Fallos del tipo CWE-862

6877 resultados
CVE-2024-33564HIGHWordPress XStore theme <= 9.3.8 - Arbitrary Option Update vulnerabilityEPSS 0.3%CVE-2024-32714MEDIUMWordPress Academy LMS plugin <= 1.9.16 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2024-30515MEDIUMWordPress Events Manager plugin <= 6.4.6.4 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2026-55762HIGHRocket.Chat: Any Authenticated User Can Permanently Deregister Workspace from Rocket.Chat Cloud via Unprotected `/api/v1/fingerprint` EndpointEPSS 0.3%CVE-2025-48242MEDIUMWordPress Legal Pages plugin <= 1.4.5 - Broken Access Control VulnerabilityEPSS 0.3%CVE-2026-12432MEDIUMStripe Payment Forms by WP Full Pay <= 8.4.3 - Missing Authorization to Unauthenticated Payment Record Manipulation via 'paymentIntentId' ParameterEPSS 0.3%CVE-2024-1804MEDIUMTutor LMS – Migration Tool <= 2.2.0 - Missing Authorization in tutor_import_from_xmlEPSS 0.3%CVE-2023-6883MEDIUMEasy Social Feed <= 6.5.2 - Missing Authorization to Settings ModificationEPSS 0.3%CVE-2026-49357HIGHStreamable HTTP mode exposes LINE Desktop read/send tools without MCP authenticationEPSS 0.3%CVE-2024-6709MEDIUMSync Post With Other Site <= 1.6 - Missing Authorization to Authenticated (Subscriber+) Post Creation and UpdateEPSS 0.3%CVE-2026-42083HIGHfree5GC: PCF Npcf_SMPolicyControl missing authentication middleware allows unauthenticated access to SM policy handlers and disclosure of subscriber SUPIEPSS 0.3%CVE-2024-8121MEDIUMThe Ultimate WordPress Toolkit – WP Extended <= 3.0.8 - Missing Authorization to Admin Username ChangeEPSS 0.3%CVE-2026-5347MEDIUMWP Books Gallery <= 4.8.0 - Missing Authorization to Unauthenticated Settings Update via 'permalink_structure' ParameterEPSS 0.3%CVE-2024-30517MEDIUMWordPress Sliced Invoices plugin <= 3.9.2 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2024-5858MEDIUMInfographic Maker iList <= 4.7.4 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Title UpdateEPSS 0.3%CVE-2025-49041MEDIUMWordPress Get Cash plugin <= 3.2.3 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2024-31294MEDIUMWordPress WP Sort Order plugin <= 1.3.1 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2024-31350MEDIUMWordPress AWP Classifieds plugin <= 4.3.1 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2024-31261MEDIUMWordPress Announcer – Notification & message bars plugin <= 6.0 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2025-26942HIGHWordPress JetTricks plugin <= 1.5.1 - Broken Access Control VulnerabilityEPSS 0.3%