Fallos del tipo CWE-862

6921 resultados
CVE-2024-13737MEDIUMMotors – Car Dealer, Classifieds & Listing <= 1.4.57 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Deletion and Listing Template CreationEPSS 0.3%CVE-2026-44550MEDIUMOpen WebUI: Mass Assignment via Pydantic extra='allow' Allows Creating Folders in Other Users' AccountsEPSS 0.3%CVE-2026-28076HIGHWordPress Guff theme <= 1.0.1 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2025-64268HIGHWordPress Timetics plugin <= 1.0.44 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2023-6798MEDIUMRSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator <= 4.3.2 - Missing AuthorizationEPSS 0.3%CVE-2025-63294MEDIUMWorkDo HRM SaaS HR and Payroll Tool 8.1 is affected vulnerable to Insecure Permissions. An authenticated user can create leave or resignatioEPSS 0.3%CVE-2025-60045HIGHWordPress IDonatePro plugin <= 2.1.11 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2026-1671MEDIUMActivity Log for WordPress <= 1.2.8 - Missing Authorization to Sensitive Information Exposure via Log FileEPSS 0.3%CVE-2025-41443MEDIUMGuest user can discover active public channelsEPSS 0.3%CVE-2025-60098MEDIUMWordPress Theme My Login Plugin <= 7.1.12 - Broken Access Control VulnerabilityEPSS 0.3%CVE-2025-14360HIGHWordPress Blockons plugin <= 1.2.19 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2025-58009LOWWordPress CP Multi View Event Calendar plugin <= 1.4.35 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2025-64631MEDIUMWordPress WCFM Marketplace plugin <= 3.7.1 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2026-39594MEDIUMWordPress Ultra Addons for WPForms plugin <= 1.0.11 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2025-64209HIGHWordPress Masterstudy theme < 4.8.122 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2026-6667MEDIUMPgBouncer missing authorization check in KILL_CLIENT admin commandEPSS 0.3%CVE-2026-40870HIGHDecidim's comments API allows access to all commentable resourcesEPSS 0.3%CVE-2025-69313HIGHWordPress PostX plugin <= 5.0.3 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2026-22351HIGHWordPress WP FullCalendar plugin <= 1.6 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2026-1303MEDIUMMailChimp Campaigns <= 3.2.4 - Missing Authorization to Authenticated (Subscriber+) MailChimp App DisconnectionEPSS 0.3%