Fallos del tipo CWE-862

6862 resultados
CVE-2026-0679MEDIUMFortis for WooCommerce <= 1.2.0 - Missing Authorization to Unauthenticated Arbitrary Order Status Update to Paid via 'wc-api' EndpointEPSS 0.3%CVE-2026-30968HIGHCoral Server has insufficient validation of agent identity for SSE connectionsEPSS 0.3%CVE-2025-14461MEDIUMXendit Payment <= 6.0.2 - Missing Authorization to Unauthenticated Arbitrary Order Status Update to PaidEPSS 0.3%CVE-2024-11852MEDIUMElement Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) <= 5.10.12 - Missing AuthorizationEPSS 0.3%CVE-2025-24577MEDIUMWordPress Poll Maker plugin <= 5.5.0 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2025-15390MEDIUMPHPGurukul Small CRM edit-user.php authorizationEPSS 0.3%CVE-2026-1004MEDIUMEssential Addons for Elementor <= 6.5.5 - Missing Authorization to Unauthenticated Sensitive Information ExposureEPSS 0.3%CVE-2024-34802MEDIUMWordPress AdFoxly plugin <= 1.8.5 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2025-42982HIGHInformation Disclosure in SAP GRC (AC Plugin)EPSS 0.3%CVE-2025-30896MEDIUMWordPress WP ERP plugin <= 1.13.4 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2024-1994MEDIUMImage Watermark <= 1.7.3 - Missing Authorization to Authenticated (Subscriber+) Watermark ModificationEPSS 0.3%CVE-2025-68007MEDIUMWordPress Event Espresso 4 Decaf plugin <= 5.0.37.decaf - Settings Change vulnerabilityEPSS 0.3%CVE-2025-58753MEDIUMcopyparty: Sharing a single file does not fully restrict access to other files in source folderEPSS 0.3%CVE-2025-25110MEDIUMWordPress Event Kikfyre plugin <= 2.1.8 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2026-59097MEDIUMTaiga < 6.10.2 - Unauthorized Due-Date Creation via API ViewsetsEPSS 0.3%CVE-2024-55996MEDIUMWordPress Payment gateway per Product for WooCommerce plugin <= 3.5.6 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2024-10853MEDIUMBuy one click WooCommerce <= 2.2.9 - Missing Authorization to Authenticated (Subscriber+) Order DeletionEPSS 0.3%CVE-2025-8796MEDIUMLitmusChaos Litmus Delete Request delete_project authorizationEPSS 0.3%CVE-2024-56236MEDIUMWordPress Hestia Nginx Cache plugin <= 2.4.0 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.3%CVE-2024-0893MEDIUMSchema App Structured Data <= 2.2.0 - Missing AuthorizationEPSS 0.3%