Fallos del tipo CWE-862
7009 resultadosCVE-2025-49888HIGHWordPress PW WooCommerce On Sale! plugin <= 1.39 - Broken Access Control VulnerabilityEPSS 0.2%CVE-2025-13334HIGHBlaze Demo Importer 1.0.0 - 1.0.13 - Missing Authorization to Authenticated (Subscriber+) Database Reset and File DeletionEPSS 0.2%CVE-2025-32236MEDIUMWordPress Woocommerce Products Reorder Drag Drop Multiple Sort plugin <= 1.9 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2026-5572MEDIUMTechnostrobe HI-LED-WR120-G2 cross-site request forgeryEPSS 0.2%CVE-2026-27387MEDIUMWordPress DirectoryPress plugin <= 3.6.26 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2026-0635MEDIUMResponsive Accordion Slider <= 1.2.2 - Missing Authorization to Authenticated (Contributor+) Slider Update via 'resp_accordion_silder_save_images'EPSS 0.2%CVE-2025-64276MEDIUMWordPress Survey Maker plugin <= 5.1.9.4 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2020-10746—A flaw was found in Infinispan (org.infinispan:infinispan-server-runtime) version 10, where it permits local access to controls via both RESEPSS 0.2%CVE-2025-10694MEDIUMUser Feedback – Create Interactive Feedback Form, User Surveys, and Polls in Seconds <= 1.8.0 - Missing Authorization to Information DisclosureEPSS 0.2%CVE-2025-31886MEDIUMWordPress Social proof testimonials and reviews by Repuso plugin <= 5.21 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2026-12134MEDIUMJoomSport <= 5.7.8 - Authenticated (Subscriber+) Missing Authorization to Arbitrary Group Creation/Modification via season_groupedit AJAX actionEPSS 0.2%CVE-2026-52711HIGHWordPress WooCommerce POS plugin <= 1.8.14 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2025-68045HIGHWordPress WP Event SOlution plugin <= 4.1.12 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2025-39367MEDIUMWordPress Kleo theme < 5.4.4 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2026-12435MEDIUMMotors <= 1.4.111 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Meta Modification via 'stm_mark_as_sold_car' ParameterEPSS 0.2%CVE-2026-56038HIGHWordPress Frisbii Pay plugin <= 1.8.2 - Privilege Escalation vulnerabilityEPSS 0.2%CVE-2025-32277MEDIUMWordPress RepairBuddy plugin <= 3.8213 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2025-8682MEDIUMNewsup <= 5.0.10 - Missing Authorization to Authenticated (Subscriber+) Plugin InstallationEPSS 0.2%CVE-2025-14173MEDIUMPerfit WooCommerce <= 1.0.1 - Missing Authorization to Unauthenticated Arbitrary Plugin Settings DeletionEPSS 0.2%CVE-2026-24356MEDIUMWordPress GetGenie plugin <= 4.3.0 - Broken Access Control vulnerabilityEPSS 0.2%