Fallos del tipo CWE-862

6959 resultados
CVE-2026-28254MEDIUMMissing Authorization vulnerability in Trane Tracer SC, Tracer SC+, and Tracer ConciergeEPSS 0.3%CVE-2026-28554MEDIUMwpForo Forum 2.4.14 Missing Authorization via Post Approval AJAX HandlerEPSS 0.3%CVE-2025-31596MEDIUMWordPress Chat by Chatwee plugin <= 2.1.3 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2024-12210MEDIUMPrint Invoice & Delivery Notes for WooCommerce <= 5.4.0 - Missing Authorization to Authenticated (Subscriber+) Logo DeletionEPSS 0.3%CVE-2024-12110MEDIUMGold Addons for Elementor <= 1.3.2 - Missing Authorization to Authenticated (Subscriber+) License Activation/DeactivationEPSS 0.3%CVE-2023-47870HIGHWordPress wpForo Forum Plugin <= 2.2.6 is vulnerable to Broken Access Control and Cross Site Request Forgery (CSRF)EPSS 0.3%CVE-2025-22665MEDIUMWordPress RapidLoad plugin <= 2.4.4 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2025-12081MEDIUMACF Photo Gallery Field <= 3.0 - Missing Authorization to Authenticated (Subscriber+) Attachment Metadata ModificationEPSS 0.3%CVE-2024-9628MEDIUMWPS Telegram Chat <= 4.6.0 - Authenticated (Subscriber+) Unauthorized Access to Telegram Bot APIEPSS 0.3%CVE-2024-56006MEDIUMWordPress Jetpack Debug Tools plugin < 2.0.1 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2025-31529MEDIUMWordPress Slider Path for Elementor plugin <= 3.0.0 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2026-2381MEDIUMWooCommerce Stripe Payment Gateway <= 10.7.0 - Missing Authorization to Unauthenticated Order Status Manipulation via 'order' ParameterEPSS 0.3%CVE-2025-62128MEDIUMWordPress SiteLock Security plugin <= 5.0.1 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2026-12119MEDIUMSimple File List <= 6.3.7 - Missing Authorization to Authenticated (Contributor+) Arbitrary File Operations (Deletion / Move / Folder Creation / Download) via 'frontmanage' Shortcode AttributeEPSS 0.3%CVE-2025-22647MEDIUMWordPress AIO Performance Profiler plugin <= 1.2 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2024-10664MEDIUMKnowledge Base documentation & wiki plugin – BasePress Docs <= 2.16.3.3 - Missing Authorization to Authenticated (Subscriber+) Database UpdateEPSS 0.3%CVE-2025-43773MEDIUMLiferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q2.0, 2025.Q1.0 through 2025.Q1.14, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.0 thrEPSS 0.3%CVE-2026-45552CRITICALRoxy-WI: Cross-tenant authorization bypass on /install/* — guest can run Ansible / SSH on every registered serverEPSS 0.3%CVE-2025-31576MEDIUMWordPress PostmarkApp Email Integrator plugin <= 2.4 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2025-31528MEDIUMWordPress StaticPress plugin <= 0.4.5 - Broken Access Control vulnerabilityEPSS 0.3%