Falhas do tipo CWE-862

6.852 resultados
CVE-2023-47241MEDIUMWordPress CoCart – Headless ecommerce plugin <= 3.11.2 - Broken Access Control vulnerabilityEPSS 0.4%CVE-2024-6491MEDIUMGetwid – Gutenberg Blocks <= 2.0.10 - Missing Authentication to MailChimp API key updateEPSS 0.4%CVE-2024-1860MEDIUMDisable Json API, Login Lockdown, XMLRPC, Pingback, Stop User Enumeration Anti Hacker Scan <= 4.51 - Missing Authorization to Unauthenticated IP Address WhitelistEPSS 0.4%CVE-2024-9195HIGHWHMPress - WHMCS Client Area <= 4.3-revision-3- Authenticated (Subscriber+) Arbitrary Options UpdateEPSS 0.4%CVE-2026-3524HIGHAuthorization Bypass in Mattermost Legal Hold Plugin Due to Missing Return After Permission CheckEPSS 0.4%CVE-2026-2515MEDIUMHostinger Reach <= 1.3.8 - Missing Authorization to Authenticated (Subscriber+) Integration API Key UpdateEPSS 0.4%CVE-2024-49686MEDIUMWordPress Landing Page Cat plugin <= 1.7.4 - Broken Access Control vulnerabilityEPSS 0.4%CVE-2023-40213MEDIUMWordPress Justified Gallery plugin <= 1.7.3 - Broken Access Control vulnerabilityEPSS 0.4%CVE-2025-32239MEDIUMWordPress Social Share Buttons & Analytics Plugin plugin <= 4.5 - Broken Access Control vulnerabilityEPSS 0.4%CVE-2026-2001HIGHWowRevenue <= 2.1.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Installation/ActivationEPSS 0.4%CVE-2023-38477MEDIUMWordPress QR code MeCard/vCard generator plugin <= 1.6.0 - Broken Access Control vulnerabilityEPSS 0.4%CVE-2025-32237MEDIUMWordPress MasterStudy LMS plugin <= 3.5.28 - Broken Access Control vulnerabilityEPSS 0.4%CVE-2025-32233MEDIUMWordPress Revive.so plugin <= 2.0.3 - Broken Access Control vulnerabilityEPSS 0.4%CVE-2025-32229MEDIUMWordPress Variable Inspector plugin <= 2.6.3 - Broken Access Control vulnerabilityEPSS 0.4%CVE-2025-32231MEDIUMWordPress Bookingor plugin <= 2.0.1 - Broken Access Control vulnerabilityEPSS 0.4%CVE-2025-32234MEDIUMWordPress AdMail plugin <= 1.7.0 - Broken Access Control vulnerabilityEPSS 0.4%CVE-2022-48302HIGHThe AMS module has a vulnerability of lacking permission verification in APIs.Successful exploitation of this vulnerability may affect data EPSS 0.4%CVE-2024-2619MEDIUMElementor Header & Footer Builder <= 1.6.26 - Authenticated (Author+) HTML InjectionEPSS 0.4%CVE-2026-24363HIGHWordPress WP Cost Estimation & Payment Forms Builder plugin < 10.3.0 - Broken Access Control vulnerabilityEPSS 0.4%CVE-2025-32226MEDIUMWordPress Display product variations dropdown on shop page plugin <= 1.1.3 - Broken Access Control vulnerabilityEPSS 0.4%