Fallos del tipo CWE-862
6909 resultadosCVE-2024-6175MEDIUMBooking Ultra Pro <= 1.1.13 - Missing Authorization to Authenticated (Subscriber+) Plugin Settings UpdatesEPSS 0.3%CVE-2024-13530MEDIUMCustom Login Page Styler <= 7.1.1 - Missing Authorization to Authenticated (Subsciber+) Log Deletion and Session TerminationEPSS 0.3%CVE-2025-24692HIGHWordPress Bulk Menu Edit plugin <= 1.3 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2024-12617MEDIUMWC Price History for Omnibus <= 2.1.3 - Missing AuthorizationEPSS 0.3%CVE-2024-3932LOWTotara LMS User Selector cross-site request forgeryEPSS 0.3%CVE-2025-55471HIGHIncorrect access control in the getUserFormData function of youlai-boot v2.21.1 allows attackers to access sensitive information for other uEPSS 0.3%CVE-2025-39457MEDIUMWordPress Booking and Rental Manager plugin <= 2.2.8 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2025-39477CRITICALWordPress InWave Jobs Plugin <= 3.5.8 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2025-42961MEDIUMMissing Authorization check in SAP NetWeaver Application Server for ABAPEPSS 0.3%CVE-2025-4430HIGHUnauthorized file manipulation in EZD RPEPSS 0.3%CVE-2026-4977MEDIUMUsersWP <= 1.2.58 - Authenticated (Subscriber+) Restricted Usermeta Modification via 'htmlvar' ParameterEPSS 0.3%CVE-2024-10606MEDIUMWP Travel Engine <= 6.2.1 - Missing Authorization to Authenticated (Contributor+) Plugin Settings UpdateEPSS 0.3%CVE-2025-12876MEDIUMProjectopia – WordPress Project Management <= 5.1.19 - Missing Authorization to Unauthenticated Arbitrary Attachment DeletionEPSS 0.3%CVE-2024-13716MEDIUMForex Calculators <= 1.3.7 - Missing Authorization to Authenticated (Subscriber+) Settings UpdateEPSS 0.3%CVE-2026-34358HIGHCtrlPanel: Missing Authorization on Admin Write Endpoints Allows RBAC BypassEPSS 0.3%CVE-2024-6167MEDIUMJust Custom Fields <= 3.3.2 - Missing Authorization via AJAX actionsEPSS 0.3%CVE-2025-53284MEDIUMWordPress CMS Blocks plugin <= 1.1 - Broken Access Control VulnerabilityEPSS 0.3%CVE-2026-30842MEDIUMWallos: Authenticated Missing Authorization Allows Deletion of Other Users’ Uploaded AvatarsEPSS 0.3%CVE-2024-49273MEDIUMWordPress ProfileGrid plugin <= 5.9.3 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.3%CVE-2024-37250MEDIUMWordPress Advanced Custom Fields Pro plugin < 6.3.2 - Subscriber+ Broken Access Control vulnerabilityEPSS 0.3%