Fallos del tipo CWE-862
6878 resultadosCVE-2026-26237MEDIUMQuMagieEPSS 0.3%CVE-2025-58207HIGHWordPress Ai Image Alt Text Generator for WP Plugin <= 1.1.5 - Broken Access Control VulnerabilityEPSS 0.3%CVE-2024-50428MEDIUMWordPress Multi Step Form plugin <= 1.7.21 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2025-11620HIGHMultiple Roles per User <= 1.0 - Missing Authorization to Authenticated (Custom+) Privilege EscalationEPSS 0.3%CVE-2025-46247MEDIUMWordPress Appointment Booking Calendar plugin <= 1.3.92 - Broken Access Control VulnerabilityEPSS 0.3%CVE-2023-4948MEDIUMWooCommerce CVR Payment Gateway < 6.1.0 - Missing Authorization to Authenticated (Contributor+) CVR UpdateEPSS 0.3%CVE-2024-42376MEDIUMMultiple Missing Authorization Check vulnerabilities in SAP Shared Service FrameworkEPSS 0.3%CVE-2022-41995MEDIUMWordPress Photo Gallery – Image Gallery by Ape Plugin <= 2.2.8 is vulnerable to Broken Access ControlEPSS 0.3%CVE-2025-8423MEDIUMMy WP Translate <= 1.1 - Authenticated (Subscriber+) Missing Authorization to Arbitrary Option Read and DeletionEPSS 0.3%CVE-2026-24777MEDIUMOpenProject has Improper Access Control on User Management allows user managers to lock admin accountsEPSS 0.3%CVE-2024-56266MEDIUMWordPress MP3 Audio Player plugin <= 5.8 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2024-13780MEDIUMHero Mega Menu - Responsive WordPress Menu Plugin <= 1.16.5 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Directory DeletionEPSS 0.3%CVE-2023-23882MEDIUMWordPress Ultimate Addons for Beaver Builder – Lite Plugin <= 1.5.5 is vulnerable to Broken Access ControlEPSS 0.3%CVE-2024-12616MEDIUMBitly's WordPress Plugin <= 2.7.3 - Missing Authorization to Authenticated (Subscriber+) Settings UpdateEPSS 0.3%CVE-2025-13717MEDIUMContact Form vCard Generator <= 2.4 - Missing Authorization to Unauthenticated Sensitive Information Exposure via 'wp-gvc-cf-download-id' ParameterEPSS 0.3%CVE-2025-1074MEDIUMWebkul QloApps URL mylogout cross-site request forgeryEPSS 0.3%CVE-2024-24718MEDIUMWordPress PropertyHive plugin <= 2.0.6 - Missing Authorization to Non-Arbitrary Plugin Installation vulnerabilityEPSS 0.3%CVE-2024-12327MEDIUMLazyLoad Background Images <= 1.0.7 - Missing Authorization to Authenticated (Subscriber+) Plugin Settings UpdateEPSS 0.3%CVE-2024-38744HIGHWordPress Plum: Spin Wheel & Email Pop-up plugin <= 2.0 - Broken Access Control to Unauth Stored XSS vulnerabilityEPSS 0.3%CVE-2025-43011HIGHMissing Authorization Check in SAP Landscape Transformation (PCL Basis)EPSS 0.3%