Fallos del tipo CWE-862

6846 resultados
CVE-2025-24652MEDIUMWordPress WP Duplicate plugin <= 1.1.6 - Broken Access Control vulnerabilityEPSS 0.4%CVE-2021-47701HIGHOpenBMCS User Management Privilege EscalationEPSS 0.4%CVE-2023-47822MEDIUMWordPress MP3 Audio Player for Music, Radio & Podcast by Sonaar plugin <= 4.10 - Broken Access Control vulnerabilityEPSS 0.4%CVE-2024-50500MEDIUMWordPress Phlox Core Elements plugin <= 2.17.4 - Broken Access Control vulnerabilityEPSS 0.4%CVE-2025-8712MEDIUMMissing authorization in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 22EPSS 0.4%CVE-2022-47168MEDIUMWordPress Printful Integration for WooCommerce plugin <= 2.2.3 - Cross Site Request Forgery (CSRF)EPSS 0.4%CVE-2024-54384MEDIUMWordPress Falcon – WordPress Optimizations & Tweaks plugin <= 2.8.3 - Broken Access Control vulnerabilityEPSS 0.4%CVE-2024-22156MEDIUMWordPress SalesKing plugin <= 1.6.15 - Unauthenticated Plugin Settings Change vulnerabilityEPSS 0.4%CVE-2024-8513MEDIUMQA Analytics <= 4.1.1.1 - Missing Authorization to Unauthenticated Settings UpdateEPSS 0.4%CVE-2024-53785MEDIUMWordPress Chatter plugin <= 1.0.1 - Broken Access Control vulnerabilityEPSS 0.4%CVE-2026-58168HIGHDeepTutor < 1.4.10 - Insecure Default Grants Unrestricted MCP Tool Access to Non-Admin UsersEPSS 0.4%CVE-2023-41651MEDIUMWordPress Multi-column Tag Map plugin <= 17.0.26 - Broken Access Control vulnerabilityEPSS 0.4%CVE-2025-12158CRITICALSimple User Capabilities <= 1.0 - Missing Authorization to Authenticated (Subscriber+) Privilege EscalationEPSS 0.4%CVE-2026-1937HIGHYayMail <= 4.3.2 - Missing Authorization to Authenticated (Shop Manager+) Arbitrary Options Update via 'yaymail_import_state' AJAX ActionEPSS 0.4%CVE-2024-12881HIGHPlugVersions – Easily rollback to previous versions of your plugins <= 0.0.7 - Missing Authorization to Authenticated (Subscriber+) Arbitrary File CreationEPSS 0.4%CVE-2022-3096MEDIUMWP Total Hacks <= 4.7.2 - Subscriber+ Arbitrary Options Update to Stored XSSEPSS 0.4%CVE-2023-47764MEDIUMWordPress Ditty plugin <= 3.1.24 - Broken Access Control vulnerabilityEPSS 0.4%CVE-2024-1798MEDIUMTutor LMS – Migration Tool <= 2.2.0 - Missing Authorization in tutor_lp_export_xmlEPSS 0.4%CVE-2022-47594MEDIUMWordPress Essential Blocks for Gutenberg plugin <= 3.8.5 - Broken Access ControlEPSS 0.4%CVE-2025-1402MEDIUMEvent Tickets and Registration <= 5.19.1.1 - Missing Authorization to Ticket DeletionEPSS 0.4%