Fallos del tipo CWE-862
7009 resultadosCVE-2026-24356MEDIUMWordPress GetGenie plugin <= 4.3.0 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2025-14173MEDIUMPerfit WooCommerce <= 1.0.1 - Missing Authorization to Unauthenticated Arbitrary Plugin Settings DeletionEPSS 0.2%CVE-2026-1054MEDIUMRegistrationMagic <= 6.0.7.4 - Missing Authorization to Unauthenticated Arbitrary Settings ModificationEPSS 0.2%CVE-2025-31887MEDIUMWordPress MyBookProgress plugin <= 1.0.8 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2025-39367MEDIUMWordPress Kleo theme < 5.4.4 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2025-31886MEDIUMWordPress Social proof testimonials and reviews by Repuso plugin <= 5.21 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2025-68595MEDIUMWordPress Widgets for Social Photo Feed plugin <= 1.8 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2026-12134MEDIUMJoomSport <= 5.7.8 - Authenticated (Subscriber+) Missing Authorization to Arbitrary Group Creation/Modification via season_groupedit AJAX actionEPSS 0.2%CVE-2023-52217MEDIUMWordPress WooCommerce Conversion Tracking plugin <= 2.0.11 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2025-14351MEDIUMCustom Fonts – Host Your Fonts Locally <= 2.1.16 - Missing Authorization to Unauthenticated Font DeletionEPSS 0.2%CVE-2026-52711HIGHWordPress WooCommerce POS plugin <= 1.8.14 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2026-8678MEDIUMMyParcel <= 4.25.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Order Shipment Data Disclosure and Modification via wcmp_get_shipment_options and wcmp_save_shipment_options AJAX ActionsEPSS 0.2%CVE-2025-68045HIGHWordPress WP Event SOlution plugin <= 4.1.12 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2025-31408MEDIUMWordPress Zoho Flow plugin <= 2.13.3 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2026-12435MEDIUMMotors <= 1.4.111 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Meta Modification via 'stm_mark_as_sold_car' ParameterEPSS 0.2%CVE-2025-12898MEDIUMPretty Google Calendar <= 2.0.0 - Missing Authorization to Unauthenticated Google API Key ExposureEPSS 0.2%CVE-2026-56695HIGHOpenHarness - Cross-Session Disclosure via /resume and /summary CommandsEPSS 0.2%CVE-2024-13715MEDIUMzStore Manager Basic <= 3.311 - Missing Authorization to Authenticated (Subscriber+) Cache ClearingEPSS 0.2%CVE-2023-45245LOWSensitive information disclosure due to missing authorization. The following products are affected: Acronis Agent (Linux, macOS, Windows) beEPSS 0.2%CVE-2026-25768HIGHLavinMQ is missing vhost access controlEPSS 0.2%