Falhas do tipo CWE-862
6.883 resultadosCVE-2024-34389MEDIUMWordPress WP Post Author plugin <= 3.6.4 - Broken Access Control vulnerabilityEPSS 0.4%CVE-2024-28004MEDIUMWordPress Colibri Page Builder plugin <= 1.0.248 - Broken Access Control vulnerabilityEPSS 0.4%CVE-2025-6720MEDIUMVchasno Kasa <= 1.0.3 - Unauthenticated Log File ClearingEPSS 0.4%CVE-2024-9223MEDIUMWPDash Notes <= 1.3.5 - Missing Authorization to Authenticated (Subscriber+) Sensitive Information ExposureEPSS 0.4%CVE-2023-6598MEDIUMSpeedyCache <= 1.1.3 - Missing Authorization to Plugin Options UpdateEPSS 0.4%CVE-2025-26373MEDIUMA CWE-862 "Missing Authorization" in maxprofile/users/routes.lua (user endpoint) in Q-Free MaxTime less than or equal to version 2.11.0 alloEPSS 0.4%CVE-2024-53605HIGHIncorrect access control in the component content://com.handcent.messaging.provider.MessageProvider/ of Handcent NextSMS v10.9.9.7 allows atEPSS 0.4%CVE-2023-47763MEDIUMWordPress WP Custom Admin Interface plugin <= 7.31 - Broken Access Control vulnerabilityEPSS 0.4%CVE-2023-4947MEDIUMWooCommerce EAN Payment Gateway < 6.1.0 - Missing Authorization to Authenticated (Contributor+) EAN UpdateEPSS 0.4%CVE-2024-53826MEDIUMWordPress WPCasa plugin <= 1.2.13 - Insecure Direct Object References (IDOR) vulnerabilityEPSS 0.4%CVE-2025-10212MEDIUMSiteAlert (Formerly WP Health) <= 1.9.8 - Missing Authorization to Unauthenticated Site Health Information ExposureEPSS 0.4%CVE-2025-31539MEDIUMWordPress Cryptocurrency Widgets Pack plugin <= 2.0.1 - Broken Access Control vulnerabilityEPSS 0.4%CVE-2026-4065MEDIUMSmart Slider 3 <= 3.5.1.33 - Missing Authorization to Authenticated (Contributor+) Slider Data Read and Image Record ManipulationEPSS 0.4%CVE-2026-1916HIGHWPGSI: Spreadsheet Integration <= 3.8.3 - Missing Authorization to Unauthenticated Arbitrary Post Creation and Deletion via Forged Base64 TokenEPSS 0.4%CVE-2023-37870HIGHWordPress WooCommerce Warranty Requests plugin <= 2.1.9 - Broken Access Control vulnerabilityEPSS 0.4%CVE-2024-54153LOWIn JetBrains YouTrack before 2024.3.51866 unauthenticated database backup download was possible via vulnerable query parameterEPSS 0.4%CVE-2023-24605MEDIUMOX App Suite before backend 7.10.6-rev37 does not enforce 2FA for all endpoints, e.g., reading from a drive, reading contact data, and renamEPSS 0.4%CVE-2022-45811MEDIUMWordPress Post Teaser plugin <= 4.1.5 - Auth. Broken Access Control vulnerabilityEPSS 0.4%CVE-2025-12714MEDIUMRank Math SEO – AI SEO Tools to Dominate SEO Rankings <= 1.0.271 - Missing Authorization to Unauthenticated Homepage Settings ModificationEPSS 0.4%CVE-2024-9706MEDIUMUltimate Coming Soon & Maintenance <= 1.0.9 - Missing Authorization to Unauthenticated Template ActivationEPSS 0.4%