Falhas do tipo CWE-862
7.048 resultadosCVE-2025-31408MEDIUMWordPress Zoho Flow plugin <= 2.13.3 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2026-42677HIGHWordPress WP Document Revisions plugin <= 3.8.1 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2026-52711HIGHWordPress WooCommerce POS plugin <= 1.8.14 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2025-8682MEDIUMNewsup <= 5.0.10 - Missing Authorization to Authenticated (Subscriber+) Plugin InstallationEPSS 0.2%CVE-2025-13964MEDIUMLearnPress – WordPress LMS Plugin <= 4.3.2 - Missing Authentication to Unauthenticated Course ModificationEPSS 0.2%CVE-2026-12134MEDIUMJoomSport <= 5.7.8 - Authenticated (Subscriber+) Missing Authorization to Arbitrary Group Creation/Modification via season_groupedit AJAX actionEPSS 0.2%CVE-2026-12435MEDIUMMotors <= 1.4.111 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Meta Modification via 'stm_mark_as_sold_car' ParameterEPSS 0.2%CVE-2025-68595MEDIUMWordPress Widgets for Social Photo Feed plugin <= 1.8 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2026-56038HIGHWordPress Frisbii Pay plugin <= 1.8.2 - Privilege Escalation vulnerabilityEPSS 0.2%CVE-2025-14173MEDIUMPerfit WooCommerce <= 1.0.1 - Missing Authorization to Unauthenticated Arbitrary Plugin Settings DeletionEPSS 0.2%CVE-2025-31886MEDIUMWordPress Social proof testimonials and reviews by Repuso plugin <= 5.21 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2026-8678MEDIUMMyParcel <= 4.25.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Order Shipment Data Disclosure and Modification via wcmp_get_shipment_options and wcmp_save_shipment_options AJAX ActionsEPSS 0.2%CVE-2025-15512MEDIUMAplazo Payment Gateway <= 1.4.3 - Missing Authorization to Unauthenticated Order Status ManipulationEPSS 0.2%CVE-2025-68045HIGHWordPress WP Event SOlution plugin <= 4.1.12 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2025-5816MEDIUMPlugin Pengiriman WooCommerce Kurir Reguler, Instan, Kargo – Biteship <= 3.2.0 - Insecure Direct Object Reference to Authenticated (Subscriber+) View Order Tracking DetailsEPSS 0.2%CVE-2025-14351MEDIUMCustom Fonts – Host Your Fonts Locally <= 2.1.16 - Missing Authorization to Unauthenticated Font DeletionEPSS 0.2%CVE-2025-31887MEDIUMWordPress MyBookProgress plugin <= 1.0.8 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2023-52217MEDIUMWordPress WooCommerce Conversion Tracking plugin <= 2.0.11 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2026-1054MEDIUMRegistrationMagic <= 6.0.7.4 - Missing Authorization to Unauthenticated Arbitrary Settings ModificationEPSS 0.2%CVE-2026-8682MEDIUM3D Viewer <= 2.0.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Settings Modification via settings REST endpointEPSS 0.2%