Falhas do tipo CWE-862
7.021 resultadosCVE-2025-13381MEDIUMAI ChatBot with ChatGPT and Content Generator by AYS <= 2.7.0 - Missing Authorization to Unauthenticated Media File UploadsEPSS 0.2%CVE-2025-13317MEDIUMAppointment Booking Calendar <= 1.3.96 - Missing Authorization to Arbitrary Booking Confirmation via 'cpabc_ipncheck' ParameterEPSS 0.2%CVE-2025-66527MEDIUMWordPress Lobo theme <= 2.8.6 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2025-13314MEDIUMProduct Filtering by Categories, Tags, Price Range for WooCommerce <= 1.1.6 - Missing Authorization to Unauthenticated Plugin Settings ModificationEPSS 0.2%CVE-2026-57327MEDIUMWordPress MainWP plugin <= 6.1.1 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2026-50284HIGHCraft CMS: Missing peer-permission check in `AssetsController::actionDeleteFolder` allows deletion of other users' assetsEPSS 0.2%CVE-2026-55417MEDIUMChevereto private profile setting leaks username on /json endpointEPSS 0.2%CVE-2025-62892MEDIUMWordPress Sunshine Photo Cart plugin <= 3.5.3 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2025-49990MEDIUMWordPress ContentStudio plugin <= 1.3.7 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2026-33413HIGHetcd: Authorization bypasses in multiple APIsEPSS 0.2%CVE-2026-40570MEDIUMFreeScout's Missing Authorization in load_customer_info Allows Any Authenticated User to Access Full Customer PIIEPSS 0.2%CVE-2025-11758MEDIUMAll in One Time Clock Lite – Tracking Employee Time Has Never Been Easier <= 2.0.3 - Missing Authorization to Page Creation and Information ExposureEPSS 0.2%CVE-2025-52757MEDIUMWordPress SUMO Memberships for WooCommerce plugin < 7.8.0 - Arbitrary Content Deletion vulnerabilityEPSS 0.2%CVE-2025-4522MEDIUMIDonate 2.0.0 - 2.1.9 - Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary User Deletion via admin_post_donor_delete FunctionEPSS 0.2%CVE-2025-49987MEDIUMWordPress CRM ERP Business Solution plugin <= 1.13 - Broken Access Control VulnerabilityEPSS 0.2%CVE-2025-7078MEDIUM07FLYCMS/07FLY-CMS/07FlyCRM cross-site request forgeryEPSS 0.2%CVE-2025-62867MEDIUMWordPress Ergonet Cache plugin <= 1.0.13 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2025-49993MEDIUMWordPress Cookie-Script.com plugin <= 1.2.1 - Broken Access Control VulnerabilityEPSS 0.2%CVE-2024-33909MEDIUMWordPress iPages Flipbook plugin <= 1.5.1 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2023-47778MEDIUMWordPress LuckyWP Scripts Control plugin <= 1.2.1 - Broken Access Control vulnerabilityEPSS 0.2%