Fallos del tipo CWE-862

6840 resultados
CVE-2025-23916MEDIUMWordPress WP Meetup plugin <= 2.3.0 - Settings Change vulnerabilityEPSS 0.4%CVE-2023-5711MEDIUMSystem Dashboard <= 2.8.8 - Missing Authorization to Information Disclosure (sd_php_info)EPSS 0.4%CVE-2025-31780MEDIUMWordPress Append Content plugin <= 2.1.1 - CSRF to Settings Change vulnerabilityEPSS 0.4%CVE-2023-5714MEDIUMSystem Dashboard <= 2.8.7 - Missing Authorization to Information Disclosure (sd_db_specs)EPSS 0.4%CVE-2024-53810CRITICALWordPress Simple User Registration plugin <= 5.5 - Broken Access Control on User Deletion vulnerabilityEPSS 0.4%CVE-2024-33956MEDIUMWordPress Custom WooCommerce Checkout Fields Editor plugin <= 1.3.0 - Broken Access Control vulnerabilityEPSS 0.4%CVE-2024-1690MEDIUMTeraWallet – Best WooCommerce Wallet System With Cashback Rewards, Partial Payment, Wallet Refunds <= 1.4.10 - Missing Authorization to Authenticated (Subscriber+) User Email ExportEPSS 0.4%CVE-2022-46840MEDIUMWordPress JS Help Desk plugin <= 2.7.1 - Broken Access ControlEPSS 0.4%CVE-2024-39650HIGHWordPress WooCommerce PDF Vouchers plugin < 4.9.5 - Unauthenticated Multiple VulnerabilitiesEPSS 0.4%CVE-2024-1733MEDIUMWord Replacer Pro <= 1.0 - Missing Authorization to Unauthenticated Arbitrary Content UpdateEPSS 0.4%CVE-2023-41951MEDIUMWordPress rtMedia for WordPress, BuddyPress and bbPress plugin <= 4.6.14 - Broken Access Control vulnerabilityEPSS 0.4%CVE-2025-6993HIGHUltimate WP Mail 1.0.17 - 1.3.6 - Missing Authorization to Authenticated (Contributor+) Privilege Escalation via get_email_log_details FunctionEPSS 0.4%CVE-2024-23518MEDIUMWordPress ACF Photo Gallery Field plugin <= 2.6 - Broken Access Control vulnerabilityEPSS 0.4%CVE-2026-3595MEDIUMRiaxe Product Customizer <= 2.1.2 - Unauthenticated Arbitrary User Deletion via 'user_id' ParameterEPSS 0.4%CVE-2024-13719MEDIUMPeproDev Ultimate Invoice <= 2.0.9 - Insecure Direct Object Reference to Unauthenticated Order Information ExposureEPSS 0.4%CVE-2024-1763MEDIUMWp Social Login and Register Social Counter <= 3.0.0 - Missing Authorization to Unauthenticated Social Login/Share Status UpdateEPSS 0.4%CVE-2024-43314MEDIUMWordPress Asset CleanUp: Page Speed Booster plugin <= 1.3.9.3 - Broken Access Control vulnerabilityEPSS 0.4%CVE-2024-43298MEDIUMWordPress Clone plugin <= 2.4.5 - Broken Access Control vulnerabilityEPSS 0.4%CVE-2024-10092MEDIUMDownload Monitor <= 5.0.12 - Missing Authorization to API Key ManipulationEPSS 0.4%CVE-2024-33912HIGHWordPress Academy LMS plugin <= 1.9.16 - Broken Access Control on Paid Courses vulnerabilityEPSS 0.4%