Fallos del tipo CWE-862

6858 resultados
CVE-2024-37123MEDIUMWordPress Ibtana – WordPress Website Builder plugin <= 1.2.3.3 - Broken Access Control vulnerabilityEPSS 0.4%CVE-2024-51651MEDIUMWordPress CubeWP Forms plugin <= 1.1.10 - Broken Access Control vulnerabilityEPSS 0.4%CVE-2023-6598MEDIUMSpeedyCache <= 1.1.3 - Missing Authorization to Plugin Options UpdateEPSS 0.4%CVE-2024-28004MEDIUMWordPress Colibri Page Builder plugin <= 1.0.248 - Broken Access Control vulnerabilityEPSS 0.4%CVE-2024-9223MEDIUMWPDash Notes <= 1.3.5 - Missing Authorization to Authenticated (Subscriber+) Sensitive Information ExposureEPSS 0.4%CVE-2025-6720MEDIUMVchasno Kasa <= 1.0.3 - Unauthenticated Log File ClearingEPSS 0.4%CVE-2025-39522MEDIUMWordPress Dynamic Post plugin <= 5.03 - Settings Change vulnerabilityEPSS 0.4%CVE-2024-8548HIGHKB Support – WordPress Help Desk and Knowledge Base <= 1.6.6 - Missing Authorization to Authenticated (Subscriber+) Multiple Administrator ActionsEPSS 0.4%CVE-2025-26373MEDIUMA CWE-862 "Missing Authorization" in maxprofile/users/routes.lua (user endpoint) in Q-Free MaxTime less than or equal to version 2.11.0 alloEPSS 0.4%CVE-2024-53826MEDIUMWordPress WPCasa plugin <= 1.2.13 - Insecure Direct Object References (IDOR) vulnerabilityEPSS 0.4%CVE-2026-1916HIGHWPGSI: Spreadsheet Integration <= 3.8.3 - Missing Authorization to Unauthenticated Arbitrary Post Creation and Deletion via Forged Base64 TokenEPSS 0.4%CVE-2023-47763MEDIUMWordPress WP Custom Admin Interface plugin <= 7.31 - Broken Access Control vulnerabilityEPSS 0.4%CVE-2023-4947MEDIUMWooCommerce EAN Payment Gateway < 6.1.0 - Missing Authorization to Authenticated (Contributor+) EAN UpdateEPSS 0.4%CVE-2024-53605HIGHIncorrect access control in the component content://com.handcent.messaging.provider.MessageProvider/ of Handcent NextSMS v10.9.9.7 allows atEPSS 0.4%CVE-2025-31539MEDIUMWordPress Cryptocurrency Widgets Pack plugin <= 2.0.1 - Broken Access Control vulnerabilityEPSS 0.4%CVE-2025-10212MEDIUMSiteAlert (Formerly WP Health) <= 1.9.8 - Missing Authorization to Unauthenticated Site Health Information ExposureEPSS 0.4%CVE-2026-4065MEDIUMSmart Slider 3 <= 3.5.1.33 - Missing Authorization to Authenticated (Contributor+) Slider Data Read and Image Record ManipulationEPSS 0.4%CVE-2023-37870HIGHWordPress WooCommerce Warranty Requests plugin <= 2.1.9 - Broken Access Control vulnerabilityEPSS 0.4%CVE-2024-54153LOWIn JetBrains YouTrack before 2024.3.51866 unauthenticated database backup download was possible via vulnerable query parameterEPSS 0.4%CVE-2024-35721MEDIUMWordPress Image Gallery plugin <= 1.4.5 - Broken Access Control vulnerabilityEPSS 0.4%