Falhas do tipo CWE-862

6.959 resultados
CVE-2025-49268MEDIUMWordPress Verge3D plugin <= 4.9.4 - Broken Access Control VulnerabilityEPSS 0.3%CVE-2025-31581MEDIUMWordPress WP Video Playlist plugin <= 1.1.2 - Settings Change vulnerabilityEPSS 0.3%CVE-2026-44562MEDIUMOpen WebUI: Model Import Overwrites Any Model Without Ownership CheckEPSS 0.3%CVE-2026-8976MEDIUMRSS Aggregator by Feedzy <= 5.1.7 - Missing Authorization to Authenticated (Contributor+) Import Job Creation, Execution, Purge, Log Clearing, and Information Disclosure via Multiple AJAX Sub-ActionsEPSS 0.3%CVE-2025-49241MEDIUMWordPress oik plugin <= 4.15.1 - Broken Access Control VulnerabilityEPSS 0.3%CVE-2023-6748MEDIUMCustom Field Template <= 2.6.1 - Authenticated(Contributor+) Information ExposureEPSS 0.3%CVE-2025-32308HIGHWordPress Team Builder plugin <= 1.5.7 - Broken Access Control VulnerabilityEPSS 0.3%CVE-2025-11191MEDIUMRealPress < 1.1.0 - Unauthenticated Content Creation/Email Sending via RESTEPSS 0.3%CVE-2025-24763MEDIUMWordPress bbPress API plugin <= 1.0.14 - Broken Access Control VulnerabilityEPSS 0.3%CVE-2025-52878MEDIUMIn JetBrains TeamCity before 2025.03.3 usernames were exposed to the users without proper permissionsEPSS 0.3%CVE-2026-6506HIGHInfusedWoo Pro <= 5.1.2 - Authenticated (Subscriber+) Missing Authorization to Privilege Escalation via Arbitrary User Meta UpdateEPSS 0.3%CVE-2026-49948HIGHMem0 0.2.8 Missing Authorization via POST /configure EndpointEPSS 0.3%CVE-2023-45272MEDIUMWordPress 10Web Map Builder for Google Maps plugin <= 1.0.73 - Notice Dismissal VulnerabilityEPSS 0.3%CVE-2025-47485MEDIUMWordPress Cozy Blocks plugin <= 2.1.22 - Broken Access Control VulnerabilityEPSS 0.3%CVE-2024-13554MEDIUMThe Ultimate WordPress Toolkit – WP Extended <= 3.0.13 - Missing Authorization to Unauthenticated Post Order ManipulationEPSS 0.3%CVE-2024-13520MEDIUMGift Cards (Gift Vouchers and Packages) (WooCommerce Supported) <= 4.4.9 - Missing Authorization to Unauthenticated Price, Date, and Note UpdatesEPSS 0.3%CVE-2025-49265HIGHWordPress Membership For WooCommerce plugin <= 2.8.1 - Broken Access Control VulnerabilityEPSS 0.3%CVE-2020-36890HIGHKentico Xperience <= 10 Administrator Access Control BypassEPSS 0.3%CVE-2024-52391MEDIUMWordPress Pie Register Premium plugin < 3.8.3.3 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2025-53499CRITICALUnauthorized Inspection of Protected Variables in AbuseFilterEPSS 0.3%