Fallos del tipo CWE-862

6851 resultados
CVE-2024-1041MEDIUMWP Radio – Worldwide Online Radio Stations Directory for WordPress <= 3.1.9 - Authenticated(Subscriber+) Stored Cross-Site Scripting via SettingsEPSS 0.4%CVE-2024-56276MEDIUMWordPress WPForms Lite plugin <= 1.9.2.2 - Broken Access Control vulnerabilityEPSS 0.4%CVE-2025-26883MEDIUMWordPress Animated Text Block plugin <= 1.0.7 - Broken Access Control vulnerabilityEPSS 0.4%CVE-2024-10580MEDIUMHustle – Email Marketing, Lead Generation, Optins, Popups <= 7.8.5 - Missing Authorization to Unauthorized Form SubmissionEPSS 0.4%CVE-2024-9065MEDIUMWP Helper Premium <= 4.6.1 - Missing Authorization in whp_smtp_send_mail_testEPSS 0.4%CVE-2026-2515MEDIUMHostinger Reach <= 1.3.8 - Missing Authorization to Authenticated (Subscriber+) Integration API Key UpdateEPSS 0.4%CVE-2024-43312MEDIUMWordPress WPC Frequently Bought Together for WooCommerce plugin <= 7.1.9 - Broken Access Control vulnerabilityEPSS 0.4%CVE-2024-2476MEDIUMOceanWP <= 3.5.4 - Missing Authorization to Sensitive Information Exposure via Limited Local File InclusionEPSS 0.4%CVE-2024-5703MEDIUMIcegram Express - Email Subscribers, Newsletters and Marketing Automation Plugin <= 5.7.26 - Missing AuthorizationEPSS 0.4%CVE-2024-10861MEDIUMPopup Box – Create Countdown, Coupon, Video, Contact Form Popups <= 4.9.7 - Missing Authorization to Unauthenticated Limited Options UpdateEPSS 0.4%CVE-2024-43928MEDIUMWordPress JobSearch WP Job Board WordPress Plugin plugin <= 2.5.4 - Broken Access Control vulnerabilityEPSS 0.4%CVE-2026-3524HIGHAuthorization Bypass in Mattermost Legal Hold Plugin Due to Missing Return After Permission CheckEPSS 0.4%CVE-2025-6814HIGHBooking X 1.0 - 1.1.2 - Missing Authorization to Unauthenticated Sensitive Information Disclosure via export_now() FunctionEPSS 0.4%CVE-2023-6325MEDIUMRomethemeForm For Elementor <= 1.1.5 - Missing Authorization via export_entries, rtformnewform, and rtformupdateEPSS 0.4%CVE-2023-33992MEDIUMMissing Authorization Check in SAP Business Warehouse and SAP BW/4HANAEPSS 0.4%CVE-2024-6491MEDIUMGetwid – Gutenberg Blocks <= 2.0.10 - Missing Authentication to MailChimp API key updateEPSS 0.4%CVE-2022-3320MEDIUMBypassing Cloudflare Zero Trust policies using warp-cli set-custom-endpoint commandEPSS 0.4%CVE-2024-1860MEDIUMDisable Json API, Login Lockdown, XMLRPC, Pingback, Stop User Enumeration Anti Hacker Scan <= 4.51 - Missing Authorization to Unauthenticated IP Address WhitelistEPSS 0.4%CVE-2024-9195HIGHWHMPress - WHMCS Client Area <= 4.3-revision-3- Authenticated (Subscriber+) Arbitrary Options UpdateEPSS 0.4%CVE-2024-11840HIGHRapidLoad – Optimize Web Vitals Automatically <= 2.4.2 - Missing Authorization to Authenticated (Subscriber+) Plugin Settings Modification and SQL InjectionEPSS 0.4%