Falhas do tipo CWE-862

6.960 resultados
CVE-2026-3279MEDIUMEnable jQuery Migrate Helper <= 1.4.1 - Missing Authorization to Authenticated (Subscriber+) jQuery Version DowngradeEPSS 0.3%CVE-2026-44571MEDIUMOpen WebUI: Improper Authorization in Standard Channels Allows Message Updates with Read PermissionEPSS 0.3%CVE-2025-22291MEDIUMWordPress LTL Freight Quotes – Worldwide Express Edition plugin <= 5.0.20 - Arbitrary Content Deletion vulnerabilityEPSS 0.3%CVE-2023-51376MEDIUMWordPress ProjectHuddle Client Site plugin <= 1.0.34 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2025-10637MEDIUMSocial Feed Gallery <= 4.9.2 - Missing Authorization to Unauthenticated Information ExposureEPSS 0.3%CVE-2023-44234MEDIUMWordPress WP GPX Maps plugin <= 1.7.08 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2024-32783MEDIUMWordPress Advanced Testimonial Carousel for Elementor plugin <= 3.0.0 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2023-39994MEDIUMWordPress ARMember Premium plugin <= 5.9.2 - Broken Access ControlEPSS 0.3%CVE-2025-67965MEDIUMWordPress Homey Core plugin <= 2.4.3 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2026-24539MEDIUMWordPress Protección de datos – RGPD plugin <= 0.68 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2025-52817HIGHWordPress Abandoned Contact Form 7 plugin <= 2.2 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2025-11725MEDIUMAruba HiSpeed Cache <= 3.0.2 - Missing Authorization to Unauthenticated Plugin's Settings ModificationEPSS 0.3%CVE-2024-34803MEDIUMWordPress Fastly plugin <= 1.2.25 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2024-10588MEDIUMDebug Tool <= 2.2 - Missing Authorization to Information ExposureEPSS 0.3%CVE-2026-59216HIGHOpen WebUI: Cross-user code-interpreter and tool execution via unvalidated Socket.IO event-caller session_idEPSS 0.3%CVE-2024-5607MEDIUMGDPR CCPA Compliance & Cookie Consent Banner <= 2.7.0 - Missing Authorization to Settings Update and Stored Cross-Site ScriptingEPSS 0.3%CVE-2026-1720HIGHWowOptin: Next-Gen Popup Maker – Create Stunning Popups and Optins for Lead Generation <= 1.4.24 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin InstallationEPSS 0.3%CVE-2024-37176MEDIUMMissing Authorization check in SAP BW/4HANA Transformation and DTPEPSS 0.3%CVE-2024-53813MEDIUMWordPress WP Travel plugin <= 9.6.0 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2024-10294MEDIUMCE21 Suite <= 2.2.0 - Missing Authorization to Unauthenticated Plugin Settings ChangeEPSS 0.3%