Fallos del tipo CWE-862

6960 resultados
CVE-2026-56250HIGHCapgo - Arbitrary R2 Object Deletion via Mutable r2_path in app_versionsEPSS 0.3%CVE-2025-57987MEDIUMWordPress WP Events Manager Plugin <= 2.2.1 - Broken Access Control VulnerabilityEPSS 0.3%CVE-2025-57971MEDIUMWordPress SALESmanago Plugin <= 3.8.1 - Broken Access Control VulnerabilityEPSS 0.3%CVE-2025-58222MEDIUMWordPress Team Manager plugin <= 2.5.1 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2026-5488MEDIUMExactMetrics <= 9.1.2 - Authenticated (Subscriber+) Missing Authorization to Google Ads Access Token Retrieval via AJAX Action 'exactmetrics_ads_get_token'EPSS 0.3%CVE-2025-1285MEDIUMResido - Real Estate WordPress Theme <= 3.6 - Missing Authorization to Unauthenticated Server-Side Request Forgery and API Key Settings UpdateEPSS 0.3%CVE-2025-15563MEDIUMBroken Access Control results in Denial of Service in NesterSoft WorkTimeEPSS 0.3%CVE-2026-3143MEDIUMTotal Upkeep <= 1.17.1 - Missing Authorization to Unauthenticated Rollback CancellationEPSS 0.3%CVE-2025-8565HIGHPrivacy Policy Generator, Terms & Conditions Generator WordPress Plugin : WP Legal Pages <= 3.4.3 - Missing Authorization to Authenticated (Contributor+) Arbitrary Plugin InstallationEPSS 0.3%CVE-2026-44884MEDIUMPortainer: Missing authorization on custom template file endpoint exposes template contentEPSS 0.3%CVE-2025-32242MEDIUMWordPress Hive Support plugin <= 1.2.5 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2025-52804HIGHWordPress Nuss theme <= 1.3.7.1 - Broken Access Control VulnerabilityEPSS 0.3%CVE-2024-12879MEDIUMWPBot Pro Wordpress Chatbot <= 13.5.5 - Missing Authorization to Authenticated (Subscriber+) Simple Text Response CreationEPSS 0.3%CVE-2025-30932MEDIUMWordPress WP Compress for MainWP plugin <= 6.30.32 - Broken Access Control VulnerabilityEPSS 0.3%CVE-2025-53304MEDIUMWordPress Contact Form – 7 : Hide Success Message plugin <= 1.1.4 - Broken Access Control VulnerabilityEPSS 0.3%CVE-2025-11742MEDIUMWPC Smart Wishlist for WooCommerce <= 5.0.4 - Missing Authorization to Authenticated (Subscriber+) Information ExposureEPSS 0.3%CVE-2026-43885HIGHWWBN AVideo: Exposure of Sensitive Information to an Unauthorized Actor and Missing AuthorizationEPSS 0.3%CVE-2025-49998MEDIUMWordPress WooCommerce Fortnox Integration plugin <= 4.5.5 - Broken Access Control VulnerabilityEPSS 0.3%CVE-2025-30934MEDIUMWordPress 診断ジェネレータ作成プラグイン plugin <= 1.4.16 - Broken Access Control VulnerabilityEPSS 0.3%CVE-2024-9187MEDIUMRead more By Adam <= 1.1.8 - Missing Authorization to Authenticated (Subscriber+) Read More Button DeletionEPSS 0.3%