Fallos del tipo CWE-862

6896 resultados
CVE-2025-31820MEDIUMWordPress Automatic Featured Images from Videos plugin <= 1.2.4 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2025-22385MEDIUMAn issue was discovered in Optimizely Configured Commerce before 5.2.2408. For newly created accounts, the Commerce B2B application does notEPSS 0.3%CVE-2025-30909MEDIUMWordPress Conversios.io plugin <= 7.2.3 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2025-26773MEDIUMWordPress Analytify plugin <= 5.5.0 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2025-30959MEDIUMWordPress Product XML Feed Manager for WooCommerce <= 2.9.2 - Broken Access Control VulnerabilityEPSS 0.3%CVE-2026-33159MEDIUMCraft CMS: Unauthenticated users could execute project configuration sync operations that should be restricted trusted usersEPSS 0.3%CVE-2025-58616MEDIUMWordPress Frisbii Pay Plugin <= 1.8.2.1 - Broken Access Control VulnerabilityEPSS 0.3%CVE-2022-2389Automations By Autonami < 2.1.2 - Subscriber+ Automation CreationEPSS 0.3%CVE-2024-33636MEDIUMWordPress WP Page Post Widget Clone plugin <= 1.0.1 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2024-1218MEDIUMContact Form builder with drag & drop for WordPress – Kali Forms <= 2.3.41 - Missing AuthorizationEPSS 0.3%CVE-2022-2377Directorist < 7.3.0 - Subscriber+ Arbitrary E-mail SendingEPSS 0.3%CVE-2026-1926MEDIUMSubscriptions for WooCommerce <= 1.9.2 - Missing Authorization to Unauthenticated Arbitrary Subscription CancellationEPSS 0.3%CVE-2025-2816HIGHPage View Count 2.8.0 - 2.8.4 - Missing Authorization to Authenticated (Subscriber+) Limited Options UpdateEPSS 0.3%CVE-2024-37249MEDIUMWordPress Advanced Custom Fields Pro plugin < 6.3.2 - Contributor+ Broken Access Control vulnerabilityEPSS 0.3%CVE-2026-9619MEDIUMReviews and Rating <= 1.1.4 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Modification via sync_reviews AJAX ActionEPSS 0.3%CVE-2024-12611MEDIUMSchool Management System for Wordpress <= 93.0.0 - Reflected Cross-Site ScriptingEPSS 0.3%CVE-2024-47318MEDIUMWordPress PWA for WP & AMP plugin <= 1.7.72 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2026-27405MEDIUMWordPress WpBookingly plugin <= 1.2.9 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2026-40788HIGHWordPress ChatBot plugin <= 7.9.7 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2025-15507MEDIUMMagic Import Document Extractor <= 1.0.5 - Missing Authorization to Unauthenticated Plugin License Status ModificationEPSS 0.3%