Fallos del tipo CWE-862

6850 resultados
CVE-2023-32295MEDIUMWordPress Easy!Appointments plugin <= 1.3.3 - Arbitrary File Deletion vulnerabilityEPSS 0.4%CVE-2023-33998MEDIUMWordPress Easy Social Icons plugin <= 3.2.5 - Broken Access Control vulnerabilityEPSS 0.4%CVE-2023-30783MEDIUMWordPress Smart WooCommerce Search plugin <= 2.5.0 - Broken Access ControlEPSS 0.4%CVE-2024-5856MEDIUMComment Images Reloaded <= 2.2.1 - Authenticated (Subscriber+) Arbitrary Media DeletionEPSS 0.4%CVE-2023-5387MEDIUMFunnelforms Free <= 3.4 - Missing Authorization to Enable/Disable Dark ModeEPSS 0.4%CVE-2023-5506MEDIUMImageMapper <= 1.2.6 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Page/Post Deletion via imgmap_delete_area_ajaxEPSS 0.4%CVE-2022-38141MEDIUMWordPress Sales Report Email for WooCommerce Plugin <= 2.8 is vulnerable to Broken Access ControlEPSS 0.4%CVE-2023-5416MEDIUMFunnelforms Free <= 3.4 - Missing Authorization to Category DeletionEPSS 0.4%CVE-2025-1657HIGHDirectory Listings WordPress plugin – uListing <= 2.2.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Meta Update and PHP Object InjectionEPSS 0.4%CVE-2023-47183MEDIUMWordPress GiveWP plugin <= 2.33.1 - Broken Access Control vulnerabilityEPSS 0.4%CVE-2021-47932CRITICALWordPress TheCartPress 1.5.3.6 Privilege Escalation UnauthenticatedEPSS 0.4%CVE-2020-36840HIGHTimetable and Event Schedule by MotoPress <= 2.3.8 - Missing AuthorizationEPSS 0.4%CVE-2026-4650MEDIUMFundPress <= 2.0.8 - Missing Authorization to Unauthenticated Arbitrary Donation Status Modification via donate_action_status AJAX HandlerEPSS 0.4%CVE-2023-29429MEDIUMWordPress User Registration plugin <= 2.3.2.1 - Broken Access Control vulnerabilityEPSS 0.4%CVE-2024-31276MEDIUMWordPress Products, Order & Customers Export for WooCommerce plugin <= 2.0.8 - Broken Access Control vulnerabilityEPSS 0.4%CVE-2024-4858MEDIUMTestimonial Carousel For Elementor <= 10.2.0 - Missing Authorization to Limited Setting UpdateEPSS 0.4%CVE-2026-7802HIGHFrontend Admin by DynamiApps <= 3.29.2 - Missing Authorization to Authenticated (Subscriber+) Account Takeover via 'user_id' URL Query ParameterEPSS 0.4%CVE-2024-27953MEDIUMWordPress Cryptocurrency Widgets – Price Ticker & Coins List Plugin <= 2.6.8 is vulnerable to Broken Access ControlEPSS 0.4%CVE-2023-2791MEDIUMPlaybooks lets you edit arbitrary postsEPSS 0.4%CVE-2026-8382MEDIUMAdvanced Custom Fields (ACF®) <= 6.8.1 - Unauthenticated Arbitrary Post Modification via Front-End Form '_post_title' and '_post_content' ParametersEPSS 0.4%