Fallos del tipo CWE-862

6868 resultados
CVE-2024-32832CRITICALWordPress Login with Phone Number plugin <= 1.6.93 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2021-24730Logo Showcase with Slick Slider < 1.2.5 - Subscriber+ Arbitrary Media Title/Description/Alt Text/URL UpdateEPSS 0.3%CVE-2020-36834MEDIUMDiscount Rules for WooCommerce <= 2.0.2 - Missing AuthorizationEPSS 0.3%CVE-2025-15330HIGHTanium addressed an improper input validation vulnerability in Deploy.EPSS 0.3%CVE-2025-24725MEDIUMWordPress Thim Elementor Kit Plugin <= 1.2.8 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2024-12719MEDIUMWordPress File Upload <= 4.24.15 - Missing Authorization to Authenticated (Subscriber+) Limited Path TraversalEPSS 0.3%CVE-2023-52232MEDIUMWordPress Booster Plus for WooCommerce plugin < 7.1.2 - Authenticated Arbitrary Post/Page Deletion VulnerabilityEPSS 0.3%CVE-2026-46716CRITICALNezha Monitoring: RoleMember can run shell on every server (cross-tenant RCE) via POST /api/v1/cronEPSS 0.3%CVE-2024-7381MEDIUMGeo Controller <= 8.6.9 - Missing Authorization to Unauthenticated Shortcode ExecutionEPSS 0.3%CVE-2024-7390MEDIUMWP Testimonial Widget <= 3.1 - Missing AuthorizationEPSS 0.3%CVE-2020-36833MEDIUMIndeed Membership Pro 7.3 - 8.6 - Missing Authorization ChecksEPSS 0.3%CVE-2023-33922MEDIUMWordPress Elementor plugin <= 3.13.2 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2025-32929HIGHWordPress Barcode Generator for WooCommerce plugin <= 2.0.4 - Arbitrary Content Deletion vulnerabilityEPSS 0.3%CVE-2025-32973CRITICALorg.xwiki.platform:xwiki-platform-component-wiki provides no warning when granting XWiki.ComponentClass programming rightEPSS 0.3%CVE-2025-27310MEDIUMWordPress Page and Post Lister plugin <= 1.2.1 - Arbitrary Content Deletion vulnerabilityEPSS 0.3%CVE-2026-1310MEDIUMSimple calendar for Elementor <= 1.6.6 - Missing Authorization to Unauthenticated Arbitrary Calendar Entry DeletionEPSS 0.3%CVE-2026-11398MEDIUMLatePoint <= 5.6.1 - Missing Authorization to Unauthenticated Arbitrary Customer Data Modification via process_step_customer() Booking Form Customer StepEPSS 0.3%CVE-2026-44010HIGHCraft CMS: Missing Authorization in GraphQL Address Resolver Allows Cross-Scope PII DisclosureEPSS 0.3%CVE-2025-48257MEDIUMWordPress Projectopia plugin <= 5.1.17 - Broken Access Control VulnerabilityEPSS 0.3%CVE-2024-10866MEDIUMExport Import Menus <= 1.9.1 - Missing Authorization to Unauthenticated Menu ExportEPSS 0.3%