Fallos del tipo CWE-862

6876 resultados
CVE-2023-45101MEDIUMWordPress Customer Reviews for WooCommerce plugin <= 5.36.0 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2023-52199MEDIUMWordPress ActivityPub plugin <= 1.0.5 - Unauthenticated Broken Access Control vulnerabilityEPSS 0.3%CVE-2025-68059HIGHWordPress Hotel Listing plugin <= 1.4.2 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2019-25214HIGHShopWP <= 2.0.4 - Missing Authorization to Stored Cross-Site ScriptingEPSS 0.3%CVE-2025-31789MEDIUMWordPress TextMe SMS plugin <= 1.9.1 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2024-10582MEDIUMMusic Player for Elementor – Audio Player & Podcast Player <= 2.4.1 - Missing Authorization to Authenticated (Subscriber+) Template ImportEPSS 0.3%CVE-2024-6599MEDIUMMeks Video Importer <= 1.0.12 - Missing Authorization to Authenticated (Subscriber+) API Keys ModificationEPSS 0.3%CVE-2026-44012HIGHCraft CMS: Missing Volume Permission Check in AssetsController::actionShowInFolder Allows Information DisclosureEPSS 0.3%CVE-2025-1644MEDIUMBenner ModernaNet SG_Gravar cross-site request forgeryEPSS 0.3%CVE-2024-28003MEDIUMWordPress Max Mega Menu plugin <= 3.3 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2026-48797CRITICALBackpropagate: backprop ui --auth and backprop ui --share do not enforce authenticationEPSS 0.3%CVE-2026-44328HIGHfree5GC: SMF UPI DELETE /upi/v1/upNodesLinks/{ref} panics on AN-node deletion via nil UPF dereference; unauthenticated, state-mutatingEPSS 0.3%CVE-2026-27471CRITICALERP: Document access through endpoints due to missing validationEPSS 0.3%CVE-2024-12158MEDIUMPopup – MailChimp, GetResponse and ActiveCampaign Intergrations <= 3.2.6 - Missing Authorization to Unauthenticated DB Table TruncationEPSS 0.3%CVE-2024-12249MEDIUMGS Insever Portfolio <= 1.4.5 - Missing Authorization to Authenticated (Subscriber+) CSS InjectionEPSS 0.3%CVE-2023-47523MEDIUMWordPress Auto Tag Creator plugin <= 1.0.2 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2024-1125MEDIUMEventPrime – Events Calendar, Bookings and Tickets <= 3.4.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post DeletionEPSS 0.3%CVE-2023-45370An issue was discovered in the SportsTeams extension for MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.EPSS 0.3%CVE-2024-2298MEDIUMaffiliate-toolkit – WordPress Affiliate Plugin <= 3.5.4 - Missing Authorization via atkp_import_productEPSS 0.3%CVE-2024-9520MEDIUMUserPlus <= 2.0 - Missing Authorization via Multiple FunctionsEPSS 0.3%