Fallos del tipo CWE-862
6850 resultadosCVE-2023-5314MEDIUMWP EXtra <= 6.2 - Missing Authorization to Arbitrary Email SendingEPSS 0.4%CVE-2024-8432MEDIUMAppointment & Event Booking Calendar Plugin – Webba Booking <= 5.0.48 - Missing Authorization to Authenticated (Subscriber+) CSS Settings UpdateEPSS 0.4%CVE-2023-5419MEDIUMFunnelforms Free <= 3.4 - Missing Authorization to Test Email SendingEPSS 0.4%CVE-2024-42934MEDIUMOpenIPMI before 2.0.36 has an out-of-bounds array access (for authentication type) in the ipmi_sim simulator, resulting in denial of serviceEPSS 0.4%CVE-2023-51499MEDIUMWordPress WooCommerce Shipping Per Product plugin <= 2.5.4 - Broken Access Control vulnerabilityEPSS 0.4%CVE-2024-53806MEDIUMWordPress Maspik plugin <= 2.2.7 - CSRF to Settings Change vulnerabilityEPSS 0.4%CVE-2024-5769MEDIUMMIMO Woocommerce Order Tracking <= 1.0.2 - Missing Authorization to Limited Settings UpdateEPSS 0.4%CVE-2024-37477MEDIUMWordPress Newspack Content Converter plugin <= 0.1.5 - Broken Access Control vulnerabilityEPSS 0.4%CVE-2024-31375MEDIUMWordPress WP2LEADS plugin <= 3.2.7 - Broken Access Control vulnerabilityEPSS 0.4%CVE-2024-34377MEDIUMWordPress Video Gallery – Api Gallery, YouTube and Vimeo, Link Gallery plugin <= 1.5.3 - Broken Access Control vulnerabilityEPSS 0.4%CVE-2024-1639MEDIUMLicense Manager for WooCommerce <= 3.0.6 - Improper Authorization to Authenticated(Contributor+) Sensitive Information ExposureEPSS 0.4%CVE-2022-3512MEDIUMLock WARP switch bypass using warp-cli 'add-trusted-ssid' commandEPSS 0.4%CVE-2024-43273MEDIUMWordPress Icegram Collect plugin <= 1.3.14 - Broken Access Control vulnerabilityEPSS 0.4%CVE-2024-43277MEDIUMWordPress UsersWP plugin <= 1.2.15 - Broken Access Control vulnerabilityEPSS 0.4%CVE-2024-38743MEDIUMWordPress Plum: Spin Wheel & Email Pop-up plugin <= 2.0 - Broken Access Control vulnerabilityEPSS 0.4%CVE-2023-32126MEDIUMWordPress SALERT plugin <= 1.2.1 - Broken Access Control vulnerabilityEPSS 0.4%CVE-2023-29174MEDIUMWordPress SKU Label Changer For WooCommerce plugin <= 3.0 - Broken Access Control vulnerabilityEPSS 0.4%CVE-2024-24703HIGHWordPress MultiVendorX plugin <= 4.0.25 - Broken Access Control vulnerabilityEPSS 0.4%CVE-2026-44914HIGHApache NiFi: Missing Authorization of Restricted Permissions when Replacing Flow ContentsEPSS 0.4%CVE-2024-1175MEDIUMWP-Recall – Registration, Profile, Commerce & More <= 16.26.6 - Unauthenticated Payment Deletion via delete_paymentEPSS 0.4%