Fallos del tipo CWE-862

7020 resultados
CVE-2025-7834MEDIUMPHPGurukul Complaint Management System cross-site request forgeryEPSS 0.2%CVE-2026-32546HIGHWordPress Restrict Content plugin <= 3.2.22 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2025-41012HIGHUnauthorized access vulnerability in TCMAN GIMEPSS 0.2%CVE-2026-45001MEDIUMOpenClaw < 2026.4.20 - Gateway Config Mutation Guard Bypass via Agent Tool AccessEPSS 0.2%CVE-2025-6476MEDIUMSourceCodester Gym Management System cross-site request forgeryEPSS 0.2%CVE-2026-39688MEDIUMWordPress WP Frontend Profile plugin <= 1.3.9 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2026-43579MEDIUMOpenClaw < 2026.4.10 - Insufficient Access Control in Nostr Profile Mutation RoutesEPSS 0.2%CVE-2026-39664MEDIUMWordPress Leadrebel plugin <= 1.0.2 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2026-32416MEDIUMWordPress PDF Poster plugin <= 2.4.0 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2025-13866MEDIUMFlow-Flow Social Feed Stream 3.0.0 - 4.7.5 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting via flow_flow_social_auth AJAX actionEPSS 0.2%CVE-2025-62954MEDIUMWordPress Revive Old Posts plugin <= 9.3.3 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2025-67559MEDIUMWordPress Online Booking & Scheduling Calendar for WordPress by vcita plugin <= 4.5.5 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2025-27461HIGHCVE-2025-27461EPSS 0.2%CVE-2025-62999MEDIUMWordPress Litho Addons plugin <= 3.5 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2025-63034MEDIUMWordPress Page View Count plugin <= 2.9.0 - Settings Change vulnerabilityEPSS 0.2%CVE-2025-13179MEDIUMBdtask/CodeCanyon Wholesale Inventory Control and Inventory Management System cross-site request forgeryEPSS 0.2%CVE-2025-7133MEDIUMCodeAstro Online Movie Ticket Booking System cross-site request forgeryEPSS 0.2%CVE-2025-13880MEDIUMWP Social Ninja - Embed Social Feeds, Customer Reviews, Chat Widgets (Google Reviews, YouTube Feed, Photo Feeds, and More) <= 4.0.1 - Missing Authorization to Unauthenticated Plugin's Settings Disclosure And ModificationEPSS 0.2%CVE-2025-12953MEDIUMClassified Listing – AI-Powered Classified ads & Business Directory Plugin <= 5.2.0 - Missing Authorization to Authenticated (Subscriber+) Listing Types TamperingEPSS 0.2%CVE-2025-62952MEDIUMWordPress ChatBot plugin <= 7.7.3 - Broken Access Control vulnerabilityEPSS 0.2%