Fallos del tipo CWE-862
6897 resultadosCVE-2026-2371MEDIUMGreenshift <= 12.8.3 - Missing Authorization to Unauthenticated Private Reusable Block Disclosure via 'gspb_el_reusable_load'EPSS 0.3%CVE-2026-3906MEDIUMWordPress 6.9 - 6.9.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Note Creation via REST APIEPSS 0.3%CVE-2026-45209HIGHWordPress MyCryptoCheckout plugin <= 2.161 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2024-27970MEDIUMWordPress WP SendFox plugin <= 1.3.0 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2025-47612MEDIUMWordPress ClickWhale plugin <= 2.4.6 - Broken Access Control VulnerabilityEPSS 0.3%CVE-2026-39490HIGHWordPress JupiterX Core plugin <= 4.14.1 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2025-23963MEDIUMWordPress Mark Posts plugin <= 2.2.4 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2025-47628MEDIUMWordPress QS Dark Mode plugin <= 3.0 - Broken Access Control VulnerabilityEPSS 0.3%CVE-2025-10352CRITICALMissing Authorization vulnerability in Melis PlatformEPSS 0.3%CVE-2026-33470MEDIUMFrigate has cross-camera snapshot disclosure via unrestricted timeline IDs and missing authorization in /api/events/{event_id}/snapshot-clean.webpEPSS 0.3%CVE-2024-13439MEDIUMTeam – Team Members Showcase Plugin <= 4.4.9 - Missing Authorization to Authenticated (Subscriber+) Settings UpdateEPSS 0.3%CVE-2024-10897MEDIUMTutor LMS Elementor Addons <= 2.1.5 - Missing Authorization to Authenticated (Subscriber+) Limited Plugin InstallationEPSS 0.3%CVE-2025-1504MEDIUMPost Lockdown <= 4.0.2 - Missing Authorization to Authenticated (Subscriber+) Post DisclosureEPSS 0.3%CVE-2026-41464HIGHProjeQtor < 12.4.4 Missing Authorization via objectDetail.phpEPSS 0.3%CVE-2026-34024HIGHMissing authorization checks in Wertheim SafeController Software allow low-privileged users to access restricted functionsEPSS 0.3%CVE-2025-30107HIGHOn IROAD V9 devices, Managing Settings and Obtaining Sensitive Data and Sabotaging the Car Battery can be performed by unauthorized parties.EPSS 0.3%CVE-2024-54218MEDIUMWordPress AIO Contact plugin <= 2.8.1 - Unauthenticated Plugin Settings Change vulnerabilityEPSS 0.3%CVE-2026-39533HIGHWordPress AWP Classifieds plugin <= 4.4.4 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2024-1328MEDIUMNewsletter2Go <= 4.0.14 - Authenticated(Subscriber+) Stored Cross-Site Scripting via styleEPSS 0.3%CVE-2025-1481MEDIUMShortcode Cleaner Lite <= 1.0.9 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options ExportEPSS 0.3%