Fallos del tipo CWE-862

6960 resultados
CVE-2025-36756MEDIUMDevice Takeover vulnerability in SolaX CloudEPSS 0.3%CVE-2022-47425MEDIUMWordPress ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup plugin <= 3.4.10 - Broken Access ControlEPSS 0.3%CVE-2024-34438MEDIUMWordPress Shared Files plugin <= 1.7.19 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2025-67958MEDIUMWordPress TaxCloud for WooCommerce plugin <= 8.3.8 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2026-24586MEDIUMWordPress Newses theme <= 2.0.0.77 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2024-49293MEDIUMWordPress WP VR plugin <= 8.5.4 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2026-24598MEDIUMWordPress Multilanguage by BestWebSoft plugin <= 1.5.2 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2025-22643MEDIUMWordPress OnePress theme <= 2.3.11 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2026-8690MEDIUMRentMy Real-Time Rental Management Plugin <= 4.0.4.1 - Missing Authorization to Unauthenticated Settings Update via rentmy_cdn_request AJAX ActionEPSS 0.3%CVE-2025-66075MEDIUMWordPress WP Cookie Notice for GDPR, CCPA & ePrivacy Consent plugin <= 4.0.3 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2026-12097MEDIUMUser Management <= 1.2 - Missing Authorization to Unauthenticated Plugin Settings ModificationEPSS 0.3%CVE-2025-24606MEDIUMWordPress Client Invoicing by Sprout Invoices – Easy Estimates and Invoices for WordPress plugin <=20.8.1 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2023-22674MEDIUMWordPress Dashicons + Custom Post Types Plugin <= 1.0.2 is vulnerable to Broken Access ControlEPSS 0.3%CVE-2025-68558MEDIUMWordPress Depicter Slider plugin <= 4.0.4 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2025-60129MEDIUMWordPress Yext Plugin <= 1.1.3 - Broken Access Control VulnerabilityEPSS 0.3%CVE-2025-48262MEDIUMWordPress Url Rewrite Analyzer plugin <= 1.3.3 - Broken Access Control VulnerabilityEPSS 0.3%CVE-2026-1298MEDIUMEasy Replace Image <= 3.5.2 - Missing Authorization to Authenticated (Contributor+) Arbitrary Attachment ReplacementEPSS 0.3%CVE-2025-10579MEDIUMBackWPup <= 5.5.0 - Missing Authorization to Sensitive Information ExposureEPSS 0.3%CVE-2025-62919MEDIUMWordPress TS Demo Importer plugin <= 0.1.3 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2026-5175MEDIUMImproper access control in the multi-factor authentication (MFA) management API in Devolutions Server allows an authenticated attacker to deEPSS 0.3%