Fallos del tipo CWE-862
6960 resultadosCVE-2025-48166MEDIUMWordPress Stop and Block bots plugin Anti bots <= 1.48 - Broken Access Control VulnerabilityEPSS 0.3%CVE-2025-49989MEDIUMWordPress App Builder plugin <= 5.5.6 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2025-13318MEDIUMBooking Calendar Contact Form <= 1.2.60 - Missing Authorization to Unauthenticated Arbitrary Booking Confirmation via 'dex_bccf_ipn' ParameterEPSS 0.3%CVE-2025-53986MEDIUMWordPress Hestia theme <= 3.2.10 - Broken Access Control VulnerabilityEPSS 0.3%CVE-2026-26742HIGHPX4 Autopilot versions 1.12.x through 1.15.x contain a protection mechanism failure in the "Re-arm Grace Period" logic. The system incorrectEPSS 0.3%CVE-2025-31071MEDIUMWordPress HotStar – Multi-Purpose Business Theme <= 1.4 - Broken Access Control VulnerabilityEPSS 0.3%CVE-2025-41765CRITICALUnchecked role in wwwupload.cgiEPSS 0.3%CVE-2026-43580MEDIUMOpenClaw < 2026.4.10 - Incomplete Navigation Guard Coverage in Browser InteractionsEPSS 0.3%CVE-2024-6754MEDIUMSocial Auto Poster <= 5.3.14 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Meta Update via wpw_auto_poster_update_tweet_templateEPSS 0.3%CVE-2026-0554MEDIUMNotificationX <= 3.1.11 - Missing Authorization to Authenticated (Contributor+) Analytics ResetEPSS 0.3%CVE-2026-35621HIGHOpenClaw < 2026.3.24 - Privilege Escalation via chat.send to Allowlist PersistenceEPSS 0.3%CVE-2025-11269MEDIUMProduct Filter by WBW <= 3.0.0 - Missing Authorization to Unauthenticated Settings UpdateEPSS 0.3%CVE-2025-48133MEDIUMWordPress Uncanny Automator plugin <= 6.4.0.2 - Broken Access Control VulnerabilityEPSS 0.3%CVE-2026-42763MEDIUMWordPress SePay Gateway plugin <= 1.1.20 - Sensitive Data Exposure vulnerabilityEPSS 0.3%CVE-2025-11999MEDIUMAdd Multiple Marker <= 1.2 - Missing Authorization to Unauthenticated Settings UpdateEPSS 0.3%CVE-2026-24529MEDIUMWordPress Quick Restaurant Reservations plugin <= 1.6.7 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2026-6512CRITICALInfusedWoo Pro <= 5.1.2 - Unauthenticated Missing Authorization to Arbitrary Post Deletion via Multiple ParametersEPSS 0.3%CVE-2025-6215MEDIUMOmnishop <= 1.0.9 - Missing Registration Restriction to Unauthenticated Account Creation via /users/register REST EndpointEPSS 0.3%CVE-2024-39591MEDIUMMissing Authorization check in SAP Document BuilderEPSS 0.3%CVE-2025-2289MEDIUMZegen - Church WordPress Theme <= 1.1.9 - Missing Authorization to Authenticated (Subscriber+) Theme Options UpdatesEPSS 0.3%