Falhas do tipo CWE-862
6.955 resultadosCVE-2024-3932LOWTotara LMS User Selector cross-site request forgeryEPSS 0.3%CVE-2024-13530MEDIUMCustom Login Page Styler <= 7.1.1 - Missing Authorization to Authenticated (Subsciber+) Log Deletion and Session TerminationEPSS 0.3%CVE-2025-1299MEDIUMMissing Authorization in GitLabEPSS 0.3%CVE-2025-55471HIGHIncorrect access control in the getUserFormData function of youlai-boot v2.21.1 allows attackers to access sensitive information for other uEPSS 0.3%CVE-2025-39457MEDIUMWordPress Booking and Rental Manager plugin <= 2.2.8 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2026-30842MEDIUMWallos: Authenticated Missing Authorization Allows Deletion of Other Users’ Uploaded AvatarsEPSS 0.3%CVE-2026-4977MEDIUMUsersWP <= 1.2.58 - Authenticated (Subscriber+) Restricted Usermeta Modification via 'htmlvar' ParameterEPSS 0.3%CVE-2024-32715HIGHWordPress Olive One Click Demo Import plugin <= 1.1.1 - Arbitrary File Download vulnerabilityEPSS 0.3%CVE-2026-34358HIGHCtrlPanel: Missing Authorization on Admin Write Endpoints Allows RBAC BypassEPSS 0.3%CVE-2024-13716MEDIUMForex Calculators <= 1.3.7 - Missing Authorization to Authenticated (Subscriber+) Settings UpdateEPSS 0.3%CVE-2025-14971MEDIUMLink Invoice Payment for WooCommerce <= 2.8.0 - Missing Authorization to Unauthenticated Arbitrary Partial Payment Creation/CancellationEPSS 0.3%CVE-2024-49273MEDIUMWordPress ProfileGrid plugin <= 5.9.3 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.3%CVE-2024-6167MEDIUMJust Custom Fields <= 3.3.2 - Missing Authorization via AJAX actionsEPSS 0.3%CVE-2025-12876MEDIUMProjectopia – WordPress Project Management <= 5.1.19 - Missing Authorization to Unauthenticated Arbitrary Attachment DeletionEPSS 0.3%CVE-2024-37250MEDIUMWordPress Advanced Custom Fields Pro plugin < 6.3.2 - Subscriber+ Broken Access Control vulnerabilityEPSS 0.3%CVE-2024-10606MEDIUMWP Travel Engine <= 6.2.1 - Missing Authorization to Authenticated (Contributor+) Plugin Settings UpdateEPSS 0.3%CVE-2026-9021MEDIUMEasy Invoice <= 2.1.19 - Unauthenticated Arbitrary Quote Accept/Decline and Invoice Creation via easy_invoice_accept_quote / easy_invoice_decline_quote AJAX ActionsEPSS 0.3%CVE-2024-38737MEDIUMWordPress ReDi Restaurant Reservation plugin <= 24.0422 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2025-53284MEDIUMWordPress CMS Blocks plugin <= 1.1 - Broken Access Control VulnerabilityEPSS 0.3%CVE-2025-22285MEDIUMWordPress Pallet Packaging for WooCommerce Plugin <= 1.1.15 - Broken Access Control vulnerabilityEPSS 0.3%