Falhas do tipo CWE-862
6.842 resultadosCVE-2023-28990MEDIUMWordPress Viral Mag theme <= 1.0.9 - Authenticated Arbitrary Plugin Activation VulnerabilityEPSS 0.5%CVE-2025-30817MEDIUMWordPress Z Companion plugin <= 1.0.13 - Broken Access Control vulnerabilityEPSS 0.5%CVE-2023-6369MEDIUMExport WP Page to Static HTML/CSS <= 2.1.9 - Missing Authorization via Multiple AJAX ActionsEPSS 0.5%CVE-2023-4606HIGHAn authenticated XCC user with Read-Only permission can change a different user’s password through a crafted API command.
This affects ThEPSS 0.5%CVE-2023-27456MEDIUMWordPress Total theme <= 2.1.19 - Authenticated Arbitrary Plugin ActivationEPSS 0.5%CVE-2025-30809MEDIUMWordPress WordPress Contact Form, Drag and Drop Form Builder Plugin – Live Forms plugin <= 4.8.4 - Settings Change vulnerabilityEPSS 0.5%CVE-2025-30839MEDIUMWordPress Taxi Booking Manager for WooCommerce plugin <= 1.2.1 - Broken Access Control vulnerabilityEPSS 0.5%CVE-2023-4730MEDIUMLadiApp: Landing Page, PopupX, Marketing Automation, Affiliate Marketing… <= 4.3 - Missing Authorization via init_endpointEPSS 0.5%CVE-2026-4277CRITICALPrivilege abuse in GenericInlineModelAdminEPSS 0.5%CVE-2023-34009MEDIUMWordPress Social Media Share Buttons & Social Sharing Icons plugin <= 2.8.1 - Broken Access Control + CSRFEPSS 0.5%CVE-2023-25799HIGHWordPress Tutor LMS plugin <= 2.1.8 - Multiple Broken Access Control vulnerabilitiesEPSS 0.5%CVE-2021-24890HIGHScripts Organizer < 3.0 - Unauthenticated Arbitrary File UploadEPSS 0.5%CVE-2024-43431HIGHMoodle: idor in badges allows deletion of arbitrary badgesEPSS 0.5%CVE-2023-41848MEDIUMWordPress Carousel Slider plugin <= 2.2.2 - Broken Access Control vulnerabilityEPSS 0.5%CVE-2026-47100HIGHFunnel Builder for WooCommerce Checkout < 3.15.0.3 Missing Authorization via AJAXEPSS 0.5%CVE-2024-6180HIGHEventON <= 2.2.15 - Missing Authorization to Unauthenticated Stored Cross-Site Scripting and Plugin Settings UpdatesEPSS 0.5%CVE-2022-43427MEDIUMJenkins Compuware Topaz for Total Test Plugin 2.4.8 and earlier does not perform permission checks in several HTTP endpoints, allowing attacEPSS 0.5%CVE-2024-1688MEDIUMWoo Total Sales <= 3.1.4 - Missing Authorization to Unauthenticated Sales Report RetrievalEPSS 0.5%CVE-2024-49689MEDIUMWordPress HD Quiz – Save Results Light plugin <= 0.5 - Broken Access Control vulnerabilityEPSS 0.5%CVE-2024-38726HIGHWordPress Product Designer plugin <= 1.0.33 - Arbitrary Content Deletion vulnerabilityEPSS 0.5%