Fallos del tipo CWE-862

7033 resultados
CVE-2025-29012MEDIUMWordPress CF7 7 Mailchimp Add-on plugin < 2.4 - Broken Access Control VulnerabilityEPSS 0.2%CVE-2026-2301MEDIUMPost Duplicator <= 3.0.8 - Missing Authorization to Authenticated (Contributor+) Protected Post Meta Insertion via 'customMetaData' ParameterEPSS 0.2%CVE-2023-25445MEDIUMWordPress HappyFiles Pro plugin <= 1.8.1 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2026-39595MEDIUMWordPress W3 Total Cache plugin <= 2.9.1 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2025-64294MEDIUMWordPress WP Snow Effect plugin <= 1.1.19 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2025-14038HIGHEDB Hybrid Manager contains a flaw that allows an unauthenticated attacker to directly access certain gRPC endpoints. This could allow an atEPSS 0.2%CVE-2026-4881MEDIUMIn affected versions of Octopus Server, permissions were not checked correctly resulting in any authenticated user being able to make serverEPSS 0.2%CVE-2025-12583MEDIUMSimple Downloads List <= 1.4.3 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site ScriptingEPSS 0.2%CVE-2026-57731MEDIUMWordPress Flatsome theme <= 3.20.5 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2025-3997MEDIUMdazhouda lecms Personal Information Page index.php cross-site request forgeryEPSS 0.2%CVE-2025-5919MEDIUMAppointment Booking and Scheduling Calendar Plugin – WP Timetics <= 1.0.36 - Missing Authorization to Unauthenticated Booking Details View And ModificationEPSS 0.2%CVE-2024-58337HIGHAkuvox Smart Intercom S539 Improper Access Control via ServicesHTTPAPIEPSS 0.2%CVE-2026-53844MEDIUMOpenClaw < 2026.4.29 - Session Visibility Check Bypass in Shared Memory SearchEPSS 0.2%CVE-2026-5356HIGHLatePoint - Calendar Booking Plugin for Appointments and Events <= 5.4.0 - Unauthenticated Stripe PaymentIntent Amount-Binding BypassEPSS 0.2%CVE-2026-25311MEDIUMWordPress Autoshare for Twitter plugin <= 2.3.1 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2025-62935MEDIUMWordPress Open Close WooCommerce Store plugin <= 5.0.0 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2025-62098MEDIUMWordPress Portfolio Gallery plugin <= 1.4.8 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2026-33708MEDIUMChamilo LMS has REST API PII Exposure via get_user_info_from_usernameEPSS 0.2%CVE-2026-24570MEDIUMWordPress Edwiser Bridge plugin <= 4.3.2 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2023-48676LOWSensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Cyber Protect CEPSS 0.2%