Falhas do tipo CWE-862

6.931 resultados
CVE-2026-9619MEDIUMReviews and Rating <= 1.1.4 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Modification via sync_reviews AJAX ActionEPSS 0.3%CVE-2024-12611MEDIUMSchool Management System for Wordpress <= 93.0.0 - Reflected Cross-Site ScriptingEPSS 0.3%CVE-2024-47318MEDIUMWordPress PWA for WP & AMP plugin <= 1.7.72 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2026-1938MEDIUMYayMail <= 4.3.2 - Missing Authorization to Authenticated (Shop Manager+) License Key Deletion via '/yaymail-license/v1/license/delete' EndpointEPSS 0.3%CVE-2026-27405MEDIUMWordPress WpBookingly plugin <= 1.2.9 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2026-40788HIGHWordPress ChatBot plugin <= 7.9.7 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2025-58075HIGHArbitrary Mattermost Team can be joined by manipulating the SAML RelayStateEPSS 0.3%CVE-2026-24369HIGHWordPress The Grid plugin < 2.8.0 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2024-37249MEDIUMWordPress Advanced Custom Fields Pro plugin < 6.3.2 - Contributor+ Broken Access Control vulnerabilityEPSS 0.3%CVE-2026-56115HIGHBootimus 0.1.70 Broken Access Control via JWTMiddleware Authorization BypassEPSS 0.3%CVE-2025-5483HIGHLC Wizard 1.2.10 - 1.3.0 - Missing Authorization to Unauthenticated Privilege EscalationEPSS 0.3%CVE-2025-14657HIGHEventin – Event Manager, Event Booking, Calendar, Tickets and Registration Plugin (AI Powered) <= 4.0.51 - Missing Authorization to Unauthenticated Stored Cross-Site Scripting via 'post_settings'EPSS 0.3%CVE-2025-15400MEDIUMOpenPix <= 2.13.3 - Subscriber+ Payment Gateway Settings ResetEPSS 0.3%CVE-2025-15507MEDIUMMagic Import Document Extractor <= 1.0.5 - Missing Authorization to Unauthenticated Plugin License Status ModificationEPSS 0.3%CVE-2024-23524MEDIUMWordPress PilotPress plugin <= 2.0.30 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2025-43008MEDIUMMissing Authorization check in SAP S/4HANA HCM Portugal and SAP ERP HCM PortugalEPSS 0.3%CVE-2026-39593MEDIUMWordPress HAPPY plugin <= 1.0.10 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2020-36852CRITICALCustom Searchable Data Entry System <= 1.7.1 - Unauthenticated Database WipingEPSS 0.3%CVE-2026-23477HIGHRocket.Chat Unauthorized Access to OAuth App DetailsEPSS 0.3%CVE-2024-1217HIGHContact Form builder with drag & drop for WordPress – Kali Forms <= 2.3.41 - Missing Authorization to Arbitrary Plugin DeactivationEPSS 0.3%