Fallos del tipo CWE-862
6802 resultadosCVE-2022-45394MEDIUMA missing permission check in Jenkins Delete log Plugin 1.0 and earlier allows attackers with Item/Read permission to delete build logs.EPSS 0.5%CVE-2025-1682HIGHCardealer <= 1.6.4 - Arbitrary Theme Option Update to Authenticated (Subscriber+) Privilege EscalationEPSS 0.5%CVE-2022-45399MEDIUMA missing permission check in Jenkins Cluster Statistics Plugin 0.4.6 and earlier allows attackers to delete recorded Jenkins Cluster StatisEPSS 0.5%CVE-2024-3610MEDIUMWP Child Theme Generator <= 1.1.1 - Missing Authorization to Unauthenticated Child Theme Creation/ActivationEPSS 0.5%CVE-2025-26371HIGHA CWE-862 "Missing Authorization" in maxprofile/user-groups/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authEPSS 0.5%CVE-2025-26375HIGHA CWE-862 "Missing Authorization" in maxprofile/users/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticaEPSS 0.5%CVE-2024-43332MEDIUMWordPress Photo Engine plugin <= 6.4.0 - Broken Access Control vulnerabilityEPSS 0.5%CVE-2024-1566MEDIUMRedirects <= 1.2.1 - Missing Authorization via saveEPSS 0.5%CVE-2024-1127MEDIUMEventPrime – Events Calendar, Bookings and Tickets <= 3.4.1 - Missing Authorization to Authenticated (Subscriber+) Event ExportEPSS 0.5%CVE-2025-26378HIGHA CWE-862 "Missing Authorization" in maxprofile/users/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticaEPSS 0.5%CVE-2025-26369HIGHA CWE-862 "Missing Authorization" in maxprofile/user-groups/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authEPSS 0.5%CVE-2024-3599MEDIUMWP Cookie Consent ( for GDPR, CCPA & ePrivacy ) <= 3.0.2 - Missing Authorization to Unauthenticated Arbitrary Post DeletionEPSS 0.5%CVE-2026-40349HIGHAuthenticated Movary User Can Self-Escalate to Administrator via PUT /settings/users/{userId} by Setting isAdmin=trueEPSS 0.5%CVE-2024-53708MEDIUMWordPress AI Quiz plugin <= 1.1 - Broken Access Control vulnerabilityEPSS 0.5%CVE-2023-38508MEDIUMTuleap allows preview of a linked artifact with a type does not respect permissionsEPSS 0.5%CVE-2021-32504—Unauthenticated users can access sensitive web URLs through GET request, which should be restricted to maintenance users only. A malicious aEPSS 0.5%CVE-2026-26368HIGHJUNG eNet SMART HOME server 2.2.1/2.3.1 Account Takeover via resetUserPasswordEPSS 0.5%CVE-2024-25911HIGHWordPress MoveTo plugin <= 6.2 - Unauthenticated Arbitrary File Deletion vulnerabilityEPSS 0.5%CVE-2023-23825LOWWordPress Spectra – WordPress Gutenberg Blocks plugin <= 2.3.0 - Broken Access Control + CSRF on Import_WPforms vulnerabilityEPSS 0.5%CVE-2023-51672HIGHWordPress FunnelKit Checkout plugin <= 3.10.3 - Unauthenticated Arbitrary Post/Page Deletion vulnerabilityEPSS 0.5%