Falhas do tipo CWE-862
7.021 resultadosCVE-2025-2832MEDIUMmingyuefusu 明月复苏 tushuguanlixitong 图书管理系统 cross-site request forgeryEPSS 0.3%CVE-2025-14455MEDIUMImage Photo Gallery Final Tiles Grid <= 3.6.7 - Missing Authorization to Authenticated (Contributor+) Gallery ManagementEPSS 0.3%CVE-2025-12782MEDIUMBeaver Builder – WordPress Page Builder <= 2.9.4 - Missing Authorization to Authenticated (Contributor+) Builder Status TamperingEPSS 0.3%CVE-2024-4746MEDIUMWordPress Netgsm plugin <= 2.9.32 - Broken Access Control + CSRF vulnerabilityEPSS 0.3%CVE-2026-44281HIGHGLPI vulnerable to unauthorized reading of a specific asset objectEPSS 0.3%CVE-2026-11818MEDIUMWPCafe <= 3.0.14 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Modification via REST APIEPSS 0.3%CVE-2023-44210HIGHSensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Cyber Protect CEPSS 0.3%CVE-2026-24605MEDIUMWordPress X Addons for Elementor plugin <= 1.0.23 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2023-40327MEDIUMWordPress Putler Connector for WooCommerce plugin <= 2.12.0 - Unauthenticated Broken Access Control vulnerabilityEPSS 0.3%CVE-2025-50028MEDIUMWordPress Ultimate Push Notifications plugin <= 1.2.0 - Broken Access Control VulnerabilityEPSS 0.3%CVE-2023-48751MEDIUMWordPress Participants Database Plugin <= 2.5.5 is vulnerable to Broken Access ControlEPSS 0.3%CVE-2024-37214MEDIUMWordPress AliExpress Dropshipping with AliNext Lite plugin <= 3.3.5 - Broken Access Control to XSS vulnerabilityEPSS 0.3%CVE-2025-4683MEDIUMMStore API – Create Native Android & iOS Apps On The Cloud <= 4.17.5 - Missing Authorization to Authenticated (Subscriber+) Posts CreationEPSS 0.3%CVE-2024-42373MEDIUMMissing Authorization Check in SAP Student Life Cycle Management (SLcM)EPSS 0.3%CVE-2025-59581MEDIUMWordPress Ibtana Plugin <= 1.2.5.3 - Arbitrary Content Deletion VulnerabilityEPSS 0.3%CVE-2025-49319MEDIUMWordPress Wishlist for WooCommerce <= 3.2.3 - Broken Access Control VulnerabilityEPSS 0.3%CVE-2025-8482MEDIUMSimple Local Avatars <= 2.8.4 - Missing Authorization to Authenticated (Subscriber+) Avatar MigrationEPSS 0.3%CVE-2026-3056MEDIUMSeraphinite Accelerator <= 2.28.14 - Missing Authorization to Authenticated (Subscriber+) Log ClearingEPSS 0.3%CVE-2026-12133MEDIUMJoomSport <= 5.7.8 - Authenticated (Subscriber+) Missing Authorization to Arbitrary Group Deletion via season_groupdel AJAX actionEPSS 0.3%CVE-2026-7621MEDIUMSMTP2GO for WordPress <= 1.16.0 - Missing Authorization to Authenticated (Subscriber+) Log Read/TruncateEPSS 0.3%