Falhas do tipo CWE-862
7.059 resultadosCVE-2026-3117MEDIUMInstance and webhook GitLab plugin commands were able to be run by non-admin usersEPSS 0.2%CVE-2026-12113MEDIUMAppointment Booking Calendar <= 1.4.02 - Missing Authorization to Authenticated (Contributor+) Sensitive Information DisclosureEPSS 0.2%CVE-2025-11373MEDIUMPopup and Slider Builder by Depicter – Add Email collecting Popup, Popup Modal, Coupon Popup, Image Slider, Carousel Slider, Post Slider Carousel <= 4.0.4 - Missing Authorization to Authenticated (Contributor+) Safe File Type UploadEPSS 0.2%CVE-2025-68993MEDIUMWordPress Share, Print and PDF Products for WooCommerce plugin <= 3.1.2 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2025-12527MEDIUMPage & Post Notes <= 1.3.4 - Missing Authorization to Authenticated (Subscriber+) Note Update/DeletionEPSS 0.2%CVE-2026-23548MEDIUMWordPress DirectoryPress plugin <= 3.6.25 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2026-25370MEDIUMWordPress WP Compress plugin <= 6.60.28 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2026-25315MEDIUMWordPress hCaptcha for WP plugin <= 4.21.1 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2026-25384MEDIUMWordPress WP-Lister Lite for eBay plugin <= 3.8.5 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2026-39528MEDIUMWordPress WP Delicious plugin <= 1.9.5 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2026-3445HIGHPaid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress <= 4.16.11 - Missing Authorization to Authenticated (Subscriber+) Membership Payment BypassEPSS 0.2%CVE-2026-0506HIGHMissing Authorization check in SAP NetWeaver Application Server ABAP and ABAP PlatformEPSS 0.2%CVE-2026-23543MEDIUMWordPress Essential Addons for Elementor plugin <= 6.5.5 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2026-24967MEDIUMWordPress Amelia plugin <= 1.2.38 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2026-25333MEDIUMWordPress Shopwell theme <= 1.0.11 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2026-8617MEDIUMSearchPlus <= 1.7.1 - Missing Authorization to Unauthenticated Settings Modification and Deletion via searchplus_save_token & searchplus_reset_token AJAX ActionsEPSS 0.2%CVE-2025-68596MEDIUMWordPress Bit Assist plugin <= 1.5.11 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2025-68994MEDIUMWordPress Product Loops for WooCommerce plugin <= 2.1.2 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2026-24982MEDIUMWordPress Spectra plugin <= 2.19.17 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2025-69009MEDIUMWordPress Medicalequipment theme <= 1.0.9 - Broken Access Control vulnerabilityEPSS 0.2%