Falhas do tipo CWE-862

7.080 resultados
CVE-2025-3701MEDIUMWordPress Malcure Malware Scanner plugin <= 16.8 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2026-42671MEDIUMWordPress GeoDirectory plugin <= 2.8.157 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2026-12471MEDIUMSpexo <= 2.0.11 - Missing Authorization to Authenticated (Subscriber+) Limited Plugin ActivationEPSS 0.2%CVE-2026-9235MEDIUMDHL eCommerce (Benelux) for WooCommerce <= 2.2.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Shipping Label Creation and Deletion via dhlpwc_label_create and dhlpwc_label_delete AJAX ActionsEPSS 0.2%CVE-2026-40809MEDIUMWordPress Metro Magazine theme <= 1.4.1 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2026-57339MEDIUMWordPress Business Directory plugin <= 6.4.23 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2026-57812MEDIUMWordPress Simply Schedule Appointments plugin <= 1.6.12.4 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2026-3072MEDIUMMedia Library Assistant <= 3.33 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Attachment Taxonomy ModificationEPSS 0.2%CVE-2026-57334MEDIUMWordPress WP User Frontend plugin <= 4.3.7 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2025-64215MEDIUMWordPress MasterStudy LMS Pro plugin < 4.7.16 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2026-57340MEDIUMWordPress Japanized For WooCommerce plugin <= 2.9.12 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2025-13643LOWMongoDB Server may allow queries to be terminated by unauthorized usersEPSS 0.2%CVE-2026-5296MEDIUMMissing Authorization in GitLabEPSS 0.2%CVE-2026-12955MEDIUMCookie Banner for GDPR / CCPA <= 4.3.6 - Missing Authorization to Authenticated (Subscriber+) Scan Schedule Modification via gcc_save_schedule_scan AJAX ActionEPSS 0.2%CVE-2025-14457LOWDrag and Drop Multiple File Upload for Contact Form 7 <= 1.3.9.2 - Missing Authorization to Unauthenticated File DeletionEPSS 0.2%CVE-2023-20955HIGHIn onPrepareOptionsMenu of AppInfoDashboardFragment.java, there is a possible way to bypass admin restrictions and uninstall applications foEPSS 0.2%CVE-2025-53910MEDIUMUnauthorized Channel Subscription Edit in Mattermost Confluence PluginEPSS 0.2%CVE-2026-9240MEDIUMColissimo Officiel : Méthodes de livraison pour WooCommerce <= 2.9.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Order Shipment Modification via lpc_order_affect AJAX actionEPSS 0.2%CVE-2025-10304MEDIUMEverest Backup – WordPress Cloud Backup, Migration, Restore & Cloning Plugin <= 2.3.8 - Missing Authorization to Unauthenticated Backup FailureEPSS 0.2%CVE-2026-30920HIGHOneUptime has broken access control in GitHub App installation flow that allows unauthorized project bindingEPSS 0.2%