Fallos del tipo CWE-862
7018 resultadosCVE-2025-49982MEDIUMWordPress WP Customer Area plugin <= 8.3.4 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2026-41658MEDIUMAdmidio: Missing Authorization on Inventory Module Destructive Endpoints Allows Any Authenticated User to Delete ItemsEPSS 0.2%CVE-2025-14061MEDIUMCookie Banner, Cookie Consent, Consent Log, Cookie Scanner, Script Blocker (for GDPR, CCPA & ePrivacy) : WP Cookie Consent <= 4.0.7 - Missing Authorization to Unauthenticated Arbitrary Post DeletionEPSS 0.2%CVE-2025-14755MEDIUMCost Calculator Builder <= 4.0.1 - Unauthenticated Price Manipulation and Insecure Direct Object ReferenceEPSS 0.2%CVE-2025-64142MEDIUMA missing permission check in Jenkins Nexus Task Runner Plugin 0.9.2 and earlier allows attackers with Overall/Read permission to connect toEPSS 0.2%CVE-2025-66083MEDIUMWordPress WpEvently plugin <= 5.0.4 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2025-8488MEDIUMUltimate Addons for Elementor (Formerly Elementor Header & Footer Builder) <= 2.4.6 - Missing Authorization to Authenticated (Subscriber+) Limited Settings UpdateEPSS 0.2%CVE-2026-45244LOWSummarize < 0.15.1 Unapproved Browser Automation ExecutionEPSS 0.2%CVE-2025-14948MEDIUMminiOrange OTP Verification and SMS Notification for WooCommerce <= 4.3.8 - Missing Authorization to Unauthenticated Notification Settings ModificationEPSS 0.2%CVE-2025-66077MEDIUMWordPress Legal Pages plugin <= 1.4.6 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2026-8688MEDIUMAdvance Nav Menu Manager <= 1.3 - Missing Authorization to Authenticated (Subscriber+) Nav Menu Item Modification via anmm_save_menu_data AJAX ActionEPSS 0.2%CVE-2025-49976MEDIUMWordPress WANotifier plugin <= 2.7.12 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2025-14608MEDIUMWP Last Modified Info <= 1.9.5 - Insecure Direct Object Reference to Authenticated (Author+) Post Metadata ModificationEPSS 0.2%CVE-2025-12449MEDIUMaBlocks – WordPress Gutenberg Blocks <= 2.4.0 - Missing Authorization to Authenticated (Subscriber+) Settings ModificationEPSS 0.2%CVE-2026-28380MEDIUMBAC in Snapshot API allows deletion of unauthorized dashboard snapshotsEPSS 0.2%CVE-2022-45813MEDIUMWordPress Advanced AJAX Product Filters plugin <= 1.6.3.3 - Broken Access Control + CSRFEPSS 0.2%CVE-2025-5812MEDIUMVG WORT METIS <= 2.0.0 - Missing Authorization to Authenticated (Subscriber+) Limited Settings UpdateEPSS 0.2%CVE-2025-14880MEDIUMNetcash WooCommerce Payment Gateway <= 4.1.3 - Missing Authorization to Unauthenticated Order Status ModificationEPSS 0.2%CVE-2025-64139MEDIUMA missing permission check in Jenkins Start Windocks Containers Plugin 1.4 and earlier allows attackers with Overall/Read permission to connEPSS 0.2%CVE-2026-9237MEDIUMEmployee, Leave and Recruitment Management System <= 1.2.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Job Deletion via crewhrm_singleJobAction AJAX ActionEPSS 0.2%