Fallos del tipo CWE-862

6923 resultados
CVE-2025-30855HIGHWordPress Ads by WPQuads plugin <= 2.0.87.1 - Broken Access Control VulnerabilityEPSS 0.3%CVE-2025-11378MEDIUMShortPixel Image Optimizer <= 6.3.4 - Authenticated (Contributor+) Settings Import/ExportEPSS 0.3%CVE-2024-31307MEDIUMWordPress Easy Social Share Buttons plugin <= 9.4 - Multiple Broken Access Control vulnerabilityEPSS 0.3%CVE-2024-13374MEDIUMWP Table Manager <= 4.1.3 - Missing Authorization to Authenticated (Subscriber+) Directory Traversal to Folder/File Name DisclosureEPSS 0.3%CVE-2025-48138MEDIUMWordPress BERTHA AI plugin <= 1.13 - Broken Access Control VulnerabilityEPSS 0.3%CVE-2025-30639HIGHWordPress IDonatePro Plugin <= 2.1.9 - Broken Access Control VulnerabilityEPSS 0.3%CVE-2025-67969MEDIUMWordPress UPI QR Code Payment Gateway for WooCommerce plugin <= 1.5.1 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2025-52738MEDIUMWordPress Wikipedia Preview plugin <= 1.15.0 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2026-27783MEDIUMGitea issue-template APIs bypass repository unit authorizationEPSS 0.3%CVE-2026-1981MEDIUMWinston AI <= 0.0.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Settings DeletionEPSS 0.3%CVE-2026-31266HIGHCraft CMS 5.9.5 and earlier contains a Missing Authorization vulnerability in the migrate endpoint (/actions/app/migrate).EPSS 0.3%CVE-2025-26969HIGHWordPress PrivateContent plugin <= 8.11.5 - Subscriber+ Site Wide Broken Access Control vulnerabilityEPSS 0.3%CVE-2025-24600MEDIUMWordPress RSVPMaker plugin <= 11.4.5 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2025-9331MEDIUMSpacious <= 1.9.11 - Missing Authorization to Autheticated (Subscriber+) Demo Data ImportEPSS 0.3%CVE-2025-31540MEDIUMWordPress ACME Divi Modules plugin <= 1.3.5 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2025-31544MEDIUMWordPress Swiss Toolkit For WP plugin <= 1.4.5 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2024-12610MEDIUMSchool Management System for Wordpress <= 93.0.0 - Missing Authorization to Unauthenticated Arbitrary Post DeletionEPSS 0.3%CVE-2026-0718MEDIUMPost Grid Gutenberg Blocks for News, Magazines, Blog Websites – PostX <= 5.0.5 - Missing Authorization to Limited Post Meta ModificationEPSS 0.3%CVE-2025-3037MEDIUMyzk2356911358 StudentServlet-JSP cross-site request forgeryEPSS 0.3%CVE-2025-30851MEDIUMWordPress Tickera plugin <= 3.5.5.2 - Broken Access Control vulnerabilityEPSS 0.3%