Fallos del tipo CWE-862

6877 resultados
CVE-2025-49041MEDIUMWordPress Get Cash plugin <= 3.2.3 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2024-31294MEDIUMWordPress WP Sort Order plugin <= 1.3.1 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2023-6883MEDIUMEasy Social Feed <= 6.5.2 - Missing Authorization to Settings ModificationEPSS 0.3%CVE-2026-42083HIGHfree5GC: PCF Npcf_SMPolicyControl missing authentication middleware allows unauthenticated access to SM policy handlers and disclosure of subscriber SUPIEPSS 0.3%CVE-2024-6709MEDIUMSync Post With Other Site <= 1.6 - Missing Authorization to Authenticated (Subscriber+) Post Creation and UpdateEPSS 0.3%CVE-2025-1279HIGHBM Content Builder <= 3.16.2.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options UpdateEPSS 0.3%CVE-2025-24736MEDIUMWordPress Post Duplicator plugin <= 2.35 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2025-67994HIGHWordPress YayCurrency plugin <= 3.3 - Arbitrary Content Deletion vulnerabilityEPSS 0.3%CVE-2024-1804MEDIUMTutor LMS – Migration Tool <= 2.2.0 - Missing Authorization in tutor_import_from_xmlEPSS 0.3%CVE-2025-26958HIGHWordPress JetBlog plugin <= 2.4.3 - Broken Access Control VulnerabilityEPSS 0.3%CVE-2026-6964MEDIUMVideo Conferencing with Zoom <= 4.6.7 - Missing Authorization to Unauthenticated Zoom SDK Credential Exposure via 'get_auth' AJAX ActionEPSS 0.3%CVE-2024-30484MEDIUMWordPress RT Easy Builder plugin <= 2.0 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2026-0832HIGHNew User Approve <= 3.2.2 - Missing Authorization to Unauthenticated Arbitrary User Approval, Denial, and Information DisclosureEPSS 0.3%CVE-2026-12432MEDIUMStripe Payment Forms by WP Full Pay <= 8.4.3 - Missing Authorization to Unauthenticated Payment Record Manipulation via 'paymentIntentId' ParameterEPSS 0.3%CVE-2025-0526LOWIn affected versions of Octopus Deploy it was possible to upload files to unexpected locations on the host using an API endpoint. The field EPSS 0.3%CVE-2026-26236MEDIUMQuMagieEPSS 0.3%CVE-2024-9824MEDIUMImagePress - Image Gallery <= 1.2.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Deletion and Post Title UpdateEPSS 0.3%CVE-2025-23957MEDIUMWordPress Sur.ly plugin <= 3.0.3 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2025-22730MEDIUMWordPress Ksher plugin <= 1.1.2 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2023-2784MEDIUMApps Framework allows install requests from regular members via an internal pathEPSS 0.3%