Falhas do tipo CWE-862
6.960 resultadosCVE-2025-9984MEDIUMFeatured Image from URL (FIFU) <= 5.2.7 - Missing Authorization to Password Protected Post DisclosureEPSS 0.3%CVE-2025-24590MEDIUMWordPress picu – Online Photo Proofing Gallery plugin <= 2.4.0 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2025-7499MEDIUMBetterDocs <= 4.1.1 - Missing Authorization to Private And Password-Protected Posts Information DisclosureEPSS 0.3%CVE-2026-23804MEDIUMWordPress Better Business Reviews plugin <= 0.1.1 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2024-10665MEDIUMYaad Sarig Payment Gateway For WC <= 2.2.4 - Missing Authorization to Authenticated (Subscriber+) Log Read/DeletionEPSS 0.3%CVE-2025-68270CRITICALCourseLimitedStaff Role Allows Studio AccessEPSS 0.3%CVE-2025-66530MEDIUMWordPress Webba Booking plugin <= 6.2.1 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2022-2657—Multivendor Marketplace Solution for WooCommerce < 3.8.12 - Unauthorised AJAX CallsEPSS 0.3%CVE-2026-49274MEDIUMKirby: `pages.access` permission is not checked in the pages picker for parent pagesEPSS 0.3%CVE-2025-1502MEDIUMIP2Location Redirection <= 1.33.3 - Missing Authorization to Unauthenticated Settings ExportEPSS 0.3%CVE-2026-4888MEDIUMEverest Forms – Contact Form, Payment Form, Quiz, Survey & Custom Form Builder <= 3.4.7 - Missing Authorization to Authenticated (Subscriber+) Email SendingEPSS 0.3%CVE-2024-56227MEDIUMWordPress Royal Elementor Addons plugin <= 1.7.1001 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2024-6155MEDIUMGreenshift – animation and page builder blocks <= 9.0.0 - Missing Authorization to Authenticated (Subscriber+) Server-Side Request Forgery and Stored Cross-Site ScriptingEPSS 0.3%CVE-2026-41454HIGHWeKan < 8.35 Missing Authorization via Integration REST APIEPSS 0.3%CVE-2025-15260MEDIUMMyRewards – Loyalty Points and Rewards for WooCommerce <= 5.6.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Loyalty Rule ModificationEPSS 0.3%CVE-2025-23187MEDIUMMissing Authorization Check in SAP NetWeaver and ABAP Platform (SDCCN)EPSS 0.3%CVE-2026-35606MEDIUMFile Browser discloses text file content via /api/resources endpoint bypassing Perm.Download checkEPSS 0.3%CVE-2025-64179MEDIUMlakeFS: Unauthenticated access to API usage metricsEPSS 0.3%CVE-2025-4887MEDIUMSourceCodester Online Student Clearance System cross-site request forgeryEPSS 0.3%CVE-2025-1891MEDIUMshishuocms cross-site request forgeryEPSS 0.3%