Fallos del tipo CWE-862
6860 resultadosCVE-2025-32624HIGHWordPress Czater.pl – live chat i telefon plugin <= 1.0.5 - CSRF to Stored Cross Site Scripting (XSS) vulnerabilityEPSS 0.4%CVE-2024-39625MEDIUMWordPress Icegram Engage plugin <= 3.1.24 - Unauthenticated Message Duplication VulnerabilityEPSS 0.4%CVE-2023-45658HIGHWordPress Nexter theme <= 2.0.3 - Broken Access Control vulnerabilityEPSS 0.4%CVE-2024-37276MEDIUMWordPress Featured Image from URL (FIFU) plugin <= 4.8.1 - Broken Access Control vulnerabilityEPSS 0.4%CVE-2025-22289MEDIUMWordPress LTL Freight Quotes – Unishippers Edition plugin <= 2.5.8 - Broken Access Control vulnerabilityEPSS 0.4%CVE-2023-27428MEDIUMWordPress WP users media plugin <= 4.2.3 - Broken Access Control vulnerabilityEPSS 0.4%CVE-2026-1321HIGHMembership Plugin – Restrict Content <= 3.2.20 - Unauthenticated Privilege Escalation via 'rcp_level'EPSS 0.4%CVE-2025-14901MEDIUMBit Form – Contact Form Plugin <= 2.21.6 - Missing Authorization to Unauthenticated Workflow ReplayEPSS 0.4%CVE-2023-29239MEDIUMWordPress LuckyWP Scripts Control plugin <= 1.2.1 - Broken Access Control vulnerabilityEPSS 0.4%CVE-2024-30512LOWWordPress weForms plugin <= 1.6.20 - Broken Access Control vulnerabilityEPSS 0.4%CVE-2024-39654MEDIUMWordPress Sign-up Sheets plugin <= 2.2.12 - Broken Access Control vulnerabilityEPSS 0.4%CVE-2024-46450HIGHIncorrect access control in Tenda AC1200 Smart Dual-Band WiFi Router Model AC6 v2.0 Firmware v15.03.06.50 allows attackers to bypass authentEPSS 0.3%CVE-2024-8369MEDIUMEventPrime <= 4.0.4.3 - Missing Authorization to Unauthenticated Private or Password-Protected Events DisclosureEPSS 0.3%CVE-2025-6721MEDIUMVchasno Kasa <= 1.0.3 - Missing Authorization to Unauthenticated Invoice GenerationEPSS 0.3%CVE-2024-1324MEDIUMQQWorld Auto Save Images <= 1.9.8 - Missing Authorization to Arbitrary Post Content RetrievalEPSS 0.3%CVE-2025-9054CRITICALMultiLoca - WooCommerce Multi Locations Inventory Management <= 4.2.8 - Missing Authorization to Unauthenticated Arbitrary Options Update via 'wcmlim_settings_ajax_handler'EPSS 0.3%CVE-2023-6007HIGHUserPro <= 5.1.1 - Missing Authorization via multiple functionsEPSS 0.3%CVE-2024-12821HIGHMedia Manager for UserPro <= 3.12.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options UpdateEPSS 0.3%CVE-2022-3538MEDIUMWebmaster Tools Verification <= 1.2 - Unauthenticated Arbitrary Plugin DeactivationEPSS 0.3%CVE-2023-6504MEDIUMProfile Builder <= 3.10.7 - Insecure Direct Object Reference to Sensitive Information Exposure via user_meta ShortcodeEPSS 0.3%