Falhas do tipo CWE-862

6.872 resultados
CVE-2025-22670MEDIUMWordPress VikBooking Hotel Booking Engine & PMS plugin <= 1.7.2 - CSRF to Settings Change vulnerabilityEPSS 0.3%CVE-2025-22668MEDIUMWordPress Awesome Event Booking plugin <= 2.7.2 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2024-12263MEDIUMChild Theme Creator by Orbisius <= 1.5.5 - Missing Authorization to Authenticated (Subscriber+) Cloud Snippet Update/DeleteEPSS 0.3%CVE-2026-57669MEDIUMWordPress Advanced Contact form 7 DB plugin <= 2.0.9 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2024-32798HIGHWordPress WP Travel Engine plugin <= 5.8.0 - Price Manipulation vulnerabilityEPSS 0.3%CVE-2025-22560MEDIUMWordPress Saoshyant Page Builder plugin <= 3.8 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2023-7067MEDIUMShopLentor <= 2.8.1 - Improper Authorization via woolentor_template_storeEPSS 0.3%CVE-2024-33585MEDIUMWordPress Payment Gateway Based Fees and Discounts for WooCommerce plugin <= 2.12.1 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2024-12266MEDIUMELEX WooCommerce Dynamic Pricing and Discounts <= 2.1.7 - Missing AuthorizationEPSS 0.3%CVE-2024-54242MEDIUMWordPress Simple Notification plugin <= 1.3 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2024-1649MEDIUMCategorify <= 1.0.7.4 - Missing Authorization in categorifyAjaxDeleteCategoryEPSS 0.3%CVE-2024-1388MEDIUMYuki <= 1.3.13 - Missing Authorization to Authenticated (Subscriber+) Theme Setting ResetEPSS 0.3%CVE-2024-3072MEDIUMACF Front End Editor <= 2.0.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Content UpdateEPSS 0.3%CVE-2025-49181HIGHConfigurations endpoint does not require authorizationEPSS 0.3%CVE-2025-63293MEDIUMFairSketch Rise Ultimate Project Manager & CRM 3.9.4 is vulnerable to Insecure Permissions. A remote authenticated user can append comments EPSS 0.3%CVE-2025-31863MEDIUMWordPress Agency Toolkit plugin <= 1.0.24 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2024-47268MEDIUMMissing authorization vulnerability in AddOns functionality in Synology Surveillance Station before 9.2.2-11575 and 9.2.2-9575 allows remoteEPSS 0.3%CVE-2024-12104MEDIUMVisual Website Collaboration, Feedback & Project Management – Atarim <= 4.0.9 - Missing Authorization to Authenticated (Subscriber+) Project Page/File DeletionEPSS 0.3%CVE-2024-1653MEDIUMCategorify <= 1.0.7.4 - Missing Authorization in categorifyAjaxUpdateFolderPositionEPSS 0.3%CVE-2024-33593MEDIUMWordPress Smart Forms plugin <= 2.6.91 - Broken Access Control vulnerabilityEPSS 0.3%