Falhas do tipo CWE-862
6.960 resultadosCVE-2025-24654HIGHWordPress Squirrly SEO plugin <= 12.4.07 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2026-9233MEDIUMQuiz and Survey Master (QSM) <= 11.1.4 - Missing Authorization to Authenticated (Contributor+) Arbitrary Modification via qsm_insert_quiz_template AJAX ActionEPSS 0.3%CVE-2026-24604MEDIUMWordPress Simple GDPR Cookie Compliance plugin <= 2.0.0 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2023-7292MEDIUMPaytium: Mollie payment forms & donations <= 4.3.7 - Missing Authorization in 'paytium_notice_dismiss'EPSS 0.3%CVE-2024-13526MEDIUMEventPrime – Events Calendar, Bookings and Tickets <= 4.0.7.3 - Missing Authorization to Authenticated (Subscriber+) Event Attendees ExportEPSS 0.3%CVE-2023-7288MEDIUMPaytium: Mollie payment forms & donations <= 4.3.7 - Missing Authorization in 'update_profile_preference'EPSS 0.3%CVE-2026-7523MEDIUMAlba Board <= 2.1.3 - Missing Authorization to Authenticated (Subscriber+) Sensitive Information Disclosure via 'card_id' ParameterEPSS 0.3%CVE-2026-25320MEDIUMWordPress Elementor Contact Form DB plugin <= 2.1.3 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2026-11592MEDIUMEmail Subscribers & Newsletters <= 5.9.27 - Missing Authorization to Authenticated (Contributor+) Settings Modification via ig_es_handle_request AJAX ActionEPSS 0.3%CVE-2025-42983HIGHMissing Authorization check in SAP Business Warehouse and SAP Plug-In BasisEPSS 0.3%CVE-2023-46628MEDIUMWordPress WP Word Count plugin <= 3.2.4 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2025-5018HIGHHive Support <= 1.2.5 - Authenticated (Subscriber+) Missing Authorization via hs_update_ai_chat_settings and hive_lite_support_get_all_binboxEPSS 0.3%CVE-2024-10614MEDIUMCustomer Reviews for WooCommerce <= 5.61.0 - Missing Authorization to Authenticated (Subscriber+) Import CancellationEPSS 0.3%CVE-2026-57946MEDIUMInvidious - Private Playlist Disclosure via Unauthenticated RSS Feed EndpointEPSS 0.3%CVE-2026-25374MEDIUMWordPress Spa and Salon theme <= 1.3.2 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2026-25367MEDIUMWordPress CitiLights theme < 3.7.2 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2026-22447MEDIUMWordPress Prowess theme <= 1.8.1 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2026-49956HIGHHermes WebUI < 0.51.269 Profile Isolation Bypass via sessions searchEPSS 0.3%CVE-2026-40314MEDIUMNamelessMC: Reactions on private or blocking profile posts can be read and modified without proper authorizationEPSS 0.3%CVE-2026-59217MEDIUMOpen WebUI: Upload `metadata.knowledge_id` bypasses the knowledge-base write-access check (read-only users can add files to KB)EPSS 0.3%