Falhas do tipo CWE-862

6.858 resultados
CVE-2026-26358HIGHDell Unisphere for PowerMax, version(s) 10.2, contain(s) a Missing Authorization vulnerability. A low privileged attacker with remote accessEPSS 0.4%CVE-2023-29173MEDIUMWordPress Product Category Tree plugin <= 2.5 - Broken Access Control vulnerabilityEPSS 0.4%CVE-2024-3237MEDIUMConvertPlug <= 3.5.25 - Missing Authorization to Authenticated (Subscriber+) Limited Arbitrary Options UpdateEPSS 0.4%CVE-2024-8552MEDIUMDownload Monitor <= 5.0.9 - Missing Authorization to Authenticated (Subscriber+) Shop EnableEPSS 0.4%CVE-2024-34799MEDIUMWordPress BookingPress plugin <= 1.0.82 - Appointment Duration Manipulation vulnerabilityEPSS 0.4%CVE-2024-50424MEDIUMWordPress Templately plugin <= 3.1.5 - Broken Access Control vulnerabilityEPSS 0.4%CVE-2024-10854MEDIUMBuy one click WooCommerce <= 2.2.9 - Missing Authorization to Authenticated (Subscriber+) Settings ImportEPSS 0.4%CVE-2025-31854MEDIUMWordPress Simple Sticky Add To Cart For WooCommerce plugin <= 1.4.9 - Broken Access Control vulnerabilityEPSS 0.4%CVE-2025-31628MEDIUMWordPress Sliced Invoices plugin <= 3.10.0 - Insecure Direct Object References (IDOR) vulnerabilityEPSS 0.4%CVE-2025-31866MEDIUMWordPress ShipDepot for WooCommerce plugin <= 1.2.19 - Broken Access Control vulnerabilityEPSS 0.4%CVE-2024-11125MEDIUMGetSimpleCMS profile.php cross-site request forgeryEPSS 0.4%CVE-2023-47661MEDIUMWordPress Dragfy Addons for Elementor plugin <= 1.0.2 - Broken Access Control + CSRF vulnerabilityEPSS 0.4%CVE-2024-35674MEDIUMWordPress Unlimited Elements For Elementor plugin <= 1.5.109 - Broken Access Control vulnerabilityEPSS 0.4%CVE-2023-52233HIGHWordPress POST SMTP Mailer plugin <= 2.8.6 - Broken Access Control on API vulnerabilityEPSS 0.4%CVE-2024-1687MEDIUMThank You Page Customizer for WooCommerce – Increase Your Sales <= 1.1.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Shortcode ExecutionEPSS 0.4%CVE-2024-34763MEDIUMWordPress Builder for WooCommerce reviews shortcodes – ReviewShort plugin <= 1.01.5 - Broken Access Control vulnerabilityEPSS 0.4%CVE-2026-3642MEDIUMe-shot <= 1.0.2 - Missing Authorization to Authenticated (Subscriber+) Form Settings Modification via AJAXEPSS 0.4%CVE-2026-13468HIGHVisualizer <= 4.0.3 - Missing Authorization to Unauthenticated Sensitive Information Disclosure via /visualizer/v1/action/{chart}/{type}/ REST EndpointEPSS 0.4%CVE-2026-29789CRITICALVito: Cross-project privilege escalation in workflow site-creation actions allows unauthorized server modificationEPSS 0.4%CVE-2025-28938MEDIUMWordPress WP Performance Pack plugin <= 2.5.3 - Broken Access Control vulnerabilityEPSS 0.4%