Fallos del tipo CWE-862
6864 resultadosCVE-2025-52731HIGHWordPress WordPress Event Manager, Event Calendar and Booking Plugin Plugin <= 4.0.24 - Arbitrary Content Deletion VulnerabilityEPSS 0.3%CVE-2026-45667MEDIUMOpen WebUI: Unauthenticated endpoint can trigger embedding generation (cost/DoS)EPSS 0.3%CVE-2025-60106MEDIUMWordPress EmailKit Plugin <= 1.6.0 - Arbitrary Content Deletion VulnerabilityEPSS 0.3%CVE-2024-4205MEDIUMPremium Addons for Elementor <= 4.10.31 - Missing Authorization to Information DisclosureEPSS 0.3%CVE-2025-55734MEDIUMflaskBlo Authorization BypassEPSS 0.3%CVE-2026-7525MEDIUMMy Calendar <= 3.7.9 - Authenticated (Custom+) Missing Authorization to Unauthorized Event Publication via 'event_approved' ParameterEPSS 0.3%CVE-2025-13620MEDIUMWp Social Login and Register Social Counter <= 3.1.3 - Missing Authorization in Cache REST Endpoints to Social Counter TamperingEPSS 0.3%CVE-2024-13637MEDIUMDemo Awesome <= 1.0.3 - Missing Authorization to Authenticated (Subscriber+) Plugin ActivationEPSS 0.3%CVE-2025-59828HIGHClaude Code Vulnerable to Arbitrary Code Execution via Plugin Autoloading with Specific Yarn VersionsEPSS 0.3%CVE-2025-54692HIGHWordPress Membership For WooCommerce Plugin <= 2.9.0 - Broken Access Control VulnerabilityEPSS 0.3%CVE-2024-3664MEDIUMQuick Featured Images <= 13.7.0 - Missing Authorization to Authenticated (Contributor+) Arbitrary Thumbnail Deletion/SettingEPSS 0.3%CVE-2025-31881MEDIUMWordPress Pearl plugin <= 1.3.9 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2025-22670MEDIUMWordPress VikBooking Hotel Booking Engine & PMS plugin <= 1.7.2 - CSRF to Settings Change vulnerabilityEPSS 0.3%CVE-2025-22668MEDIUMWordPress Awesome Event Booking plugin <= 2.7.2 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2026-57669MEDIUMWordPress Advanced Contact form 7 DB plugin <= 2.0.9 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2024-12266MEDIUMELEX WooCommerce Dynamic Pricing and Discounts <= 2.1.7 - Missing AuthorizationEPSS 0.3%CVE-2024-3072MEDIUMACF Front End Editor <= 2.0.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Content UpdateEPSS 0.3%CVE-2024-1650MEDIUMCategorify <= 1.0.7.4 - Missing Authorization in categorifyAjaxRenameCategoryEPSS 0.3%CVE-2024-44052MEDIUMWordPress HelloAsso plugin <= 1.1.10 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2025-8807MEDIUMxujeff tianti 天梯 save authorizationEPSS 0.3%