Falhas do tipo CWE-862

7.035 resultados
CVE-2025-6664MEDIUMCodeAstro Patient Record Management System cross-site request forgeryEPSS 0.2%CVE-2026-27362MEDIUMWordPress WP Bakery Autoresponder Addon plugin <= 1.0.6 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2026-57412MEDIUMWordPress Gift Vouchers plugin <= 4.6.9 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2026-57392MEDIUMWordPress Tourfic plugin <= 2.22.5 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2026-42726MEDIUMWordPress AWP Classifieds plugin <= 4.4.5 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2026-25462MEDIUMWordPress avalex plugin <= 3.1.3 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2026-25437MEDIUMWordPress GZSEO plugin <= 2.0.14 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2023-7290MEDIUMPaytium: Mollie payment forms & donations <= 4.3.7 - Missing Authorization in 'check_for_verified_profiles'EPSS 0.2%CVE-2025-9076MEDIUMMattermost Server exposes sensitive user credentials during shared channel membership synchronizationEPSS 0.2%CVE-2025-49981MEDIUMWordPress User Roles and Capabilities plugin <= 1.2.6 - Broken Access Control VulnerabilityEPSS 0.2%CVE-2025-49949MEDIUMWordPress Templazee plugin <= 1.0.2 - Broken Access Control VulnerabilityEPSS 0.2%CVE-2025-69095MEDIUMWordPress Reservation Plugin plugin <= 1.7 - Settings Change vulnerabilityEPSS 0.2%CVE-2026-31915MEDIUMWordPress Flatsome theme <= 3.19.6 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2025-6865MEDIUMDaiCuo index cross-site request forgeryEPSS 0.2%CVE-2026-57377MEDIUMWordPress WowAddons plugin <= 1.6.8 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2023-28619MEDIUMWordPress Resoto theme <= 1.0.8 - Broken Access Control to Arbitrary Plugin ActivationEPSS 0.2%CVE-2026-40782MEDIUMWordPress WPAdverts plugin <= 2.3.0 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2026-8689MEDIUMVisualizer: Tables and Charts Manager for WordPress <= 3.11.14 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Chart Creation and Modification via renderChartPages() and uploadData() FunctionsEPSS 0.2%CVE-2025-49902MEDIUMWordPress Login Page Customizer – Customizer Login Page, Admin Page, Custom Design plugin <= 2.1.1 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2026-39525MEDIUMWordPress Booking Activities plugin <= 1.16.48.1 - Broken Access Control vulnerabilityEPSS 0.2%