Falhas do tipo CWE-862
6.876 resultadosCVE-2025-26733HIGHWordPress Traveler theme < 3.2.1 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2024-1539MEDIUMMissing Authorization in GitLabEPSS 0.3%CVE-2024-32704HIGHWordPress ARForms plugin <= 6.4 - Subscriber+ Arbitrary WordPress Options Removal vulnerabilityEPSS 0.3%CVE-2025-11877HIGHUser Activity Log <= 2.2 - Unauthenticated Limited Options Update via Failed LoginEPSS 0.3%CVE-2026-31800HIGHParse Server: Classes `_GraphQLConfig` and `_Audience` master key bypass via generic class routesEPSS 0.3%CVE-2023-51524MEDIUMWordPress weForms plugin <= 1.6.18 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2025-24583MEDIUMWordPress 12 Step Meeting List plugin <= 3.16.5 - Settings Change vulnerabilityEPSS 0.3%CVE-2024-55991MEDIUMWordPress CRM Plugin – WP-CRM System plugin <= 3.2.9.1 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2024-4450MEDIUMAliExpress Dropshipping with AliNext Lite <= 3.3.6 - Missing Authorization via Several FunctionsEPSS 0.3%CVE-2025-10753MEDIUMOAuth Single Sign On – SSO (OAuth Client) <= 6.26.14 - Missing AuthorizationEPSS 0.3%CVE-2025-20301MEDIUMCisco Secure Firewall Management Center Software Authorization Bypass VulnerabilityEPSS 0.3%CVE-2024-5677MEDIUMFeatured Image Generator <= 1.3.1 - Missing Authorization to Authenticated (Subscriber+) Images UploadEPSS 0.3%CVE-2025-57907MEDIUMWordPress Heureka Plugin <= 1.1.0 - Broken Access Control VulnerabilityEPSS 0.3%CVE-2025-22737MEDIUMWordPress WpTravelly Plugin <= 1.8.5 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2024-43939MEDIUMWordPress Z Y N I T H plugin <= 7.4.9 - Unauthenticated Arbitrary Option Deletion vulnerabilityEPSS 0.3%CVE-2024-11844MEDIUMIdeaPush <= 8.71 - Missing Authorization to Board Term DeletionEPSS 0.3%CVE-2024-9891MEDIUMMultiline files upload for contact form 7 <= 2.8.1 - Missing Authorization to Authenticated (Subscriber+) Plugin DeactivationEPSS 0.3%CVE-2025-57939MEDIUMWordPress Image Hover Effects – Elementor Addon Plugin <= 1.4.4 - Broken Access Control VulnerabilityEPSS 0.3%CVE-2025-2815HIGHAdministrator Z <= 2025.03.24 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options UpdateEPSS 0.3%CVE-2024-13776HIGHZoomSounds - WordPress Wave Audio Player with Playlist <= 6.91 - Missing Authorization to Authenticated (Subscriber+) Limited Options Update and Settings ManipulationEPSS 0.3%