Fallos del tipo CWE-862
6851 resultadosCVE-2023-44148MEDIUMWordPress Astra Bulk Edit plugin <= 1.2.7 - Broken Access Control vulnerabilityEPSS 0.4%CVE-2024-33547HIGHWordPress WZone plugin <= 14.0.10 - Site Wide Broken Access Control vulnerabilityEPSS 0.4%CVE-2026-12407HIGHE2Pdf <= 1.32.26 - Missing Authorization to Authenticated (Custom+) Arbitrary Option Update / Privilege Escalation via 'screen_action' ParameterEPSS 0.4%CVE-2023-7068MEDIUMWooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels <= 4.3.0 - Missing Authorization to Order ExportEPSS 0.4%CVE-2023-31080HIGHWordPress Unlimited Elements For Elementor plugin <= 1.5.65 - Multiple Broken Access Control vulnerabilityEPSS 0.4%CVE-2022-2987HIGHLdap WP Login / Active Directory Integration < 3.0.2 - Unauthenticated Settings Update to Auth BypassEPSS 0.4%CVE-2026-31241MEDIUMThe mem0 1.0.0 server lacks authentication and authorization controls for its memory deletion API endpoint (DELETE /memories). The endpoint EPSS 0.4%CVE-2024-55998MEDIUMWordPress Popup Surveys & Polls for WordPress (Mare.io) plugin <= 1.36 - Settings Change vulnerabilityEPSS 0.4%CVE-2024-55992MEDIUMWordPress WooCommerce Basic Ordernumbers plugin <= 1.4.4 - Broken Access Control vulnerabilityEPSS 0.4%CVE-2024-31352MEDIUMWordPress Icegram Express plugin <= 5.7.13 - Broken Access Control vulnerabilityEPSS 0.4%CVE-2024-56273MEDIUMWordPress WPvivid Backup plugin <= 0.9.106 - Broken Access Control vulnerabilityEPSS 0.4%CVE-2023-2284MEDIUMWP Activity Log Premium <= 4.5.0 - Missing Authorization via ajax_switch_dbEPSS 0.4%CVE-2025-13772HIGHMissing Authorization in GitLabEPSS 0.4%CVE-2024-1779MEDIUMAdmin side data storage for Contact Form 7 plugin <= 1.1.1 - Missing Authorization to Unauthenticated Read Status UpdateEPSS 0.4%CVE-2024-9109MEDIUMUPS Live Rates and Access Points <= 2.3.12 - Missing Authorization to Plugin API key resetEPSS 0.4%CVE-2024-34804MEDIUMWordPress Tagembed plugin <= 5.8 - Broken Access Control vulnerabilityEPSS 0.4%CVE-2023-1928MEDIUMWP Fastest Cache <= 1.1.2 - Missing Authorization in 'wpfc_preload_single_callback'EPSS 0.4%CVE-2024-13370MEDIUMYouzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress <= 1.3.3 - Missing Authorization to Authenticated (Subscriber+) Limited Options Update (save_addon_key_license)EPSS 0.4%CVE-2022-3244MEDIUMImport all XML, CSV & TXT into WordPress < 6.5.8 - Missing AuthorisationEPSS 0.4%CVE-2024-56004MEDIUMWordPress Easy Site Importer plugin <= 1.0.1 - Settings Change vulnerabilityEPSS 0.4%