Falhas do tipo CWE-862

7.025 resultados
CVE-2026-7249MEDIUMLocation Weather <= 3.0.2 - Missing Authorization to Authenticated (Contributor+) Block Settings Modification and Cache PurgingEPSS 0.2%CVE-2026-57521MEDIUMBitwarden Server < 2026.5.0 Broken Access Control via PreviewInvoiceControllerEPSS 0.2%CVE-2023-44212HIGHSensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Agent (Linux, mEPSS 0.2%CVE-2025-58660MEDIUMWordPress Oshine Core Plugin <= 1.5.5 - Broken Access Control VulnerabilityEPSS 0.2%CVE-2025-53291MEDIUMWordPress Spreadconnect plugin <= 2.1.5 - Broken Access Control VulnerabilityEPSS 0.2%CVE-2025-60103MEDIUMWordPress ListingPro plugin <= 2.9.8 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2026-24941HIGHWordPress WP Job Portal plugin <= 2.4.4 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2025-14361HIGHWordPress Woocommerce Envato Affiliates plugin <= 1.2.1 - Settings Change vulnerabilityEPSS 0.2%CVE-2025-15369MEDIUMXpro Addons — 140+ Widgets for Elementor <= 1.5.0 - Missing Authorization to Unauthenticated Xpro Template CreationEPSS 0.2%CVE-2025-69388MEDIUMWordPress Cliengo – Chatbot plugin <= 3.0.4 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2025-22673MEDIUMWordPress EAN Barcode Generator <= 5.3.5 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2026-0548MEDIUMTutor LMS – eLearning and online course solution <= 3.9.4 - Missing Authorization to Authenticated (Subscriber+) Limited Attachment DeletionEPSS 0.2%CVE-2026-4100HIGHPaid Memberships Pro <= 3.6.5 - Missing Authorization to Authenticated (Subscriber+) Stripe Webhook Deletion and Payment Processing DisruptionEPSS 0.2%CVE-2025-58000MEDIUMWordPress Memberful plugin <= 1.75.0 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2025-58004MEDIUMWordPress DriCub Theme <= 2.9 - Broken Access Control VulnerabilityEPSS 0.2%CVE-2025-10749MEDIUMMicrosoft Azure Storage for WordPress <= 4.5.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Media DeletionEPSS 0.2%CVE-2025-58919MEDIUMWordPress Wide Banner plugin <= 1.0.4 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2026-41498LOWKimai: Team API Missing Object-Level AuthorizationEPSS 0.2%CVE-2025-58685MEDIUMWordPress Cecabank WooCommerce plugin plugin <= 0.3.4 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2025-6284MEDIUMPHPGurukul Car Rental Portal cross-site request forgeryEPSS 0.2%