Falhas do tipo CWE-862
7.062 resultadosCVE-2025-15524MEDIUMGallery by FooGallery <= 3.1.9 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Gallery Metadata ExposureEPSS 0.2%CVE-2025-22287MEDIUMWordPress LTL Freight Quotes – FreightQuote Edition plugin <= 2.3.11 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2024-13811MEDIUMLafka - Multi Store Burger - Pizza & Food Delivery WooCommerce Theme <= 4.5.7 - Missing Authorization to Authenticated (Subscriber+) Demo ImportEPSS 0.2%CVE-2025-13309MEDIUMAccessiy By CodeConfig Accessibility – Easy One-Click Accessibility Toolbar That Truly Matters <= 1.0.2 - Authenticated (Subscriber+) Missing Authorization to Modify Accessibility SettingsEPSS 0.2%CVE-2025-5315MEDIUMMissing Authorization in GitLabEPSS 0.2%CVE-2026-28433LOWMisskey lacks resource ownership validationEPSS 0.2%CVE-2025-8335MEDIUMcode-projects Simple Car Rental System cross-site request forgeryEPSS 0.2%CVE-2025-66156MEDIUMWordPress Watcher for Elementor plugin <= 1.0.9 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2023-23729MEDIUMWordPress Spectra – WordPress Gutenberg Blocks plugin <= 2.3.0 - Contributor+ reCAPTCHA Settings Change VulnerabilityEPSS 0.2%CVE-2025-14446MEDIUMPopup Builder <= 1.1.37 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Settings ResetEPSS 0.2%CVE-2026-50244MEDIUMNaxclow IoT Platform Missing AuthorizationEPSS 0.2%CVE-2025-2276MEDIUMUltimate Dashboard <= 3.8.7 - Missing Authorization to Authenticated (Subscriber+) Plugin Modules Activation/DeactivationEPSS 0.2%CVE-2025-13880MEDIUMWP Social Ninja - Embed Social Feeds, Customer Reviews, Chat Widgets (Google Reviews, YouTube Feed, Photo Feeds, and More) <= 4.0.1 - Missing Authorization to Unauthenticated Plugin's Settings Disclosure And ModificationEPSS 0.2%CVE-2025-8595MEDIUMZakra <= 4.1.5 - Missing Authorization to Subscriber+ Demo ImportEPSS 0.2%CVE-2026-47745MEDIUMShopper: Missing per-action authorization on PaymentMethods, Currencies and Carriers admin tablesEPSS 0.2%CVE-2025-53236MEDIUMWordPress UDesign Core plugin <= 4.14.0 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2026-2559MEDIUMPost SMTP <= 3.8.0 - Missing Authorization to Authenticated (Subscriber+) Office 365 OAuth Configuration OverwriteEPSS 0.2%CVE-2025-66138MEDIUMWordPress Motionger for Elementor plugin <= 2.0.4 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2026-28556MEDIUMwpForo Forum 2.4.14 Missing Authorization via Topic Management Form HandlersEPSS 0.2%CVE-2026-60124MEDIUMMISP importModule missing authorization allows read-only users to modify events via misp_standard importsEPSS 0.2%