Fallos del tipo CWE-862

6851 resultados
CVE-2023-40213MEDIUMWordPress Justified Gallery plugin <= 1.7.3 - Broken Access Control vulnerabilityEPSS 0.4%CVE-2024-2619MEDIUMElementor Header & Footer Builder <= 1.6.26 - Authenticated (Author+) HTML InjectionEPSS 0.4%CVE-2024-12184MEDIUMWordPress Contact Forms by Cimatti <= 1.9.4 - Missing Authorization to Unauthenticated Form Submission DownloadEPSS 0.4%CVE-2026-2001HIGHWowRevenue <= 2.1.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Installation/ActivationEPSS 0.4%CVE-2024-3915MEDIUMSwift Framework <= 2.7.31 - Missing Authorization to Unauthenticated Arbitrary Content UpdateEPSS 0.4%CVE-2025-32234MEDIUMWordPress AdMail plugin <= 1.7.0 - Broken Access Control vulnerabilityEPSS 0.4%CVE-2023-38477MEDIUMWordPress QR code MeCard/vCard generator plugin <= 1.6.0 - Broken Access Control vulnerabilityEPSS 0.4%CVE-2023-40331MEDIUMWordPress Accordion Slider plugin <= 1.9.6 - Broken Access Control vulnerabilityEPSS 0.4%CVE-2024-4163HIGHPrivilege Escalation on Skylab IIoT Gateway (IGX)EPSS 0.4%CVE-2023-4895MEDIUMMissing Authorization in GitLabEPSS 0.4%CVE-2024-32146MEDIUMWordPress Aspose.Words – Import and Export word documents plugin <= 6.3.1 - Broken Access Control vulnerabilityEPSS 0.4%CVE-2025-70983CRITICALIncorrect access control in the authRoutes function of SpringBlade v4.5.0 allows attackers with low-level privileges to escalate privileges.EPSS 0.4%CVE-2024-33573MEDIUMWordPress EPROLO Dropshipping plugin <= 1.7.1 - Broken Access Control vulnerabilityEPSS 0.4%CVE-2026-39397CRITICAL@delmaredigital/payload-puc is missing authorization on /api/puck/* CRUD endpoints allows unauthenticated access to Puck-registered collectionsEPSS 0.4%CVE-2023-37885MEDIUMWordPress RealHomes theme <= 4.0.2 - Broken Access Control vulnerabilityEPSS 0.4%CVE-2025-14172MEDIUMWP Page Permalink Extension <= 1.5.4 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Rewrite Rules FlushEPSS 0.4%CVE-2024-43146MEDIUMWordPress Accelerated Mobile Pages plugin <= 1.0.96.1 - Broken Access Control vulnerabilityEPSS 0.4%CVE-2024-43285MEDIUMWordPress Presto Player plugin <= 3.0.2 - Broken Access Control vulnerabilityEPSS 0.4%CVE-2024-31248MEDIUMWordPress All-in-One Video Gallery plugin <= 3.5.2 - Broken Access Control vulnerabilityEPSS 0.4%CVE-2024-33574MEDIUMWordPress Vitepos plugin <= 3.0.1 - Broken Access Control vulnerabilityEPSS 0.4%