Fallos del tipo CWE-862

6854 resultados
CVE-2024-34799MEDIUMWordPress BookingPress plugin <= 1.0.82 - Appointment Duration Manipulation vulnerabilityEPSS 0.4%CVE-2024-21630MEDIUMZulip non-admins can invite new users to streams they would not otherwise be able to add existing users toEPSS 0.4%CVE-2024-50424MEDIUMWordPress Templately plugin <= 3.1.5 - Broken Access Control vulnerabilityEPSS 0.4%CVE-2024-10854MEDIUMBuy one click WooCommerce <= 2.2.9 - Missing Authorization to Authenticated (Subscriber+) Settings ImportEPSS 0.4%CVE-2026-3642MEDIUMe-shot <= 1.0.2 - Missing Authorization to Authenticated (Subscriber+) Form Settings Modification via AJAXEPSS 0.4%CVE-2025-31854MEDIUMWordPress Simple Sticky Add To Cart For WooCommerce plugin <= 1.4.9 - Broken Access Control vulnerabilityEPSS 0.4%CVE-2025-31628MEDIUMWordPress Sliced Invoices plugin <= 3.10.0 - Insecure Direct Object References (IDOR) vulnerabilityEPSS 0.4%CVE-2025-31866MEDIUMWordPress ShipDepot for WooCommerce plugin <= 1.2.19 - Broken Access Control vulnerabilityEPSS 0.4%CVE-2024-11125MEDIUMGetSimpleCMS profile.php cross-site request forgeryEPSS 0.4%CVE-2023-47661MEDIUMWordPress Dragfy Addons for Elementor plugin <= 1.0.2 - Broken Access Control + CSRF vulnerabilityEPSS 0.4%CVE-2024-35674MEDIUMWordPress Unlimited Elements For Elementor plugin <= 1.5.109 - Broken Access Control vulnerabilityEPSS 0.4%CVE-2024-12018MEDIUMSnippet Shortcodes <= 4.1.6 - Authenticated (Subscriber+) Shortcode DeletionEPSS 0.4%CVE-2024-34763MEDIUMWordPress Builder for WooCommerce reviews shortcodes – ReviewShort plugin <= 1.01.5 - Broken Access Control vulnerabilityEPSS 0.4%CVE-2024-1687MEDIUMThank You Page Customizer for WooCommerce – Increase Your Sales <= 1.1.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Shortcode ExecutionEPSS 0.4%CVE-2026-13468HIGHVisualizer <= 4.0.3 - Missing Authorization to Unauthenticated Sensitive Information Disclosure via /visualizer/v1/action/{chart}/{type}/ REST EndpointEPSS 0.4%CVE-2026-29789CRITICALVito: Cross-project privilege escalation in workflow site-creation actions allows unauthorized server modificationEPSS 0.4%CVE-2023-52233HIGHWordPress POST SMTP Mailer plugin <= 2.8.6 - Broken Access Control on API vulnerabilityEPSS 0.4%CVE-2025-28938MEDIUMWordPress WP Performance Pack plugin <= 2.5.3 - Broken Access Control vulnerabilityEPSS 0.4%CVE-2024-5318MEDIUMMissing Authorization in GitLabEPSS 0.4%CVE-2025-24607MEDIUMWordPress IdeaPush plugin <= 8.71 - Broken Access Control vulnerabilityEPSS 0.4%