Fallos del tipo CWE-862
7024 resultadosCVE-2026-39663MEDIUMWordPress TrueBooker plugin <= 1.1.5 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2024-36995MEDIUMLow-privileged user could create experimental itemsEPSS 0.2%CVE-2026-25386MEDIUMWordPress Ally plugin <= 4.0.2 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2026-39643MEDIUMWordPress Payment Plugins for PayPal WooCommerce plugin <= 2.0.13 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2025-48167MEDIUMWordPress Chatbox Manager plugin <= 1.2.5 - Broken Access Control VulnerabilityEPSS 0.2%CVE-2026-3552MEDIUMSurfLink < 2.6.0 - Missing Authorization to Authenticated (Subscriber+) 410 Gone URL Import via 'surfl_import_410' AJAX ActionEPSS 0.2%CVE-2026-54840HIGHWordPress Newsletters plugin <= 4.13 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2025-25241MEDIUMMissing Authorization check in SAP Fiori Apps Reference Library (My Overtime Requests)EPSS 0.2%CVE-2026-56402HIGHNanoClaw < 2.1.17 - Privilege Escalation via Unverified Approval Response HandlerEPSS 0.2%CVE-2025-64254LOWWordPress Photo Block plugin <= 1.5.1 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2026-1003MEDIUMGetGenie – AI Content Writer with Keyword Research & SEO Tracking Tools <= 4.3.0 - Missing Authorization to Authenticated (Author+) Arbitrary Post DeletionEPSS 0.2%CVE-2026-12729MEDIUMweDocs: AI Powered Knowledge Base, Docs, Documentation, Wiki & AI Chatbot <= 2.3.0 - Missing Authorization to Authenticated (Subscriber+) Data Migration via wedocs_migrate_betterdocs_to_wedocs AJAX ActionEPSS 0.2%CVE-2026-43568HIGHOpenClaw 2026.4.5 through 2026.4.9 - Privilege Escalation via Memory Dreaming Configuration in /dreaming EndpointEPSS 0.2%CVE-2025-11835MEDIUMPaid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction <= 2.16.4 - Missing Authorization to Unauthenticated Arbitrary Member Subscription Auto RenewalEPSS 0.2%CVE-2025-64370MEDIUMWordPress YOP Poll plugin <= 6.5.38 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2026-12738MEDIUMWP Easy Pay <= 4.5.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Status Modification via wpep_draft_confirm AJAX ActionEPSS 0.2%CVE-2025-43311MEDIUMThis issue was addressed with additional entitlement checks. This issue is fixed in macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26. AEPSS 0.2%CVE-2026-34261MEDIUMMissing Authorization check in SAP Business Analytics and SAP Content ManagementEPSS 0.2%CVE-2026-11364MEDIUMProduct Specifications for Woocommerce <= 0.8.9 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Attribute/Group Creation, Modification, and Deletion via 'dwps_modify_groups' and 'dwps_modify_attributes' AJAX ActionsEPSS 0.2%CVE-2022-46845MEDIUMWordPress Slider a SlidersPack plugin <= 2.0.2 - Broken Access Control vulnerabilityEPSS 0.2%