Fallos del tipo CWE-862
6804 resultadosCVE-2024-43923MEDIUMWordPress Timetics plugin <= 1.0.23 - Broken Access Control vulnerabilityEPSS 0.5%CVE-2024-28230MEDIUMIn JetBrains YouTrack before 2024.1.25893 attaching/detaching workflow to a project was possible without project admin permissionsEPSS 0.5%CVE-2024-53795MEDIUMWordPress Church Admin plugin <= 5.0.8 - Broken Access Control vulnerabilityEPSS 0.5%CVE-2024-1389MEDIUMPaid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction <= 2.11.1 - Missing Authorization via pms_stripe_connect_handle_authorization_returnEPSS 0.5%CVE-2021-24914—Tawk.to Live Chat < 0.6.0 - Subscriber+ Visitor Monitoring & Chat RemovalEPSS 0.5%CVE-2023-2353MEDIUMCHP Ads Block Detector <= 3.9.4 - Missing Authorization to Plugin Settings UpdateEPSS 0.5%CVE-2024-30508MEDIUMWordPress WP Hotel Booking plugin <= 2.0.9.2 - Broken Access Control vulnerabilityEPSS 0.5%CVE-2023-30518MEDIUMA missing permission check in Jenkins Thycotic Secret Server Plugin 1.0.2 and earlier allows attackers with Overall/Read permission to enumeEPSS 0.5%CVE-2021-24978—OSMapper <= 2.1.5 - Unauthenticated Arbitrary Post DeletionEPSS 0.5%CVE-2024-1318MEDIUMRSS Aggregator by Feedzy <= 4.4.2 - Missing Authorization to Arbitrary Page Creation and PublicationEPSS 0.5%CVE-2024-52554HIGHJenkins Shared Library Version Override Plugin 17.v786074c9fce7 and earlier declares folder-scoped library overrides as trusted, so that theEPSS 0.5%CVE-2024-6636CRITICALWooCommerce - Social Login <= 2.7.3 - Missing Authorization to Unauthenticated Privilege EscalationEPSS 0.5%CVE-2023-50375MEDIUMWordPress Translate WordPress – Google Language Translator plugin <= 6.0.19 - Broken Access Control vulnerabilityEPSS 0.5%CVE-2024-55993MEDIUMWordPress Job Board Manager plugin <= 2.1.61 - Broken Access Control vulnerabilityEPSS 0.5%CVE-2023-0404MEDIUMEvents Made Easy <= 2.3.16 - Missing AuthorizationEPSS 0.5%CVE-2022-47176MEDIUMWordPress Depicter Slider plugin <= 1.9.0 - Broken Access Control vulnerabilityEPSS 0.5%CVE-2023-30521MEDIUMA missing permission check in Jenkins Assembla merge request builder Plugin 1.1.13 and earlier allows unauthenticated attackers to trigger bEPSS 0.5%CVE-2023-27304—Operation restriction bypass vulnerability in Message and Bulletin of Cybozu Garoon 4.6.0 to 5.9.2 allows a remote authenticated attacker toEPSS 0.5%CVE-2024-1119MEDIUMOrder Tip for WooCommerce <= 1.3.1 - Missing Authorization to Unauthenticated Data ExportEPSS 0.5%CVE-2021-25042—WP Visitor Statistics (Real Time Traffic) < 5.5 - Arbitrary IP Address Exclusion to Stored XSSEPSS 0.5%