Falhas do tipo CWE-862
6.960 resultadosCVE-2026-35606MEDIUMFile Browser discloses text file content via /api/resources endpoint bypassing Perm.Download checkEPSS 0.3%CVE-2025-11890HIGHCrypto Payment Gateway with Payeer for WooCommerce <= 1.0.3 - Unauthenticated Payment BypassEPSS 0.3%CVE-2026-49991HIGHRustFS Snowball Auto-Extract: Path Traversal allows cross-bucket object injectionEPSS 0.3%CVE-2025-47472MEDIUMWordPress Music Player for WooCommerce plugin <= 1.5.1 - Broken Access Control VulnerabilityEPSS 0.3%CVE-2026-3138MEDIUMProduct Filter for WooCommerce by WBW <= 3.1.2 - Missing Authorization to Unauthenticated Filter Data Deletion via TRUNCATE TABLEEPSS 0.3%CVE-2025-31923MEDIUMWordPress CSS3 Accordions for WordPress plugin <= 3.0 - Broken Access Control VulnerabilityEPSS 0.3%CVE-2025-49320MEDIUMWordPress FraudLabs Pro for WooCommerce plugin <= 2.22.11 - Broken Access Control VulnerabilityEPSS 0.3%CVE-2025-29006MEDIUMWordPress Direct Checkout for WooCommerce Lite plugin <= 1.0.3 - Broken Access Control VulnerabilityEPSS 0.3%CVE-2025-46489MEDIUMWordPress Bulk Assign Linked Products For WooCommerce plugin <= 2.1 - Broken Access Control VulnerabilityEPSS 0.3%CVE-2026-3506MEDIUMWP-Chatbot for Messenger <= 4.9 - Missing Authorization to Unauthenticated Chatbot Configuration TakeoverEPSS 0.3%CVE-2026-40543HIGHMissing Authorization in SOPlanningEPSS 0.3%CVE-2025-50009MEDIUMWordPress Kata Plus plugin <= 1.5.3 - Broken Access Control VulnerabilityEPSS 0.3%CVE-2025-53255MEDIUMWordPress HurryTimer plugin <= 2.13.1 - Broken Access Control VulnerabilityEPSS 0.3%CVE-2024-9626MEDIUMEditorial Assistant by Sovrn <= 1.3.3 - Missing Authorization to Authenticated (Subscriber+) Attachment Upload and Set Post Featured ImageEPSS 0.3%CVE-2026-2658MEDIUMnewbee-ltd newbee-mall Multiple Endpoints cross-site request forgeryEPSS 0.3%CVE-2025-48096MEDIUMWordPress Custom CSS plugin <= 1.4.0 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2026-4094HIGHFOX – Currency Switcher Professional for WooCommerce <= 1.4.5 - Missing Authorization to Authenticated (Contributor+) Configuration DeletionEPSS 0.3%CVE-2025-49324MEDIUMWordPress Job Board Manager plugin <= 2.1.60 - Broken Access Control VulnerabilityEPSS 0.3%CVE-2024-54222MEDIUMWordPress Seraphinite Accelerator plugin <= 2.22.15 - Authenticated Sensitive Data Exposure vulnerabilityEPSS 0.3%CVE-2025-32240MEDIUMWordPress Site Notify plugin <= 1.0 - Broken Access Control VulnerabilityEPSS 0.3%