Fallos del tipo CWE-862
6959 resultadosCVE-2025-32296MEDIUMWordPress Simple Link Directory Pro plugin < 14.8.1 - Broken Access Control VulnerabilityEPSS 0.3%CVE-2026-24587MEDIUMWordPress AJAX Hits Counter + Popular Posts Widget plugin <= 0.10.210305 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2025-49989MEDIUMWordPress App Builder plugin <= 5.5.6 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2022-2405MEDIUMWP Popup Builder < 1.3.0 - Subscriber+ Arbitrary Popup DeletionEPSS 0.3%CVE-2025-3843MEDIUMpanhainan DS-Java cross-site request forgeryEPSS 0.3%CVE-2025-31065MEDIUMWordPress Rozario <= 1.4 - Broken Access Control VulnerabilityEPSS 0.3%CVE-2025-49997MEDIUMWordPress Giveaways and Contests by RafflePress plugin <= 1.12.18 - Broken Access Control + CSRF VulnerabilityEPSS 0.3%CVE-2026-26742HIGHPX4 Autopilot versions 1.12.x through 1.15.x contain a protection mechanism failure in the "Re-arm Grace Period" logic. The system incorrectEPSS 0.3%CVE-2025-53986MEDIUMWordPress Hestia theme <= 3.2.10 - Broken Access Control VulnerabilityEPSS 0.3%CVE-2025-50008MEDIUMWordPress WooCommerce Manager – Customize and Control Cart page, Add to Cart button, Checkout fields easily plugin <= 1.2.4.5 - Broken Access Control VulnerabilityEPSS 0.3%CVE-2025-3687MEDIUMmisstt123 oasys Sticky Notes cross-site request forgeryEPSS 0.3%CVE-2026-27708HIGHFOSSBilling: IDOR in Servicecustom Client API allows cross-client data accessEPSS 0.3%CVE-2026-50283MEDIUMCraft CMS: Unauthorized Deletion of Source Assets During File ReplacementEPSS 0.3%CVE-2025-12202MEDIUMajayrandhawa User-Management-PHP-MYSQL web cross-site request forgeryEPSS 0.3%CVE-2026-24595MEDIUMWordPress Zoho CRM Lead Magnet plugin <= 1.8.1.9 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2024-43214MEDIUMWordPress myCred plugin <= 2.7.2 - Sensitive Data Exposure vulnerabilityEPSS 0.3%CVE-2025-64255LOWWordPress Admin and Site Enhancements (ASE) plugin <= 8.0.8 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2025-41765CRITICALUnchecked role in wwwupload.cgiEPSS 0.3%CVE-2026-1781MEDIUMMC4WP: Mailchimp for WordPress <= 4.11.1 - Missing Authorization to Unauthenticated Arbitrary Subscription DeletionEPSS 0.3%CVE-2025-48166MEDIUMWordPress Stop and Block bots plugin Anti bots <= 1.48 - Broken Access Control VulnerabilityEPSS 0.3%