Falhas do tipo CWE-862
6.850 resultadosCVE-2026-58168HIGHDeepTutor < 1.4.10 - Insecure Default Grants Unrestricted MCP Tool Access to Non-Admin UsersEPSS 0.4%CVE-2023-41651MEDIUMWordPress Multi-column Tag Map plugin <= 17.0.26 - Broken Access Control vulnerabilityEPSS 0.4%CVE-2024-22156MEDIUMWordPress SalesKing plugin <= 1.6.15 - Unauthenticated Plugin Settings Change vulnerabilityEPSS 0.4%CVE-2024-54384MEDIUMWordPress Falcon – WordPress Optimizations & Tweaks plugin <= 2.8.3 - Broken Access Control vulnerabilityEPSS 0.4%CVE-2024-8513MEDIUMQA Analytics <= 4.1.1.1 - Missing Authorization to Unauthenticated Settings UpdateEPSS 0.4%CVE-2025-12158CRITICALSimple User Capabilities <= 1.0 - Missing Authorization to Authenticated (Subscriber+) Privilege EscalationEPSS 0.4%CVE-2026-1937HIGHYayMail <= 4.3.2 - Missing Authorization to Authenticated (Shop Manager+) Arbitrary Options Update via 'yaymail_import_state' AJAX ActionEPSS 0.4%CVE-2024-12881HIGHPlugVersions – Easily rollback to previous versions of your plugins <= 0.0.7 - Missing Authorization to Authenticated (Subscriber+) Arbitrary File CreationEPSS 0.4%CVE-2023-4024MEDIUMRadio Player <= 2.0.73 - Missing Authorization to Player DeletionEPSS 0.4%CVE-2022-3096MEDIUMWP Total Hacks <= 4.7.2 - Subscriber+ Arbitrary Options Update to Stored XSSEPSS 0.4%CVE-2024-1798MEDIUMTutor LMS – Migration Tool <= 2.2.0 - Missing Authorization in tutor_lp_export_xmlEPSS 0.4%CVE-2025-1402MEDIUMEvent Tickets and Registration <= 5.19.1.1 - Missing Authorization to Ticket DeletionEPSS 0.4%CVE-2022-47594MEDIUMWordPress Essential Blocks for Gutenberg plugin <= 3.8.5 - Broken Access ControlEPSS 0.4%CVE-2024-1123MEDIUMEventPrime – Events Calendar, Bookings and Tickets <= 3.4.2 - Missing Authorization to Arbitrary Post OverwriteEPSS 0.4%CVE-2026-48592MEDIUMMissing authorization check on save-job event handler in oban_webEPSS 0.4%CVE-2023-32129MEDIUMWordPress Editorialmag theme <= 1.1.9 - Authenticated Arbitrary Plugin ActivationEPSS 0.4%CVE-2024-54155LOWIn JetBrains YouTrack before 2024.3.51866 improper access control allowed listing of project names during app import without authenticationEPSS 0.4%CVE-2024-51660MEDIUMWordPress Easy Accordion Gutenberg Block plugin <= 1.2.3 - Broken Access Control vulnerabilityEPSS 0.4%CVE-2023-4027MEDIUMRadio Player <= 2.0.73 - Missing Authorization to Settings UpdateEPSS 0.4%CVE-2023-4025MEDIUMRadio Player <= 2.0.73 - Missing Authorization to Player UpdateEPSS 0.4%