Fallos del tipo CWE-862

6934 resultados
CVE-2026-39631MEDIUMWordPress WPSchoolPress plugin <= 2.2.35 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2025-49509MEDIUMWordPress Audio Editor & Recorder plugin <= 2.2.1 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2025-60116MEDIUMWordPress Grand Conference Theme Custom Post Type plugin < 2.6.4 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2025-67974HIGHWordPress WPLegalPages plugin <= 3.5.4 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2026-44975MEDIUMFrappe: Missing authorization on reset form toursEPSS 0.3%CVE-2025-22298MEDIUMWordPress Hive Support plugin <= 1.1.6 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2026-54837HIGHWordPress Intranet & Private Site – All-In-One Intranet plugin <= 1.8.1 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2026-42666HIGHWordPress Salon booking system plugin <= 10.30.25 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2026-8684MEDIUMMotoPress Hotel Booking <= 6.0.1 - Missing Authorization to Unauthenticated Arbitrary Booking Notes Modification via mphb_update_booking_notes AJAX ActionEPSS 0.3%CVE-2026-54846HIGHWordPress Syncee Premium Dropshipping & Wholesale plugin <= 1.0.27 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2026-44718MEDIUMMathesar: Missing collaborator checks allowed access to saved explorations in other databasesEPSS 0.3%CVE-2026-54847HIGHWordPress Stylish Cost Calculator plugin <= 8.3.9 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2026-44571MEDIUMOpen WebUI: Improper Authorization in Standard Channels Allows Message Updates with Read PermissionEPSS 0.3%CVE-2025-13496MEDIUMMoosend Landing Pages <= 1.1.6 - Missing Authorization to Authenticated (Subscriber+) Option DeletionEPSS 0.3%CVE-2025-22291MEDIUMWordPress LTL Freight Quotes – Worldwide Express Edition plugin <= 5.0.20 - Arbitrary Content Deletion vulnerabilityEPSS 0.3%CVE-2026-39689MEDIUMWordPress eShipper Commerce plugin <= 2.16.12 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2025-43358HIGHA permissions issue was addressed with additional sandbox restrictions. This issue is fixed in iOS 18.7 and iPadOS 18.7, iOS 26 and iPadOS 2EPSS 0.3%CVE-2025-67965MEDIUMWordPress Homey Core plugin <= 2.4.3 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2024-31347MEDIUMWordPress Tracking Code Manager plugin <= 2.1.0 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2023-51523MEDIUMWordPress WooCommerce Easy Duplicate Product plugin <= 0.3.0.7 - Broken Access Control vulnerabilityEPSS 0.3%