Fallos del tipo CWE-862
6912 resultadosCVE-2025-69393HIGHWordPress Exzo theme <= 1.2.4 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2026-23541HIGHWordPress Mail Mint plugin <= 1.19.4 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2026-33359HIGHMeari unauthenticated alert image access in cloud object storageEPSS 0.3%CVE-2026-34903MEDIUMWordPress Ocean Extra plugin <= 2.5.3 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2026-45285MEDIUMNextcloud: Hidden Public Link creation when sharing to a Team External MemberEPSS 0.3%CVE-2026-25398MEDIUMWordPress Vertex Addons for Elementor plugin <= 1.6.4 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2024-12606MEDIUMAI Scribe – SEO AI Writer, Content Generator, Humanizer, Blog Writer, SEO Optimizer, DALLE-3, AI WordPress Plugin ChatGPT (GPT-4o 128K) <= 2.5 - Missing Authorization to Authenticated (Subscriber+) Settings UpdateEPSS 0.3%CVE-2026-40937HIGHRustFS missing admin authorization on notification target endpoints, which allows unauthenticated configuration of event webhooksEPSS 0.3%CVE-2025-31858MEDIUMWordPress Local Magic plugin <= 2.9.0 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2025-62049MEDIUMWordPress Cost Calculator Builder plugin <= 3.5.32 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2025-62100MEDIUMWordPress ThemeRain Core plugin <= 1.1.9 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2026-1280HIGHFrontend File Manager Plugin <= 23.5 - Missing Authorization to Unauthenticated Arbitrary File Sharing via 'file_id' ParameterEPSS 0.3%CVE-2024-13312MEDIUMOpen Social - Moderately critical - Access bypass - SA-CONTRIB-2024-076EPSS 0.3%CVE-2024-13303MEDIUMDownload All Files - Critical - Access bypass - SA-CONTRIB-2024-069EPSS 0.3%CVE-2025-53452MEDIUMWordPress Event Rocket Plugin <= 3.3 - Broken Access Control VulnerabilityEPSS 0.3%CVE-2024-6458MEDIUMWooCommerce Product Table Lite <= 3.5.1 - Missing Authorization to (Subscriber+) Stored Cross-Site ScriptingEPSS 0.3%CVE-2025-6718HIGHB1.lt for WooCommerce <= 2.2.57 - Missing Authorization to Authenticated (Subscriber+) Arbitrary SQL InjectionEPSS 0.3%CVE-2024-7888MEDIUMClassified Listing – Classified ads & Business Directory Plugin <= 3.1.7 - Missing AuthorizationEPSS 0.3%CVE-2025-62151MEDIUMWordPress Virtuaria PagBank / PagSeguro para Woocommerce plugin <= 3.6.3 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2025-47887MEDIUMMissing permission checks in Jenkins Cadence vManager Plugin 4.0.1-286.v9e25a_740b_a_48 and earlier allows attackers with Overall/Read permiEPSS 0.3%