIGHEmail Notifications for Updates <= 1.1.6 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options UpdateEPSS 0.4%CVE-2025-47558HIGHWordPress MapSVG plugin < 8.6.13 - Broken Access Control vulnerabilityEPSS 0.4%