Fallos del tipo CWE-862

6872 resultados
CVE-2023-47780MEDIUMWordPress EasyAzon – Amazon Associates Affiliate Plugin plugin <= 5.1.0 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2023-47776MEDIUMWordPress miniorange otp verification plugin <= 4.2.1 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2024-6872MEDIUMBuild Your Dream Website Fast with 400+ Starter Templates and Landing Pages, No Coding Needed, One-Click Import for Elementor & Gutenberg Blocks! – TemplateSpare <= 2.4.2 - Missing Authorization to Authenticated (Subscriber+) Theme UpdateEPSS 0.3%CVE-2023-47793MEDIUMWordPress Acme Fix Images plugin <= 1.0.0 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2024-37096MEDIUMWordPress Popup box plugin <= 4.5.1 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2024-37201MEDIUMWordPress Woocommerce Customers Order History plugin <= 5.2.2 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2024-37254MEDIUMWordPress WP File Manager plugin <= 7.2.7 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2023-47761MEDIUMWordPress Simple 301 Redirects by BetterLinks plugin <= 2.0.7 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2023-47838MEDIUMWordPress Conditional Fields for Contact Form 7 plugin <= 2.4.1 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2024-43134MEDIUMWordPress Waitlist Woocommerce plugin <= 2.6 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2023-7294HIGHPaytium: Mollie payment forms & donations <= 4.3.7 - Missing Authorization in 'create_mollie_profile'EPSS 0.3%CVE-2026-2633MEDIUMGutenberg Blocks with AI by Kadence WP <= 3.6.1 - Missing Authorization to Authenticated (Contributor+) Unauthorized Media UploadEPSS 0.3%CVE-2025-57949MEDIUMWordPress Ongkoskirim.id Plugin <= 1.0.6 - Broken Access Control VulnerabilityEPSS 0.3%CVE-2025-2267MEDIUMWP01 – Speed, Security, SEO consultant <= 2.6.2 - Authenticated (Subscriber+) Arbitrary File DownloadEPSS 0.3%CVE-2025-31415HIGHWordPress YayExtra <= 1.5.2 - Broken Access Control VulnerabilityEPSS 0.3%CVE-2025-14757MEDIUMCost Calculator Builder <= 3.6.9 - Missing Authorization to Unauthenticated Payment Status BypassEPSS 0.3%CVE-2025-27583CRITICALIncorrect access control in the component /rest/staffResource/findAllUsersAcrossOrg of Serosoft Solutions Pvt Ltd Academia Student InformatiEPSS 0.3%CVE-2024-12336MEDIUMWC Affiliate – A Complete WooCommerce Affiliate Plugin <= 2.5.3 - Missing Authorization to Authenticated (Subscriber+) Sensitive Information Exposure via wf-export-allEPSS 0.3%CVE-2024-8678MEDIUMRevolut Gateway for WooCommerce <= 4.17.3 - Missing Authorization to Unauthenticated Order Status UpdateEPSS 0.3%CVE-2025-14864MEDIUMVirusdie <= 1.1.7 - Missing Authorization to Authenticated (Subscriber+) API Key DisclosureEPSS 0.3%