Fallos del tipo CWE-862

6820 resultados
CVE-2022-4972HIGHDownload Monitor <= 4.7.51 - Missing Authorization to Unauthenticated Data ExportEPSS 0.5%CVE-2024-5541MEDIUMIbtana - WordPress Website Builder <= 1.2.3.3 - Unauthenticated reCAPTCHA Settings UpdateEPSS 0.5%CVE-2023-23893MEDIUMWordPress Simple Giveaways plugin <= 2.48.0 - Broken Access Control vulnerabilityEPSS 0.5%CVE-2024-11355MEDIUMUltimate YouTube Video & Shorts Player With Vimeo <= 3.3 - Missing Authorization to Authenticated (Subscriber+) Setting ExposureEPSS 0.5%CVE-2025-32542HIGHWordPress Eazy Plugin Manager plugin <= 4.3.0 - Broken Access Control vulnerabilityEPSS 0.5%CVE-2024-32432MEDIUMWordPress Ovic Addon Toolkit plugin <= 2.6.1 - Broken Access Control vulnerabilityEPSS 0.5%CVE-2023-36676MEDIUMWordPress Spectra plugin <= 2.6.6 - Broken Access Control vulnerabilityEPSS 0.5%CVE-2024-55994MEDIUMWordPress 畅言评论系统 plugin <= 2.0.5 - Broken Access Control vulnerabilityEPSS 0.5%CVE-2025-32220MEDIUMWordPress Salon booking system plugin <= 10.30.23 - Broken Access Control vulnerabilityEPSS 0.5%CVE-2026-34042HIGHact: actions/cache server allows malicious cache injectionEPSS 0.5%CVE-2022-39975MEDIUMThe Layout module in Liferay Portal v7.3.3 through v7.4.3.34, and Liferay DXP 7.3 before update 10, and 7.4 before update 35 does not check EPSS 0.5%CVE-2026-4277CRITICALPrivilege abuse in GenericInlineModelAdminEPSS 0.5%CVE-2023-6369MEDIUMExport WP Page to Static HTML/CSS <= 2.1.9 - Missing Authorization via Multiple AJAX ActionsEPSS 0.5%CVE-2023-4730MEDIUMLadiApp: Landing Page, PopupX, Marketing Automation, Affiliate Marketing… <= 4.3 - Missing Authorization via init_endpointEPSS 0.5%CVE-2023-4606HIGHAn authenticated XCC user with Read-Only permission can change a different user’s password through a crafted API command.   This affects ThEPSS 0.5%CVE-2023-28990MEDIUMWordPress Viral Mag theme <= 1.0.9 - Authenticated Arbitrary Plugin Activation VulnerabilityEPSS 0.5%CVE-2025-30809MEDIUMWordPress WordPress Contact Form, Drag and Drop Form Builder Plugin – Live Forms plugin <= 4.8.4 - Settings Change vulnerabilityEPSS 0.5%CVE-2023-27456MEDIUMWordPress Total theme <= 2.1.19 - Authenticated Arbitrary Plugin ActivationEPSS 0.5%CVE-2025-30839MEDIUMWordPress Taxi Booking Manager for WooCommerce plugin <= 1.2.1 - Broken Access Control vulnerabilityEPSS 0.5%CVE-2025-30817MEDIUMWordPress Z Companion plugin <= 1.0.13 - Broken Access Control vulnerabilityEPSS 0.5%