Falhas do tipo CWE-862

6.842 resultados
CVE-2023-30479MEDIUMWordPress Stamped.io Product Reviews & UGC for WooCommerce plugin <= 2.3.2 - Broken Access Control vulnerabilityEPSS 0.5%CVE-2023-24528MEDIUMSAP Fiori apps for Travel Management in SAP ERP (My Travel Requests) - version 600, allows an authenticated attacker to exploit a certain mEPSS 0.5%CVE-2022-45803MEDIUMWordPress Gutenberg Forms plugin <= 2.2.8.3 - Auth. Broken Access Control vulnerabilityEPSS 0.5%CVE-2023-36518MEDIUMWordPress Post Hit Counter plugin <= 1.3.2 - Broken Access ControlEPSS 0.5%CVE-2024-27911HIGHA vulnerability was reported in some Lenovo Printers that could allow an unauthenticated attacker to obtain the administrator password.EPSS 0.5%CVE-2023-38510HIGHTolgee Lacks Permission Check for API Key for some endpointsEPSS 0.5%CVE-2023-22728MEDIUMSilverstripe Framework has missing permission check of canView in GridFieldPrintButtonEPSS 0.5%CVE-2022-2450MEDIUMreSmush.it Image Optimizer < 0.4.4 - Subscriber+ AJAX CallsEPSS 0.5%CVE-2022-20572MEDIUMIn verity_target of dm-verity-target.c, there is a possible way to modify read-only files due to a missing permission check. This could leadEPSS 0.5%CVE-2024-43162MEDIUMWordPress Easy Digital Downloads plugin <= 3.2.12 - Broken Access Control vulnerabilityEPSS 0.5%CVE-2024-8102HIGHThe Ultimate WordPress Toolkit – WP Extended <= 3.0.8 - Authenticated (Subscriber+) Arbitrary Options UpdateEPSS 0.5%CVE-2024-43925MEDIUMWordPress Envira Gallery Lite plugin <= 1.8.14 - Broken Access Control vulnerabilityEPSS 0.5%CVE-2024-5130HIGHIncorrect Authorization in lunary-ai/lunaryEPSS 0.5%CVE-2023-2414MEDIUMOnline Booking & Scheduling Calendar for WordPress by vcita <= 4.4.6 - Missing Authorization to Settings Update and Arbitrary File UploadEPSS 0.5%CVE-2026-3098MEDIUMSmart Slider 3 <= 3.5.1.33 - Authenticated (Subscriber+) Arbitrary File Read via actionExportAllEPSS 0.5%CVE-2026-33638MEDIUMEch0 authenticated user-list exposed data via public `/api/allusers` endpointEPSS 0.5%CVE-2024-12171HIGHELEX WordPress HelpDesk & Customer Ticketing System <= 3.2.6 - Missing Authorization to Authenticated (Subscriber+) Privilege EscalationEPSS 0.5%CVE-2023-4943MEDIUMBEAR <= 1.1.3.3 - Missing Authorization to Product ManipulationEPSS 0.5%CVE-2020-36667MEDIUMJetBackup – WP Backup, Migrate & Restore <= 1.4.1 - Missing Authorization to Unauthorized Backup Location ChangeEPSS 0.5%CVE-2024-38777MEDIUMWordPress Titan Anti-spam & Security plugin <= 7.3.6 - Broken Access Control vulnerabilityEPSS 0.5%