Falhas do tipo CWE-862

7.059 resultados
CVE-2026-39637MEDIUMWordPress Mogi theme <= 1.2.3 - Arbitrary Shortcode Execution vulnerabilityEPSS 0.2%CVE-2025-12527MEDIUMPage & Post Notes <= 1.3.4 - Missing Authorization to Authenticated (Subscriber+) Note Update/DeletionEPSS 0.2%CVE-2026-3445HIGHPaid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress <= 4.16.11 - Missing Authorization to Authenticated (Subscriber+) Membership Payment BypassEPSS 0.2%CVE-2026-8688MEDIUMAdvance Nav Menu Manager <= 1.3 - Missing Authorization to Authenticated (Subscriber+) Nav Menu Item Modification via anmm_save_menu_data AJAX ActionEPSS 0.2%CVE-2025-47565MEDIUMWordPress EventON plugin <= 4.9.9 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2025-12449MEDIUMaBlocks – WordPress Gutenberg Blocks <= 2.4.0 - Missing Authorization to Authenticated (Subscriber+) Settings ModificationEPSS 0.2%CVE-2025-12900MEDIUMFileBird – WordPress Media Library Folders & File Manager <= 6.5.1 - Missing Authorization to Authenticated (Author+) Global Folders TamperingEPSS 0.2%CVE-2026-33915MEDIUMOpenEMR Missing ACL Checks on Insurance Company API RoutesEPSS 0.2%CVE-2025-49974MEDIUMWordPress UpStream: a Project Management Plugin for WordPress plugin <= 2.1.1 - Broken Access Control VulnerabilityEPSS 0.2%CVE-2025-49976MEDIUMWordPress WANotifier plugin <= 2.7.12 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2025-64139MEDIUMA missing permission check in Jenkins Start Windocks Containers Plugin 1.4 and earlier allows attackers with Overall/Read permission to connEPSS 0.2%CVE-2025-8488MEDIUMUltimate Addons for Elementor (Formerly Elementor Header & Footer Builder) <= 2.4.6 - Missing Authorization to Authenticated (Subscriber+) Limited Settings UpdateEPSS 0.2%CVE-2025-14880MEDIUMNetcash WooCommerce Payment Gateway <= 4.1.3 - Missing Authorization to Unauthenticated Order Status ModificationEPSS 0.2%CVE-2025-14755MEDIUMCost Calculator Builder <= 4.0.1 - Unauthenticated Price Manipulation and Insecure Direct Object ReferenceEPSS 0.2%CVE-2026-9172MEDIUMDevs Accounting <= 1.2.0 - Missing Authorization to Unauthenticated Account Deletion via /delete-account/ REST EndpointEPSS 0.2%CVE-2025-14001MEDIUMWP Duplicate Page <= 1.8 - Missing Authorization to Authenticated (Contributor+) Arbitrary Post DuplicationEPSS 0.2%CVE-2025-66083MEDIUMWordPress WpEvently plugin <= 5.0.4 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2025-49982MEDIUMWordPress WP Customer Area plugin <= 8.3.4 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2025-13529MEDIUMUnify <= 3.4.9 - Missing Authorization to Unauthenticated Option Deletion via 'unify_plugin_downgrade' ParameterEPSS 0.2%CVE-2026-45244LOWSummarize < 0.15.1 Unapproved Browser Automation ExecutionEPSS 0.2%