Fallos del tipo CWE-862
6850 resultadosCVE-2023-29431MEDIUMWordPress qTranslate X Cleanup and WPML Import plugin <= 3.0.1 - Broken Access Control vulnerabilityEPSS 0.4%CVE-2026-5387CRITICALAVEVA Pipeline Simulation Missing AuthorizationEPSS 0.4%CVE-2024-8074CRITICALSensetive Data Exposure in Nomysoft Informatics' NomysemEPSS 0.4%CVE-2024-8431MEDIUMPhoto Gallery, Images, Slider in Rbs Image Gallery <= 3.2.21 - Missing Authorization to Authenticated (Subscriber+) Private Gallery Title DisclosureEPSS 0.4%CVE-2025-23785MEDIUMWordPress AI Responsive Gallery Album plugin <= 1.4 - Broken Access Control vulnerabilityEPSS 0.4%CVE-2025-24693MEDIUMWordPress Advanced Notifications plugin <= 1.2.7 - Broken Access Control vulnerabilityEPSS 0.4%CVE-2024-31230MEDIUMWordPress ShortPixel Adaptive Images plugin <= 3.8.2 - Broken Access Control vulnerabilityEPSS 0.4%CVE-2026-27454MEDIUMDiscourse has check revision visibility on posts endpointEPSS 0.4%CVE-2025-2224MEDIUMDirectorist <= 8.2 - Missing Authorization to Unauthenticated Arbitrary Post PublishingEPSS 0.4%CVE-2025-24613MEDIUMWordPress FV Thoughtful Comments plugin <= 0.3.5 - Broken Access Control vulnerabilityEPSS 0.4%CVE-2024-10852MEDIUMBuy one click WooCommerce <= 2.2.9 - Missing Authorization to Authenticated (Subscriber+) Settings ExportEPSS 0.4%CVE-2024-32142MEDIUMWordPress Ovic Responsive WPBakery plugin <= 1.3.0 - Broken Access Control vulnerabilityEPSS 0.4%CVE-2023-39310MEDIUMWordPress Avada Builder plugin <= 3.11.1 - Authenticated Broken Access Control vulnerabilityEPSS 0.4%CVE-2024-49657HIGHWordPress 3D Work In Progress plugin <= 1.0.3 - Arbitrary File Deletion vulnerabilityEPSS 0.4%CVE-2023-44148MEDIUMWordPress Astra Bulk Edit plugin <= 1.2.7 - Broken Access Control vulnerabilityEPSS 0.4%CVE-2024-32515MEDIUMWordPress Mega Addons For Elementor plugin <= 1.8 - Broken Access Control vulnerabilityEPSS 0.4%CVE-2024-35663MEDIUMWordPress WP Translate plugin <= 5.3.0 - Broken Access Control vulnerabilityEPSS 0.4%CVE-2025-55741HIGHunopim/unopim allows unauthorized product deletion via mass-delete endpointEPSS 0.4%CVE-2026-45625CRITICALArcane: Missing admin authorization on git repository endpoints allows non-admin users to exfiltrate stored Git credentials and tamper with GitOps configsEPSS 0.4%CVE-2023-7068MEDIUMWooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels <= 4.3.0 - Missing Authorization to Order ExportEPSS 0.4%