Falhas do tipo CWE-862
6.959 resultadosCVE-2025-22318HIGHWordPress Standard Box Sizes plugin <= 1.6.13 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2025-22285MEDIUMWordPress Pallet Packaging for WooCommerce Plugin <= 1.1.15 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2024-11926MEDIUMTraveler <= 3.1.6 - Missing Authorization in Several AJAX ActionsEPSS 0.3%CVE-2023-40603MEDIUMWordPress Simple Org Chart plugin <= 2.3.4 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2026-30850MEDIUMParse Server: File metadata endpoint bypasses `beforeFind` / `afterFind` trigger authorizationEPSS 0.3%CVE-2026-42433HIGHOpenClaw < 2026.4.10 - Unauthorized Matrix Profile Config Persistence Access via operator.write Message ToolsEPSS 0.3%CVE-2025-8357MEDIUMMedia Library Assistant <= 3.27 - Authenticated (Author+) Limited File DeletionEPSS 0.3%CVE-2025-11438MEDIUMJhumanJ OpnForm API Endpoint custom-domains authorizationEPSS 0.3%CVE-2024-12620MEDIUMAnimateGL Animations for WordPress – Elementor & Gutenberg Blocks Animations <= 1.4.23 - Missing Authorization to Unauthenticated Settings UpdateEPSS 0.3%CVE-2025-7822MEDIUMWP Wallcreeper <= 1.6.1 - Missing Authorization to Authenticated (Susbcriber+) Cache Enable/DisableEPSS 0.3%CVE-2023-51413MEDIUMWordPress Piotnet Forms plugin <= 1.0.29 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2026-27638MEDIUMActualBudget missing authorization in sync endpoints allows cross-user budget file access in multi-user modeEPSS 0.3%CVE-2023-37394MEDIUMWordPress WP Dummy Content Generator plugin <= 2.3.0 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2026-32270LOWCraft Commerce: Unauthenticated information disclosure in `commerce/payments/pay` can leak some customer order data on anonymous paymentsEPSS 0.3%CVE-2023-41240MEDIUMWordPress Pricing Deals for WooCommercePricing Deals for WooCommerce plugin <= 2.0.3.2 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2026-12094MEDIUMAdvanced Contact Form 7 <= 1.0.0 - Missing Authorization to Unauthenticated Arbitrary Contact Form Submission Deletion via 'form_id' ParameterEPSS 0.3%CVE-2025-49969MEDIUMWordPress Zara 4 Image Compression plugin <= 1.2.17.2 - Broken Access Control VulnerabilityEPSS 0.3%CVE-2026-33759MEDIUMAVideo: Unauthenticated IDOR in playlistsVideos.json.php Exposes Private Playlist ContentsEPSS 0.3%CVE-2025-64348CRITICALELOG configuration file authorization bypassEPSS 0.3%CVE-2025-32259MEDIUMWordPress WP ULike plugin <= 4.7.9.1 - Content Spoofing VulnerabilityEPSS 0.3%