Fallos del tipo CWE-862
6842 resultadosCVE-2024-2292HIGHAccess Control Vulnerabilities lead to Violation of Privacy and Modification of Personal DataEPSS 0.4%CVE-2023-5712MEDIUMSystem Dashboard <= 2.8.7 - Missing Authorization to Information Disclosure (sd_global_value)EPSS 0.4%CVE-2024-32810HIGHWordPress ShortPixel Critical CSS plugin <= 1.0.2 - Broken Access Control vulnerabilityEPSS 0.4%CVE-2025-30790MEDIUMWordPress Chatbox Manager plugin <= 1.2.2 - Broken Access Control VulnerabilityEPSS 0.4%CVE-2026-4283CRITICALWP DSGVO Tools (GDPR) <= 3.1.38 - Missing Authorization to Unauthenticated Account Destruction of Non-Admin UsersEPSS 0.4%CVE-2024-6698HIGHFundEngine – Donation and Crowdfunding Platform <= 1.7.0 - Authenticated (Subscriber+) Privilege EscalationEPSS 0.4%CVE-2024-1050MEDIUMImport and export users and customers <= 1.26.5 - Missing AuthorizationEPSS 0.4%CVE-2024-54252MEDIUMWordPress Pinpoint Booking System Plugin <= 2.9.9.5.7 - Broken Access Control vulnerabilityEPSS 0.4%CVE-2024-1562MEDIUMWooCommerce Google Sheet Connector <= 1.3.11 - Missing AuthorizationEPSS 0.4%CVE-2024-1285MEDIUMPage Builder Sandwich <= 5.1.0 - Missing Authorization to Authenticated(Subscriber+) Arbitrary Post EditingEPSS 0.4%CVE-2024-1716MEDIUMAdmin Bar Remover <= 1.0.2.2 - Missing Authorization to Authenticated (Subscriber+) Settings UpdateEPSS 0.4%CVE-2025-39545MEDIUMWordPress REST API Authentication plugin <= 3.6.3 - Settings Change VulnerabilityEPSS 0.4%CVE-2024-1178MEDIUMSportsPress – Sports Club & League Manager <= 2.7.17 - Missing Authorization to Unauthenticated Event Permalink UpdateEPSS 0.4%CVE-2024-3243MEDIUMCustomer Reviews for WooCommerce <= 5.46.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Email SendingEPSS 0.4%CVE-2023-26520MEDIUMWordPress Advanced Text Widget plugin <= 2.1.2 - Broken Access Control vulnerabilityEPSS 0.4%CVE-2024-37232HIGHWordPress Hercules Core plugin <= 6.5 - Subscriber+ Arbitrary Settings Change/Access vulnerabilityEPSS 0.4%CVE-2023-3587LOWInconsistent state in UI after boards permission change by system adminEPSS 0.4%CVE-2023-4938MEDIUMBEAR <= 1.1.3.3 - Missing Authorization to Product ManipulationEPSS 0.4%CVE-2023-38386HIGHWordPress Ninja Forms plugin <= 3.6.25 - Contributor+ Broken Access Control vulnerabilityEPSS 0.4%CVE-2024-13364MEDIUMRaptive Ads <= 3.6.3 - Missing Authorization to Unauthenticated Data/Settings ResetEPSS 0.4%