Falhas do tipo CWE-862

6.845 resultados
CVE-2024-43962MEDIUMWordPress LWS Affiliation plugin <= 2.3.4 - Broken Access Control vulnerabilityEPSS 0.4%CVE-2024-3520MEDIUMCountry State City Dropdown CF7 <= 2.7.1 - Missing AuthorizationEPSS 0.4%CVE-2023-35164MEDIUMUnauthorized users can manipulate a dashboard created by an administrator in DataEaseEPSS 0.4%CVE-2024-52416CRITICALWordPress Debug Tool plugin <= 2.2 - Remote Code Execution vulnerabilityEPSS 0.4%CVE-2024-3233MEDIUMIvory Search – WordPress Search Plugin <= 5.5.5 - Missing Authorization to Authenticated (Subscriber+) Index CreationEPSS 0.4%CVE-2024-33942MEDIUMWordPress Google Typography plugin <= 1.1.2 - Broken Access Control vulnerabilityEPSS 0.4%CVE-2025-2407CRITICALMissing Authentication & Authorization in Web-API allows adversary unrestricted accessEPSS 0.4%CVE-2023-48760HIGHWordPress JetElements For Elementor plugin <= 2.6.13 - Unauthenticated Broken Access Control vulnerabilityEPSS 0.4%CVE-2026-6145MEDIUMUser Registration & Membership <= 5.1.5 - Unauthenticated Missing Authorization to Admin Approval Bypass via 'action' ParameterEPSS 0.4%CVE-2023-41046MEDIUMVelocity execution without script rights in Xwiki platformEPSS 0.4%CVE-2023-46148HIGHWordPress Themify Ultra theme <= 7.3.5 - Authenticated Arbitrary Settings Change vulnerabilityEPSS 0.4%CVE-2026-41378HIGHOpenClaw < 2026.3.31 - Privilege Escalation to Remote Code Execution via Unrestricted node.event Agent DispatchEPSS 0.4%CVE-2024-1126MEDIUMEventPrime – Events Calendar, Bookings and Tickets <= 3.4.2 - Missing Authorization to Authenticated (Subscriber+) Attendee List RetrievalEPSS 0.4%CVE-2022-31592The application SAP Enterprise Extension Defense Forces & Public Security - versions 605, 606, 616,617,618, 802, 803, 804, 805, 806, does noEPSS 0.4%CVE-2024-37463MEDIUMWordPress CRM Perks Forms plugin <= 1.1.5 - Broken Access Control vulnerabilityEPSS 0.4%CVE-2024-3216MEDIUMWooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels <= 4.4.2 - Missing Authorization to Unauthenticated Settings ResetEPSS 0.4%CVE-2021-4447HIGHEssential Addons for Elementor <= 4.6.4 - Authenticated (Contributor+) Privilege EscalationEPSS 0.4%CVE-2024-43247HIGHWordPress WHMpress plugin <= 6.2-revision-5 - Subscriber+ Arbitrary Settings Change vulnerabilityEPSS 0.4%CVE-2023-41695LOWWordPress Analytify plugin <= 5.1.0 - Broken Access Control vulnerabilityEPSS 0.4%CVE-2025-62642MEDIUMThe Restaurant Brands International (RBI) assistant platform through 2025-09-06 has an "Anyone Can Join This Party" signup API that does notEPSS 0.4%