Falhas do tipo CWE-862

6.883 resultados
CVE-2025-68022HIGHWordPress Plugin BlueX for WooCommerce plugin <= 3.1.6 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2019-25214HIGHShopWP <= 2.0.4 - Missing Authorization to Stored Cross-Site ScriptingEPSS 0.3%CVE-2024-10582MEDIUMMusic Player for Elementor – Audio Player & Podcast Player <= 2.4.1 - Missing Authorization to Authenticated (Subscriber+) Template ImportEPSS 0.3%CVE-2026-4064HIGHMissing authorization checks on multiple gRPC service endpoints in PowerShell Universal before 2026.1.4 allows an authenticated user with anEPSS 0.3%CVE-2024-12249MEDIUMGS Insever Portfolio <= 1.4.5 - Missing Authorization to Authenticated (Subscriber+) CSS InjectionEPSS 0.3%CVE-2024-28003MEDIUMWordPress Max Mega Menu plugin <= 3.3 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2026-44012HIGHCraft CMS: Missing Volume Permission Check in AssetsController::actionShowInFolder Allows Information DisclosureEPSS 0.3%CVE-2023-51526MEDIUMWordPress Simple Staff List plugin <= 2.2.4 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2023-44988MEDIUMWordPress WP Custom Admin Interface plugin <= 7.32 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2025-1644MEDIUMBenner ModernaNet SG_Gravar cross-site request forgeryEPSS 0.3%CVE-2024-9520MEDIUMUserPlus <= 2.0 - Missing Authorization via Multiple FunctionsEPSS 0.3%CVE-2023-45370An issue was discovered in the SportsTeams extension for MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.EPSS 0.3%CVE-2026-44328HIGHfree5GC: SMF UPI DELETE /upi/v1/upNodesLinks/{ref} panics on AN-node deletion via nil UPF dereference; unauthenticated, state-mutatingEPSS 0.3%CVE-2024-12158MEDIUMPopup – MailChimp, GetResponse and ActiveCampaign Intergrations <= 3.2.6 - Missing Authorization to Unauthenticated DB Table TruncationEPSS 0.3%CVE-2026-3155LOWOneSignal – Web Push Notifications <= 3.8.0 - Missing Authorization to Authenticated (Subscriber+) Post Meta Deletion via 'post_id'EPSS 0.3%CVE-2024-1125MEDIUMEventPrime – Events Calendar, Bookings and Tickets <= 3.4.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post DeletionEPSS 0.3%CVE-2024-2298MEDIUMaffiliate-toolkit – WordPress Affiliate Plugin <= 3.5.4 - Missing Authorization via atkp_import_productEPSS 0.3%CVE-2026-27471CRITICALERP: Document access through endpoints due to missing validationEPSS 0.3%CVE-2023-47523MEDIUMWordPress Auto Tag Creator plugin <= 1.0.2 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2026-48797CRITICALBackpropagate: backprop ui --auth and backprop ui --share do not enforce authenticationEPSS 0.3%