Fallos del tipo CWE-862
6795 resultadosCVE-2025-53640MEDIUMIndico vulnerable to user enumeration via API endpointEPSS 0.6%CVE-2024-10528MEDIUMUltimate Member <= 2.8.9 - Missing Authorization to Authenticated (Subscriber+) Arbitrary User Profile Picture UpdateEPSS 0.6%CVE-2023-25060MEDIUMWordPress Album and Image Gallery plus Lightbox plugin <= 1.6.2 - Broken Access Control vulnerabilityEPSS 0.6%CVE-2024-12269HIGHSafe Ai Malware Protection for WP <= 1.0.17 - Missing Authorization to Unauthenticated Database ExportEPSS 0.6%CVE-2023-51359MEDIUMWordPress Essential Blocks plugin <= 4.2.0 - Multiple Contributor+ Broken Access Control vulnerabilityEPSS 0.6%CVE-2023-49756MEDIUMWordPress Eventin plugin <= 3.3.52 - Authenticated Notice Dismissal VulnerabilityEPSS 0.6%CVE-2023-32677LOWUsers who can send invitations can erroneously add users to streams during invitation in ZulipEPSS 0.6%CVE-2023-23886MEDIUMWordPress WP-RecentComments plugin <= 2.2.7 - Broken Access Control vulnerabilityEPSS 0.6%CVE-2023-25959MEDIUMWordPress Apollo13 Framework Extensions plugin <= 1.8.10 - Broken Access ControlEPSS 0.6%CVE-2024-7043HIGHImproper Access Control in open-webui/open-webuiEPSS 0.6%CVE-2023-6840MEDIUMMissing Authorization in GitLabEPSS 0.6%CVE-2024-3608MEDIUMProduct Designer <= 1.0.33 - Missing Authorization to Unauthenticated Arbitrary Attachment DeletionEPSS 0.6%CVE-2026-32622HIGHSQLBot: Remote Code Execution via Terminology PoisoningEPSS 0.6%CVE-2023-48247MEDIUMThe vulnerability allows an unauthenticated remote attacker to read arbitrary files under the context of the application OS user (“root”) viEPSS 0.6%CVE-2023-6557MEDIUMThe Events Calendar <= 6.2.8.2 - Unauthenticated Sensitive Information ExposureEPSS 0.6%CVE-2024-1121MEDIUMAdvanced Forms for ACF <= 1.9.3.2 - Missing Authorization to Unauthenticated Form Settings ExportEPSS 0.6%CVE-2026-6937MEDIUMAppointment Booking Calendar <= 1.6.11.8 - Missing Authorization to Unauthenticated Arbitrary Modification via Bulk Appointments REST API EndpointEPSS 0.6%CVE-2024-1807MEDIUMProduct Sort and Display for WooCommerce <= 2.4.1 - Missing AuthorizationEPSS 0.6%CVE-2024-43932MEDIUMWordPress The Plus Addons for Elementor plugin <= 5.6.2 - Broken Access Control vulnerabilityEPSS 0.6%CVE-2023-2715MEDIUMGroundhogg <= 2.7.9.8 - Missing Authorization to Admin Account and Ticket CreationEPSS 0.6%