Fallos del tipo CWE-862

6859 resultados
CVE-2023-48280HIGHWordPress Consensu.io plugin <= 1.0.1 - Broken Access Control vulnerabilityEPSS 0.4%CVE-2023-47557MEDIUMWordPress Visitor Traffic Real Time Statistics plugin <= 7.2 - Broken Access Control vulnerabilityEPSS 0.4%CVE-2026-33160LOWCraft CMS: Anonymous "generate transform" calls for assets can expose private assets via transform URLEPSS 0.4%CVE-2025-6813HIGHaapanel WP Toolkit 1.0 - 1.1 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation via auto_login() FunctionEPSS 0.4%CVE-2025-22265MEDIUMWordPress EMI Calculator plugin <= 1.1 - Settings Change vulnerabilityEPSS 0.4%CVE-2024-48045MEDIUMWordPress Happy Elementor Addons plugin <= 3.12.3 - Broken Access Control vulnerabilityEPSS 0.4%CVE-2026-42809CRITICALApache Polaris: staged table creation could vend storage credentials for unvalidated locationsEPSS 0.4%CVE-2023-51495MEDIUMWordPress WooCommerce Warranty Requests plugin <= 2.2.7 - Broken Access Control vulnerabilityEPSS 0.4%CVE-2024-5784HIGHTutor LMS Pro <= 2.7.2 - Missing Authorization to Authenticated (Subscriber+) Insecure Direct Object ReferenceEPSS 0.4%CVE-2026-0490HIGHDenial of service (DOS) in SAP BusinessObjects BI PlatformEPSS 0.4%CVE-2024-13423MEDIUMSparkling <= 2.4.9 - Missing Authorization to Unauthenticated Arbitrary Plugin Activation/DeactivationEPSS 0.4%CVE-2024-32805MEDIUMWordPress Social Snap plugin <= 1.3.5 - Broken Access Control vulnerabilityEPSS 0.4%CVE-2024-44006MEDIUMWordPress WooCommerce Multilingual & Multicurrency plugin <= 5.3.7 - Broken Access Control vulnerabilityEPSS 0.4%CVE-2024-6332MEDIUMBooking for Appointments and Events Calendar – Amelia Premium <= 7.7 and Lite <= 1.2.4 - Missing Authorization to Sensitive Information ExposureEPSS 0.4%CVE-2024-50455MEDIUMWordPress SEOPress plugin <= 8.1.1 - Broken Access Control vulnerabilityEPSS 0.4%CVE-2025-26975MEDIUMWordPress Strong Testimonials plugin <= 3.2.3 - Broken Access Control vulnerabilityEPSS 0.4%CVE-2024-53825MEDIUMWordPress FileBird Lite plugin <= 6.3.2 - Broken Access Control vulnerabilityEPSS 0.4%CVE-2026-57520HIGHBitwarden Server < 2026.5.0 Privilege Escalation via Bulk User Remove EndpointEPSS 0.4%CVE-2025-68019MEDIUMWordPress SEO Booster plugin <= 6.1.8 - Broken Access Control vulnerabilityEPSS 0.4%CVE-2024-9364MEDIUMSendGrid for WordPress <= 1.4 - Missing Authorization to Authenticated (Subscriber+) Log DeletionEPSS 0.4%