Fallos del tipo CWE-862
7039 resultadosCVE-2026-24541MEDIUMWordPress Download After Email plugin <= 2.1.9 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2025-12354MEDIUMLive CSS Preview <= 2.1.4 - Missing Authorization to Authenticated (Subscriber+) Settings UpdateEPSS 0.2%CVE-2026-1142MEDIUMPHPGurukul News Portal cross-site request forgeryEPSS 0.2%CVE-2026-45550CRITICALRoxy-WI: IDOR on PUT /smon/check — any user can rewrite any tenant's monitoring URL/IP/bodyEPSS 0.2%CVE-2026-12955MEDIUMCookie Banner for GDPR / CCPA <= 4.3.6 - Missing Authorization to Authenticated (Subscriber+) Scan Schedule Modification via gcc_save_schedule_scan AJAX ActionEPSS 0.2%CVE-2023-20955HIGHIn onPrepareOptionsMenu of AppInfoDashboardFragment.java, there is a possible way to bypass admin restrictions and uninstall applications foEPSS 0.2%CVE-2026-5296MEDIUMMissing Authorization in GitLabEPSS 0.2%CVE-2026-9235MEDIUMDHL eCommerce (Benelux) for WooCommerce <= 2.2.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Shipping Label Creation and Deletion via dhlpwc_label_create and dhlpwc_label_delete AJAX ActionsEPSS 0.2%CVE-2025-12579MEDIUMReuters Direct <= 3.0.0 - Missing Authorization to Unauthenticated Settings ResetEPSS 0.2%CVE-2026-57339MEDIUMWordPress Business Directory plugin <= 6.4.23 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2026-54190MEDIUMWordPress Envira Photo Gallery plugin <= 1.12.5 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2026-30920HIGHOneUptime has broken access control in GitHub App installation flow that allows unauthorized project bindingEPSS 0.2%CVE-2026-9240MEDIUMColissimo Officiel : Méthodes de livraison pour WooCommerce <= 2.9.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Order Shipment Modification via lpc_order_affect AJAX actionEPSS 0.2%CVE-2026-42671MEDIUMWordPress GeoDirectory plugin <= 2.8.157 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2026-57334MEDIUMWordPress WP User Frontend plugin <= 4.3.7 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2025-12355MEDIUMPayaza <= 0.3.8 - Missing Authorization to Unauthenticated Order Status UpdateEPSS 0.2%CVE-2026-23875MEDIUMCrawlChat's Discord Bot has a Knowledge Permission vulnerabilityEPSS 0.2%CVE-2026-40809MEDIUMWordPress Metro Magazine theme <= 1.4.1 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2025-11991MEDIUMJetFormBuilder <= 3.5.3 - Missing Authorization to Unauthenticated Form GenerationEPSS 0.2%CVE-2025-10304MEDIUMEverest Backup – WordPress Cloud Backup, Migration, Restore & Cloning Plugin <= 2.3.8 - Missing Authorization to Unauthenticated Backup FailureEPSS 0.2%