Falhas do tipo CWE-862

6.934 resultados
CVE-2024-12176MEDIUMWordLift – AI powered SEO – Schema <= 3.54.2 - Missing Authorization to Authenticated (Subscriber+) Settings UpdateEPSS 0.3%CVE-2026-0656HIGHiPaymu Payment Gateway for WooCommerce <= 2.0.2 - Missing Authentication to Unauthenticated Payment Bypass and Order Information DisclosureEPSS 0.3%CVE-2025-67972MEDIUMWordPress Zoho ZeptoMail plugin <= 3.2.9 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2025-31525MEDIUMWordPress WP Mobile Bottom Menu plugin <= 1.4.0 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2025-4177MEDIUMFlynax Bridge <= 2.2.0 - Unauthenticated Arbitrary User DeletionEPSS 0.3%CVE-2024-45285MEDIUMMultiple vulnerabilities in SAP NetWeaver Application Server for ABAP and ABAP PlatformEPSS 0.3%CVE-2026-50108HIGHNaxclow IoT Platform Missing AuthorizationEPSS 0.3%CVE-2025-68018CRITICALWordPress Order Listener for WooCommerce plugin <= 3.6.1 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2026-44556HIGHOpen WebUI: responses passthrough endpoint lacks access control authorizationEPSS 0.3%CVE-2026-39534HIGHWordPress WP Directory Kit plugin <= 1.5.0 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2025-30894MEDIUMWordPress WP Fast Total Search plugin <= 1.79.262 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2023-45631MEDIUMWordPress Gallery – Image and Video Gallery with Thumbnails plugin <= 2.0.3 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2025-31381MEDIUMWordPress Booking Calendar and Notification plugin <= 4.0.3 - Broken Authentication vulnerabilityEPSS 0.3%CVE-2023-45002MEDIUMWordPress WP User Frontend plugin <= 3.6.8 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2023-22699MEDIUMWordPress MainWP Wordfence Extension Plugin <= 4.0.7 - Subscriber+ Arbitrary Plugin Activation VulnerabilityEPSS 0.3%CVE-2024-11134MEDIUMEventer <= 3.9.9 - Missing Authorization to Authenticated (Subscriber+) Bookings ExportEPSS 0.3%CVE-2024-11918MEDIUMImage Alt Text <= 2.0.0 - Missing Authorization to Authenticated (Subscriber+) Image Alt Text UpdateEPSS 0.3%CVE-2026-2371MEDIUMGreenshift <= 12.8.3 - Missing Authorization to Unauthenticated Private Reusable Block Disclosure via 'gspb_el_reusable_load'EPSS 0.3%CVE-2025-47612MEDIUMWordPress ClickWhale plugin <= 2.4.6 - Broken Access Control VulnerabilityEPSS 0.3%CVE-2025-23963MEDIUMWordPress Mark Posts plugin <= 2.2.4 - Broken Access Control vulnerabilityEPSS 0.3%