Fallos del tipo CWE-862
6860 resultadosCVE-2025-13864MEDIUMBreeze – WordPress Cache Plugin <= 2.2.21 - Missing Authorization to Cache DeletionEPSS 0.4%CVE-2024-7030MEDIUMSmart Online Order for Clover <= 1.5.6 - Missing Authorization to Authenticated (Subscriber+) Plugin Data UpdateEPSS 0.4%CVE-2025-43720MEDIUMHeadwind MDM before 5.33.1 makes configuration details accessible to unauthorized users. The Configuration profile is exposed to the ObserveEPSS 0.4%CVE-2026-46614CRITICALFission router exposes /fission-function/<ns>/<name> on its public listener, allowing invocation of any function without an HTTPTriggerEPSS 0.4%CVE-2025-13498MEDIUMDownload Manager <= 3.3.32 - Missing Authorization to Authenticated (Subscriber+) Media Attachment Password DisclosureEPSS 0.4%CVE-2026-39515MEDIUMWordPress Motors plugin < 1.4.107 - Broken Access Control vulnerabilityEPSS 0.4%CVE-2026-3431CRITICALSim Studio AI - MongoDB SSRF and Arbitrary Document DeletionEPSS 0.4%CVE-2025-49988MEDIUMWordPress Contact Form 7 AWeber Extension plugin <= 0.1.40 - Broken Access Control vulnerabilityEPSS 0.4%CVE-2023-47694MEDIUMWordPress Mini Cart Drawer For WooCommerce plugin <= 4.0.0 - Broken Access Control vulnerabilityEPSS 0.4%CVE-2026-41014MEDIUMApache Airflow: per-DAG RBAC bypass on /ui/partitioned_dag_runs endpointsEPSS 0.4%CVE-2025-26370HIGHA CWE-862 "Missing Authorization" in maxprofile/user-groups/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authEPSS 0.4%CVE-2024-37095MEDIUMWordPress Envira Photo Gallery plugin <= 1.8.7.3 - CSRF leading to notice dismissal vulnerabilityEPSS 0.4%CVE-2024-5654MEDIUMCF7 Google Sheets Connector <= 5.0.9 - Missing Authorization to Limited Site Configuration UpdateEPSS 0.4%CVE-2025-31678HIGHAI (Artificial Intelligence) - Moderately critical - Access bypass, Information Disclosure - SA-CONTRIB-2025-004EPSS 0.4%CVE-2026-24607MEDIUMWordPress Travel Monster theme <= 1.3.3 - Broken Access Control vulnerabilityEPSS 0.4%CVE-2026-12093MEDIUMSimple Membership <= 4.7.5 - Missing Authorization to Unauthenticated Arbitrary Member Account Deactivation via Forged Stripe 'charge.refunded' WebhookEPSS 0.4%CVE-2026-39433MEDIUMWordPress WPAMS plugin < 49.5.3 - Arbitrary Content Deletion vulnerabilityEPSS 0.4%CVE-2025-15068HIGHAccount Takeover in Gmission Web FAXEPSS 0.4%CVE-2025-10871LOWMissing Authorization in GitLabEPSS 0.4%CVE-2024-35662MEDIUMWordPress Simple COD Fees for WooCommerce plugin <= 2.0.2 - Broken Access Control vulnerabilityEPSS 0.4%