Falhas do tipo CWE-862
6.862 resultadosCVE-2024-33563HIGHWordPress XStore theme <= 9.3.8 - Broken Access Control vulnerabilityEPSS 0.4%CVE-2024-10437MEDIUMWPC Smart Messages for WooCommerce <= 4.2.1 - Missing Authorization to Authenticated (Subscriber+) Message Activation/DeactivationEPSS 0.4%CVE-2024-9364MEDIUMSendGrid for WordPress <= 1.4 - Missing Authorization to Authenticated (Subscriber+) Log DeletionEPSS 0.4%CVE-2023-7291HIGHPaytium: Mollie payment forms & donations <= 4.3.7 - Missing Authorization in 'create_mollie_account'EPSS 0.4%CVE-2020-7343MEDIUMImproper Authorization vulnerability in MAEPSS 0.4%CVE-2025-5835HIGHDroip <= 2.2.6 - Missing Authorization to Authenticated (Subscriber+) Many ActionsEPSS 0.4%CVE-2025-57957MEDIUMWordPress WooMS Plugin <= 9.12 - Broken Access Control VulnerabilityEPSS 0.4%CVE-2025-14741CRITICALFrontend Admin by DynamiApps <= 3.28.25 - Missing Authorization to Unauthenticated Arbitrary Data Deletion via 'delete post' Form ElementEPSS 0.4%CVE-2024-33923MEDIUMWordPress SP Project & Document Manager plugin <= 4.69 - Broken Access Control vulnerabilityEPSS 0.4%CVE-2026-23806HIGHWordPress Jobs for WordPress plugin <= 2.8 - Broken Access Control vulnerabilityEPSS 0.4%CVE-2026-8502MEDIUMLearnPress <= 4.3.6 - Unauthenticated Sensitive Information Exposure via 'c_status' and 'return_type' ParametersEPSS 0.4%CVE-2025-13864MEDIUMBreeze – WordPress Cache Plugin <= 2.2.21 - Missing Authorization to Cache DeletionEPSS 0.4%CVE-2023-52541HIGHAuthentication vulnerability in the API for app pre-loading.
Impact: Successful exploitation of this vulnerability may affect service confidEPSS 0.4%CVE-2026-46614CRITICALFission router exposes /fission-function/<ns>/<name> on its public listener, allowing invocation of any function without an HTTPTriggerEPSS 0.4%CVE-2024-9587MEDIUMLinkz.ai <= 1.1.8 - Missing Authorization to Authenticated (Subscriber+) Plugin Settings Update via AJAXEPSS 0.4%CVE-2025-3417HIGHEmbedder 1.3 - 1.3.5 - Authenticated (Subscriber+) Arbitrary Options UpdateEPSS 0.4%CVE-2023-4104MEDIUMAn invalid Polkit Authentication check and missing authentication requirements for D-Bus methods allowed any local user to configure arbitraEPSS 0.4%CVE-2025-47465MEDIUMWordPress Blocksy theme <= 2.0.97 - Broken Access Control VulnerabilityEPSS 0.4%CVE-2023-52230MEDIUMWordPress Booster Plus for WooCommerce plugin < 7.1.3 - Authenticated Arbitrary WordPress Option Disclosure VulnerabilityEPSS 0.4%CVE-2024-7030MEDIUMSmart Online Order for Clover <= 1.5.6 - Missing Authorization to Authenticated (Subscriber+) Plugin Data UpdateEPSS 0.4%