Falhas do tipo CWE-862
6.911 resultadosCVE-2025-9018HIGHTime Tracker <= 3.1.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update and Limited Data DeletionEPSS 0.3%CVE-2024-8658MEDIUMmyCred – Loyalty Points and Rewards plugin for WordPress and WooCommerce – Give Points, Ranks, Badges, Cashback, WooCommerce rewards, and WooCommerce credits for Gamification <= 2.7.3 - Missing Authorization to Unauthenticated Database UpgradeEPSS 0.3%CVE-2024-12336MEDIUMWC Affiliate – A Complete WooCommerce Affiliate Plugin <= 2.5.3 - Missing Authorization to Authenticated (Subscriber+) Sensitive Information Exposure via wf-export-allEPSS 0.3%CVE-2024-12596MEDIUMLifterLMS – WP LMS for eLearning, Online Courses, & Quizzes <= 7.8.5 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post DeletionEPSS 0.3%CVE-2025-10299HIGHWPBifröst – Instant Passwordless Temporary Login Links <= 1.0.7 - Missing Authorization to Authenticated (Subscriber+) Privilege EscalationEPSS 0.3%CVE-2024-35174MEDIUMWordPress Flo Forms plugin <= 1.0.42 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2024-12027MEDIUMMessage Filter for Contact Form 7 <= 1.6.3 - Missing Authorization to Authenticated (Subscriber+) Filter Updates/DeletionsEPSS 0.3%CVE-2025-49991MEDIUMWordPress WP-Recall plugin <= 16.26.14 - Broken Access Control VulnerabilityEPSS 0.3%CVE-2026-23799MEDIUMWordPress Tutor LMS plugin <= 3.9.5 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2024-34826MEDIUMWordPress CF7 WOW Styler plugin <= 1.6.4 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2025-69332MEDIUMWordPress Bookify plugin <= 1.1.1 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2026-27491MEDIUMDiscourse has a bypass of official warnings messages by non-staff usersEPSS 0.3%CVE-2026-40601HIGHChartbrew: Missing Authorization in /api/chart/:chart_id/query via team-level refresh toggleEPSS 0.3%CVE-2024-45286MEDIUMMissing Authorization check in SAP Production and Revenue Accounting (Tobin interface)EPSS 0.3%CVE-2025-47688MEDIUMWordPress Advanced File Manager plugin <= 5.3.1 - Broken Access Control to Notice Dismissal vulnerabilityEPSS 0.3%CVE-2024-32813MEDIUMWordPress Integrate Google Drive plugin <= 1.3.9 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2026-39584MEDIUMWordPress RepairBuddy plugin <= 4.1132 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2024-37427MEDIUMWordPress Timetics plugin <= 1.0.21 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2024-8430MEDIUMSpice Starter Sites <= 1.2.5 - Missing Authorization to Unauthenticated Demo Content ImportEPSS 0.3%CVE-2024-3268MEDIUMYouTube Video Gallery by YouTube Showcase – Video Gallery Plugin for WordPress <= 3.3.6 - Missing Authorization to Arbitrary Post/Page CreationEPSS 0.3%