Fallos del tipo CWE-639
1564 resultadosCVE-2024-11275MEDIUMWP Timetics- AI-powered Appointment Booking Calendar and Online Scheduling Plugin <= 1.0.27 - Missing Authorization to Authenticated (Subscriber+) Arbitrary User DeletionEPSS 0.3%CVE-2025-7013MEDIUMIDOR in QRMenumPro's Menu PanelEPSS 0.3%CVE-2026-3306MEDIUMImproper authorization in GitHub Projects allows modification of issue and pull request metadata without repository write accessEPSS 0.3%CVE-2025-61779HIGHTrustee's attestation-policy endpoint is not protected by admin autenticationEPSS 0.3%CVE-2026-29189HIGHSuiteCRM has a REST API V8 IDOR: Missing ACL Checks on User Preferences and Relationship EndpointsEPSS 0.3%CVE-2026-44207MEDIUMFrappe: Insecure Direct Object Reference for email accountsEPSS 0.3%CVE-2025-10759MEDIUMWebkul QloApps CSRF Token authorizationEPSS 0.3%CVE-2024-13841MEDIUMBuilder Shortcode Extras – WordPress Shortcodes Collection to Save You Time <= 1.0.0 - Authenticated (Contributor+) Post DisclosureEPSS 0.3%CVE-2024-10689MEDIUMXLTab – Accordions and Tabs for Elementor Page Builder <= 1.4 - Authenticated (Contributor+) Post DisclosureEPSS 0.3%CVE-2026-29204CRITICALInsufficient ownership check in `clientarea.php` allows an authenticated client area user to submit requests using another user’s `addonId` EPSS 0.3%CVE-2026-40127MEDIUMAuthorization Bypass Through User-Controlled Key in OutSystems LifetimeEPSS 0.3%CVE-2026-23754HIGHD-Link D-View 8 IDOR Allows Credential Disclosure and Account TakeoverEPSS 0.3%CVE-2024-31296MEDIUMWordPress BookingPress plugin <= 1.0.81 - Insecure Direct Object References (IDOR) vulnerabilityEPSS 0.3%CVE-2026-2028MEDIUMMaxi Blocks <= 2.1.8 - Missing Authorization to Authenticated (Author+) Media File Deletion via 'old_media_src' ParameterEPSS 0.3%CVE-2026-1213MEDIUMAskbot 0.12.2 - Insecure Direct Object Reference (IDOR)EPSS 0.3%CVE-2024-10795MEDIUMPopularis Extra <= 1.2.7 - Authenticated (Contributor+) Post DisclosureEPSS 0.3%CVE-2025-11321MEDIUMzhuimengshaonian wisdom-education WrongBookController.java authorizationEPSS 0.3%CVE-2024-11146MEDIUMTrueFiling authorization bypass via user-controlled keysEPSS 0.3%CVE-2022-3459MEDIUMWooCommerce Multiple Free Gift <= 1.2.3 - Insufficient Server-Side Validation to Arbitrary Gift AddingEPSS 0.3%CVE-2025-14996CRITICALAS Password Field In Default Registration Form <= 2.0.0 - Unauthenticated Privilege Escalation via Account TakeoverEPSS 0.3%