Falhas do tipo CWE-862

6.960 resultados
CVE-2025-53246MEDIUMWordPress Backup and Move Plugin <= 0.1 - Broken Access Control VulnerabilityEPSS 0.3%CVE-2024-13737MEDIUMMotors – Car Dealer, Classifieds & Listing <= 1.4.57 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Deletion and Listing Template CreationEPSS 0.3%CVE-2025-24403MEDIUMA missing permission check in Jenkins Azure Service Fabric Plugin 1.6 and earlier allows attackers with Overall/Read permission to enumerateEPSS 0.3%CVE-2020-27349aptdaemon performed policykit permissions checks too lateEPSS 0.3%CVE-2025-67575MEDIUMWordPress Sitewide Notice WP plugin <= 2.4.1 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2026-3426MEDIUMRTMKit Addons for Elementor <= 2.0.2 - Authenticated (Author+) Missing Authorization to Widget Configuration ModificationEPSS 0.3%CVE-2024-4341MEDIUMIDOR in ExtremePacs's Extreme XDSEPSS 0.3%CVE-2025-31406MEDIUMWordPress ELEX WooCommerce Request a Quote plugin <= 2.3.9 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2025-62889MEDIUMWordPress King Addons for Elementor plugin <= 51.1.61 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2025-30605MEDIUMWordPress sourceplay-navermap plugin <= 0.0.2 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2024-24840MEDIUMWordPress Element Pack Elementor Addons plugin <= 5.4.11 - Broken Access Control on Duplicate Post vulnerabilityEPSS 0.3%CVE-2024-41728LOWMissing Authorization check in SAP NetWeaver Application Server for ABAP and ABAP PlatformEPSS 0.3%CVE-2026-9028MEDIUMCorvusPay WooCommerce Payment Gateway <= 2.7.4 - Missing Authorization to Unauthenticated Arbitrary Order Cancellation via 'order_number' ParameterEPSS 0.3%CVE-2025-10849MEDIUMFelan Framework <= 1.1.4 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Activation/Deactivation via process_plugin_actionsEPSS 0.3%CVE-2024-41624MEDIUMIncorrect access control in Himalaya Xiaoya nano smart speaker rom_version 1.6.96 allows a remote attacker to have an unspecified impact.EPSS 0.3%CVE-2026-32498HIGHWordPress RegistrationMagic plugin <= 6.0.7.6 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2025-64630MEDIUMWordPress Business Directory plugin <= 6.4.19 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2025-13794MEDIUMAuto Featured Image <= 4.2.1 - Missing Authorization to Authenticated (Contributor+) Post Thumbnail ModificationEPSS 0.3%CVE-2025-60077HIGHWordPress YayPricing plugin <= 3.5.3 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2024-8632MEDIUMKB Support – WordPress Help Desk and Knowledge Base <= 1.6.6 - Missing Authorization to Unauthenticated Ticket Reply ExposureEPSS 0.3%