Falhas do tipo CWE-862

7.018 resultados
CVE-2023-47870HIGHWordPress wpForo Forum Plugin <= 2.2.6 is vulnerable to Broken Access Control and Cross Site Request Forgery (CSRF)EPSS 0.3%CVE-2025-62128MEDIUMWordPress SiteLock Security plugin <= 5.0.1 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2025-12081MEDIUMACF Photo Gallery Field <= 3.0 - Missing Authorization to Authenticated (Subscriber+) Attachment Metadata ModificationEPSS 0.3%CVE-2024-12855MEDIUMAdForest - Classified Ads WordPress Theme <= 5.1.7 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post/Attachment DeletionEPSS 0.3%CVE-2025-22647MEDIUMWordPress AIO Performance Profiler plugin <= 1.2 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2025-32212MEDIUMWordPress Specia Companion plugin <= 6.3 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2025-43773MEDIUMLiferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q2.0, 2025.Q1.0 through 2025.Q1.14, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.0 thrEPSS 0.3%CVE-2025-31529MEDIUMWordPress Slider Path for Elementor plugin <= 3.0.0 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2026-12119MEDIUMSimple File List <= 6.3.7 - Missing Authorization to Authenticated (Contributor+) Arbitrary File Operations (Deletion / Move / Folder Creation / Download) via 'frontmanage' Shortcode AttributeEPSS 0.3%CVE-2025-31596MEDIUMWordPress Chat by Chatwee plugin <= 2.1.3 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2024-56006MEDIUMWordPress Jetpack Debug Tools plugin < 2.0.1 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2025-11701MEDIUMZip Attachments <= 1.6 - Missing Authorization to Unauthenticated Private And Password-Protected Posts Attachment DisclosureEPSS 0.3%CVE-2024-10664MEDIUMKnowledge Base documentation & wiki plugin – BasePress Docs <= 2.16.3.3 - Missing Authorization to Authenticated (Subscriber+) Database UpdateEPSS 0.3%CVE-2025-22667MEDIUMWordPress Export Order, Product, Customer & Coupon for WooCommerce to Google Sheets plugin <= 1.8.2 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2024-13243MEDIUMEntity Delete Log - Moderately critical - Access bypass - SA-CONTRIB-2024-007EPSS 0.3%CVE-2026-2381MEDIUMWooCommerce Stripe Payment Gateway <= 10.7.0 - Missing Authorization to Unauthenticated Order Status Manipulation via 'order' ParameterEPSS 0.3%CVE-2024-12110MEDIUMGold Addons for Elementor <= 1.3.2 - Missing Authorization to Authenticated (Subscriber+) License Activation/DeactivationEPSS 0.3%CVE-2026-45552CRITICALRoxy-WI: Cross-tenant authorization bypass on /install/* — guest can run Ansible / SSH on every registered serverEPSS 0.3%CVE-2025-31528MEDIUMWordPress StaticPress plugin <= 0.4.5 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2025-22665MEDIUMWordPress RapidLoad plugin <= 2.4.4 - Broken Access Control vulnerabilityEPSS 0.3%