Fallos del tipo CWE-862
6794 resultadosCVE-2025-30772HIGHWordPress WPC Smart Upsell Funnel for WooCommerce plugin <= 3.0.4 - Arbitrary Option Update to Privilege Escalation vulnerabilityEPSS 0.6%CVE-2024-11334MEDIUMMy Contador lesr <= 2.0 - Missing Authorization to Unauthenticated User Registration CSV ExportEPSS 0.6%CVE-2024-53473HIGHWeGIA 3.2.0 before 3998672 does not verify permission to change a password.EPSS 0.6%CVE-2022-46850HIGHWordPress Easy Media Replace Plugin <= 0.1.3 is vulnerable to Arbitrary File DeletionEPSS 0.6%CVE-2023-33983HIGHThe Introduction Client in Briar through 1.5.3 does not implement out-of-band verification for the public keys of introducees. An introducerEPSS 0.6%CVE-2023-49167MEDIUMWordPress Database for CF7 plugin <= 1.2.4 - Broken Access Control vulnerabilityEPSS 0.6%CVE-2023-2189MEDIUMElementor Addons, Widgets and Enhancements – Stax <= 1.4.3 - Missing Authorization in toggle_widgetEPSS 0.6%CVE-2023-3442HIGHMissing Authorization in Jenkins plug-in for ServiceNow DevOpsEPSS 0.6%CVE-2023-34234MEDIUMGovernor proposal creation may be blocked by frontrunning in OpenZeppelinEPSS 0.6%CVE-2022-3622MEDIUMBlog2Social <= 6.9.11 - Missing Authorization to Authenticated (Subscriber+) Settings UpdateEPSS 0.6%CVE-2024-38002CRITICALThe workflow component in Liferay Portal 7.3.2 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, EPSS 0.6%CVE-2026-33137CRITICALXWiki Platform has an Unauthenticated XAR Import via REST /wikis/{wikiName}EPSS 0.6%CVE-2021-33704MEDIUMThe Service Layer of SAP Business One, version - 10.0, allows an authenticated attacker to invoke certain functions that would otherwise be EPSS 0.6%CVE-2024-56048HIGHWordPress WPLMS plugin <= 1.9.9 - Arbitrary Option Update to Privilege Escalation vulnerabilityEPSS 0.6%CVE-2024-13643HIGHZox News <= 3.17.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options ModificationEPSS 0.6%CVE-2026-47281CRITICALVisual Studio Code Elevation of Privilege VulnerabilityEPSS 0.6%CVE-2023-0447MEDIUMMy YouTube Channel <= 3.0.12.1 - Missing AuthorizationEPSS 0.6%CVE-2024-7648MEDIUMOpal Membership <= 1.2.4 - Authenticated (Subscriber+) Information DisclosureEPSS 0.6%CVE-2023-2193MEDIUMOauth authorization codes do not expire when deauthorizing an oauth2 appEPSS 0.6%CVE-2025-55145HIGHMissing authorization in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 2.EPSS 0.6%