Falhas do tipo CWE-862
7.035 resultadosCVE-2025-47471MEDIUMWordPress Envo Extra plugin <= 1.9.9 - Broken Access Control VulnerabilityEPSS 0.2%CVE-2026-44320HIGHfree5GC: NEF nnef-callback route group is unauthenticated; forged callback requests are accepted into the processing pathEPSS 0.2%CVE-2025-58243MEDIUMWordPress imEvent Theme <= 3.4.0 - Broken Access Control VulnerabilityEPSS 0.2%CVE-2025-28996MEDIUMWordPress GPP Slideshow plugin <= 1.3.5 - Broken Access Control VulnerabilityEPSS 0.2%CVE-2025-47534MEDIUMWordPress Wordpress Auto Spinner plugin <= 3.25.0 - Broken Access Control VulnerabilityEPSS 0.2%CVE-2025-49246MEDIUMWordPress Testimonials Showcase plugin <= 1.9.16 - Broken Access Control VulnerabilityEPSS 0.2%CVE-2025-49903MEDIUMWordPress ZoloBlocks plugin <= 2.3.11 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2025-49293MEDIUMWordPress Crawlomatic Multisite Scraper Post Generator plugin <= 2.6.8.2 - Broken Access Control VulnerabilityEPSS 0.2%CVE-2025-42899MEDIUMMissing Authorization check in SAP S4CORE (Manage Journal Entries)EPSS 0.2%CVE-2025-29010MEDIUMWordPress Behance Portfolio Manager plugin <= 1.7.5 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2025-13386MEDIUMSocial Images Widget <= 2.1 - Missing Authorization to Unauthenticated Arbitrary Plugin Settings DeletionEPSS 0.2%CVE-2025-49289MEDIUMWordPress PDF for WPForms plugin <= 5.5.0 - Broken Access Control VulnerabilityEPSS 0.2%CVE-2025-31063MEDIUMWordPress Wishlist plugin <= 2.1.0 - Broken Access Control VulnerabilityEPSS 0.2%CVE-2025-12392MEDIUMCryptocurrency Payment Gateway for WooCommerce <= 2.0.25 - Missing Authorization to Unauthenticated Tracking Status UpdateEPSS 0.2%CVE-2026-25443HIGHWordPress Fraud Prevention For Woocommerce plugin <= 2.3.3 - Arbitrary Content Deletion vulnerabilityEPSS 0.2%CVE-2026-54010HIGHOpen WebUI: Forged chat-file link allows cross-user file read and deletionEPSS 0.2%CVE-2025-47528MEDIUMWordPress Ovation Elements plugin <= 1.1.2 - Broken Access Control VulnerabilityEPSS 0.2%CVE-2025-58785MEDIUMWordPress Ray Enterprise Translation plugin <= 1.7.2 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2025-12877MEDIUMIDonate – Blood Donation, Request And Donor Management System <= 2.1.15 - Missing Authorization to Unauthenticated Arbitrary Post DeletionEPSS 0.2%CVE-2025-12391MEDIUMRestrictions for BuddyPress <= 1.5.2 - Missing Authorization to Unauthenticated Tracking Status UpdateEPSS 0.2%