Falhas do tipo CWE-862
6.883 resultadosCVE-2025-26376MEDIUMA CWE-862 "Missing Authorization" in maxprofile/users/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticaEPSS 0.3%CVE-2026-33685MEDIUMAVideo Allows Unauthenticated Access to AD_Server reports.json.php that Exposes Ad Campaign Analytics and User DataEPSS 0.3%CVE-2025-22591MEDIUMWordPress 1003 Mortgage Application plugin <= 1.87 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2026-39355CRITICALGenealogy is Missing Authorization in `TeamController::transferOwnership()` Allows Any Authenticated User to Hijack Any Team (Broken Access Control)EPSS 0.3%CVE-2025-68005MEDIUMWordPress Easy Hotel Booking plugin <= 1.9.2 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2026-25430MEDIUMWordPress Integration for Mailchimp and Contact Form 7, WPForms, Elementor, Ninja Forms plugin <= 1.2.2 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2024-12113MEDIUMYouzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress By KaineLabs <= 1.3.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Review DeletionEPSS 0.3%CVE-2026-25365MEDIUMWordPress Kargo Takip plugin < 0.2.4 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2025-49406HIGHWordPress Houzez Theme <= 4.1.1 - Broken Access Control VulnerabilityEPSS 0.3%CVE-2024-6869MEDIUMFalang multilanguage for WordPress <= 1.3.52 - Missing Authorization to Translation Update and Information ExposureEPSS 0.3%CVE-2026-29180MEDIUMFleet's team maintainer can transfer hosts from any team via missing source team authorizationEPSS 0.3%CVE-2026-25455MEDIUMWordPress Product Slider for WooCommerce plugin <= 1.13.61 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2026-24984MEDIUMWordPress Visual Link Preview plugin <= 2.2.9 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2024-12810HIGHJobCareer | Job Board Responsive WordPress Theme <= 7.1 - Missing Authorization to Authenticated (Subscriber+) Multiple Administrative ActionsEPSS 0.3%CVE-2025-39552MEDIUMWordPress Zephyr Project Manager plugin <= 3.3.200 - Broken Access Control VulnerabilityEPSS 0.3%CVE-2024-32797MEDIUMWordPress WP LinkedIn Auto Publish plugin <= 8.11 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2024-24716MEDIUMWordPress Awesome Support plugin <= 6.1.6 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2023-35050MEDIUMWordPress Elementor Pro plugin <= 3.13.0 - Auth. Broken Access Control vulnerabilityEPSS 0.3%CVE-2025-14463MEDIUMPayment Button for PayPal <= 1.2.3.41 - Missing Authorization to Unauthenticated Arbitrary Order CreationEPSS 0.3%CVE-2026-22461MEDIUMWordPress CTX Feed plugin <= 6.6.18 - Broken Access Control vulnerabilityEPSS 0.3%