Falhas do tipo CWE-862

7.060 resultados
CVE-2025-14948MEDIUMminiOrange OTP Verification and SMS Notification for WooCommerce <= 4.3.8 - Missing Authorization to Unauthenticated Notification Settings ModificationEPSS 0.2%CVE-2025-49976MEDIUMWordPress WANotifier plugin <= 2.7.12 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2025-66077MEDIUMWordPress Legal Pages plugin <= 1.4.6 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2025-14880MEDIUMNetcash WooCommerce Payment Gateway <= 4.1.3 - Missing Authorization to Unauthenticated Order Status ModificationEPSS 0.2%CVE-2026-9172MEDIUMDevs Accounting <= 1.2.0 - Missing Authorization to Unauthenticated Account Deletion via /delete-account/ REST EndpointEPSS 0.2%CVE-2025-8488MEDIUMUltimate Addons for Elementor (Formerly Elementor Header & Footer Builder) <= 2.4.6 - Missing Authorization to Authenticated (Subscriber+) Limited Settings UpdateEPSS 0.2%CVE-2025-47565MEDIUMWordPress EventON plugin <= 4.9.9 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2026-9237MEDIUMEmployee, Leave and Recruitment Management System <= 1.2.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Job Deletion via crewhrm_singleJobAction AJAX ActionEPSS 0.2%CVE-2025-14755MEDIUMCost Calculator Builder <= 4.0.1 - Unauthenticated Price Manipulation and Insecure Direct Object ReferenceEPSS 0.2%CVE-2022-45813MEDIUMWordPress Advanced AJAX Product Filters plugin <= 1.6.3.3 - Broken Access Control + CSRFEPSS 0.2%CVE-2026-14934CRITICALCross-Tenant Repository Takeover via Improper Access Control in BigQuery, Dataform and Colab EnterpriseEPSS 0.2%CVE-2025-8778MEDIUMNitroPack <= 1.18.4 - Missing Authorization to Authenticated (Subscriber+) Limited Settings Update via nitropack_set_compression_ajax FunctionEPSS 0.2%CVE-2025-58978MEDIUMWordPress PDF Generator for WordPress Plugin <= 1.5.4 - Broken Access Control VulnerabilityEPSS 0.2%CVE-2026-57405HIGHWordPress Open Shop theme <= 1.7.1 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2026-53640LOWFOSSBilling missing authorization checks on read-only admin API endpoints expose sensitive staff, client, and redirect dataEPSS 0.2%CVE-2026-53643HIGHFOSSBilling allows low-privileged staff accounts to perform unauthorized actions via admin API endpointsEPSS 0.2%CVE-2025-5814MEDIUMProfiler – What Slowing Down Your WP <= 1.0.0 - Missing Authentication to Unauthenticated Arbitrary Plugin Reactivation via State RestorationEPSS 0.2%CVE-2025-54733MEDIUMWordPress All Bootstrap Blocks Plugin <= 1.3.28 - Broken Access Control VulnerabilityEPSS 0.2%CVE-2025-64234MEDIUMWordPress Evergreen Content Poster plugin <= 1.4.5 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2025-69311HIGHWordPress Broadstreet Ads plugin <= 1.52.1 - Broken Access Control vulnerabilityEPSS 0.2%