Falhas do tipo CWE-862
6.960 resultadosCVE-2025-46489MEDIUMWordPress Bulk Assign Linked Products For WooCommerce plugin <= 2.1 - Broken Access Control VulnerabilityEPSS 0.3%CVE-2025-46485MEDIUMWordPress WP Customize Login Page plugin <= 1.6.5 - Broken Access Control VulnerabilityEPSS 0.3%CVE-2026-6663MEDIUMGWD Connect <= 2.9 - Unauthenticated Limited Code Execution via update_agentEPSS 0.3%CVE-2025-31923MEDIUMWordPress CSS3 Accordions for WordPress plugin <= 3.0 - Broken Access Control VulnerabilityEPSS 0.3%CVE-2025-24762MEDIUMWordPress TicketBAI Facturas para WooCommerce plugin <= 3.45 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2025-53255MEDIUMWordPress HurryTimer plugin <= 2.13.1 - Broken Access Control VulnerabilityEPSS 0.3%CVE-2025-47480MEDIUMWordPress Graphina plugin <= 3.0.4 - Broken Access Control VulnerabilityEPSS 0.3%CVE-2025-49320MEDIUMWordPress FraudLabs Pro for WooCommerce plugin <= 2.22.11 - Broken Access Control VulnerabilityEPSS 0.3%CVE-2025-49236MEDIUMWordPress Raychat plugin <= 2.1.0 - Broken Access Control VulnerabilityEPSS 0.3%CVE-2025-54745MEDIUMWordPress miniOrange's Google Authenticator Plugin <= 6.1.1 - Broken Access Control VulnerabilityEPSS 0.3%CVE-2025-57917MEDIUMWordPress Printcart Web to Print Product Designer for WooCommerce plugin <= 2.4.8 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2025-28995MEDIUMWordPress Viral Loops WP Integration plugin <= 3.8.1 - Broken Access Control VulnerabilityEPSS 0.3%CVE-2026-3506MEDIUMWP-Chatbot for Messenger <= 4.9 - Missing Authorization to Unauthenticated Chatbot Configuration TakeoverEPSS 0.3%CVE-2025-24776MEDIUMWordPress Responsive Flipbooks plugin <= 1.0 - Broken Access Control VulnerabilityEPSS 0.3%CVE-2025-28997MEDIUMWordPress WP AutoKeyword plugin <= 1.0 - Broken Access Control VulnerabilityEPSS 0.3%CVE-2026-4094HIGHFOX – Currency Switcher Professional for WooCommerce <= 1.4.5 - Missing Authorization to Authenticated (Contributor+) Configuration DeletionEPSS 0.3%CVE-2025-29013MEDIUMWordPress Custom Category/Post Type Post order plugin <= 1.6.0 - Broken Access Control VulnerabilityEPSS 0.3%CVE-2024-13526MEDIUMEventPrime – Events Calendar, Bookings and Tickets <= 4.0.7.3 - Missing Authorization to Authenticated (Subscriber+) Event Attendees ExportEPSS 0.3%CVE-2026-59217MEDIUMOpen WebUI: Upload `metadata.knowledge_id` bypasses the knowledge-base write-access check (read-only users can add files to KB)EPSS 0.3%CVE-2025-5018HIGHHive Support <= 1.2.5 - Authenticated (Subscriber+) Missing Authorization via hs_update_ai_chat_settings and hive_lite_support_get_all_binboxEPSS 0.3%