Falhas do tipo CWE-862
7.021 resultadosCVE-2025-8268MEDIUMAi Engine <= 2.9.5 - Missing Authorization to Unauthenticated Uploaded Files Disclosure And DeletionEPSS 0.3%CVE-2026-40743MEDIUMWordPress Tutor LMS plugin <= 3.9.7 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2025-48326MEDIUMWordPress Acclectic Media Organizer Plugin <= 1.4 - Broken Access Control VulnerabilityEPSS 0.3%CVE-2024-4744MEDIUMWordPress iPages Flipbook plugin <= 1.5.1 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2026-29070MEDIUMOpen WebUI has unauthorized deletion of knowledge filesEPSS 0.3%CVE-2025-53485HIGHSecurePoll: Unauthorized access to SetTranslationHandler allows arbitrary text changesEPSS 0.3%CVE-2025-52813HIGHWordPress MobiLoud <= 4.6.5 - Broken Access Control VulnerabilityEPSS 0.3%CVE-2026-42670HIGHWordPress Five Star Restaurant Reservations plugin <= 2.7.14 - Payment Bypass vulnerabilityEPSS 0.3%CVE-2021-4446MEDIUMEssential Addons for Elementor <= 4.6.4 - Missing AuthorizationEPSS 0.3%CVE-2026-2022MEDIUMSmart Forms <= 2.6.99 - Missing Authorization to Authenticated (Subscriber+) Campaign Data ExposureEPSS 0.3%CVE-2026-47193HIGHOpenProject: Journal diff endpoint bypasses object, journal, and field visibility checksEPSS 0.3%CVE-2026-45717HIGHBudibase: `PUT /api/datasources/:datasourceId` is protected only by `TABLE/READ` permission instead of builder access, allowing any authenticated app user to overwrite datasource connection parameters including host, port, and URL.EPSS 0.3%CVE-2026-34886HIGHWordPress Simple Membership plugin <= 4.7.1 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2024-56215MEDIUMWordPress Member Directory and Contact Form plugin <= 1.7.0 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2026-56396HIGHphpMyFAQ - Privilege Escalation via Missing Authorization in editUser() and updateUserRights()EPSS 0.3%CVE-2025-12633HIGHBooking Calendar | Appointment Booking | Bookit <= 2.5.0 - Missing Authorization to Unauthenticated Stripe ConnectionEPSS 0.3%CVE-2025-12782MEDIUMBeaver Builder – WordPress Page Builder <= 2.9.4 - Missing Authorization to Authenticated (Contributor+) Builder Status TamperingEPSS 0.3%CVE-2026-4162HIGHGravity SMTP <= 2.1.4 - Missing Authorization to Authenticated (Subscriber+) Plugin UninstallEPSS 0.3%CVE-2023-44210HIGHSensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Cyber Protect CEPSS 0.3%CVE-2026-11818MEDIUMWPCafe <= 3.0.14 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Modification via REST APIEPSS 0.3%