Falhas do tipo CWE-862

6.844 resultados
CVE-2023-47805MEDIUMWordPress WPCafe plugin <= 2.2.22 - Broken Access Control vulnerabilityEPSS 0.5%CVE-2024-13653HIGHZoxPress - The All-In-One WordPress News Theme <= 2.12.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options UpdateEPSS 0.5%CVE-2024-13752MEDIUMWP Project Manager <= 2.6.17 - Missing Authorization to Authenticated (Subscriber+) Limited Arbitrary Options UpdateEPSS 0.5%CVE-2023-41849MEDIUMWordPress Posts Like Dislike plugin <= 1.1.0 - Broken Access Control vulnerabilityEPSS 0.5%CVE-2023-50882MEDIUMWordPress ProfilePress plugin <= 4.13.2 - Broken Access Control vulnerabilityEPSS 0.5%CVE-2023-40003MEDIUMWordPress WP Project Manager plugin <= 2.6.7 - Broken Access Control vulnerabilityEPSS 0.5%CVE-2026-57518HIGHPagekit CMS 1.0.18 Privilege Escalation via UserApiControllerEPSS 0.5%CVE-2023-4941MEDIUMBEAR <= 1.1.3.3 - Missing Authorization to Product ManipulationEPSS 0.5%CVE-2026-25752CRITICALFUXA Unauthenticated Remote Arbitrary Device Tag WriteEPSS 0.5%CVE-2024-43979MEDIUMWordPress Blockbooster theme <= 1.0.10 - Broken Access Control vulnerabilityEPSS 0.5%CVE-2023-25791MEDIUMWordPress Fontiran plugin <= 2.1 - Broken Access Control vulnerabilityEPSS 0.5%CVE-2023-24407MEDIUMWordPress Booking calendar, Appointment Booking System plugin <= 3.2.3 - Broken Access Control vulnerabilityEPSS 0.5%CVE-2024-30477MEDIUMWordPress Klarna Payments for WooCommerce plugin <= 3.2.4 - Broken Access Control vulnerabilityEPSS 0.5%CVE-2023-6600HIGHOMGF | GDPR/DSGVO Compliant, Faster Google Fonts. Easy. <= 5.7.9 - Missing Authorization to Unauthenticated Directory Deletion and Cross-Site ScriptingEPSS 0.5%CVE-2024-12922CRITICALAltair <= 5.2.4 - Unauthenticated Arbitrary Options Update via pp_import_currentEPSS 0.5%CVE-2022-2543Visual Portfolio < 2.18.0 - Unauthenticated CSS InjectionEPSS 0.5%CVE-2023-33994MEDIUMWordPress Slimstat Analytics plugin <= 5.0.5.1 - Broken Access Control vulnerabilityEPSS 0.5%CVE-2025-3746CRITICALOTP-less one tap Sign in 2.0.14 - 2.0.59 - Unauthenticated Arbitrary Email Update to Account Takeover/Privilege EscalationEPSS 0.5%CVE-2024-53816MEDIUMWordPress Tutor LMS Elementor Addons plugin <= 2.1.5 - Broken Access Control vulnerabilityEPSS 0.5%CVE-2025-21514MEDIUMVulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Web Runtime SEC). Supported versions that are EPSS 0.5%