Falhas do tipo CWE-862
6.946 resultadosCVE-2026-2446CRITICALPowerpack for LearnDash < 1.3.0 - Unauthenticated Arbitrary Option UpdateEPSS 0.3%CVE-2023-45110MEDIUMWordPress Bold Timeline Lite plugin <= 1.1.9 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2026-20888MEDIUMGitea Pull Requests Auto-Merge: Read-Only Users Can Cancel Scheduled Auto-Merge via Web Endpoint (Authorization Bypass)EPSS 0.3%CVE-2025-0952HIGHEco Nature - Environment & Ecology WordPress Theme <= 2.0.4 - Missing Authorization to Authenticated (Subscriber+) Limited Options UpdateEPSS 0.3%CVE-2026-23990MEDIUMFlux Operator Web UI Impersonation Bypass via Empty OIDC ClaimsEPSS 0.3%CVE-2026-0814MEDIUMAdvanced CF7 DB <= 2.0.9 - Missing Authorization to Authenticated (Subscriber+) Form Submissions Excel ExportEPSS 0.3%CVE-2023-47692MEDIUMWordPress Flo Forms plugin <= 1.0.41 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2024-13801HIGHBWL Advanced FAQ Manager <= 2.1.4 - Missing Authorization to Authenticated (Subscriber+) Limited Arbitrary Options UpdateEPSS 0.3%CVE-2023-46612MEDIUMWordPress Mediabay plugin <= 1.6 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2025-62037MEDIUMWordPress Togo theme < 1.0.4 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2025-24662MEDIUMWordPress LearnDash LMS Plugin <= 4.20.0.1 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2025-62924MEDIUMWordPress Post Grid and Gutenberg Blocks plugin <= 2.3.17 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2024-13541MEDIUMaDirectory – WordPress Directory Listing Plugin <= 2.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post DeletionEPSS 0.3%CVE-2025-53345HIGHWordPress Thim Core plugin <= 2.3.3 - Arbitrary Plugin Installation vulnerabilityEPSS 0.3%CVE-2025-26374MEDIUMA CWE-862 "Missing Authorization" in maxprofile/users/routes.lua (users endpoint) in Q-Free MaxTime less than or equal to version 2.11.0 allEPSS 0.3%CVE-2026-39910CRITICALSTACKIT IaaS API Privilege Escalation via Service Account AttachmentEPSS 0.3%CVE-2025-24461MEDIUMIn JetBrains TeamCity before 2024.12.1 decryption of connection secrets without proper permissions was possible via Test Connection endpointEPSS 0.3%CVE-2025-11369MEDIUMEssential Blocks <= 5.7.2 - Missing Authorization To Authenticated (Author+) Information DisclosureEPSS 0.3%CVE-2026-22485MEDIUMWordPress My Album Gallery plugin <= 1.0.4 - Arbitrary File Deletion vulnerabilityEPSS 0.3%CVE-2026-27071CRITICALWordPress WPCafe plugin <= 3.0.7 - Broken Access Control vulnerabilityEPSS 0.3%