Falhas do tipo CWE-862

6.911 resultados
CVE-2026-7624MEDIUMSEO Plugin by Squirrly SEO <= 12.4.16 - Missing Authorization to Authenticated (Contributor+) Privileged Cloud API OperationsEPSS 0.3%CVE-2026-25036MEDIUMWordPress Passster plugin <= 4.2.25 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2025-14718MEDIUMSchedule Post Changes With PublishPress Future: Unpublish, Delete, Change Status, Trash, Change Categories <= 4.9.3 - Missing Authorization to Authenticated (Contributor+) Workflow ManipulationEPSS 0.3%CVE-2025-22318HIGHWordPress Standard Box Sizes plugin <= 1.6.13 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2026-32483MEDIUMWordPress Contact Form Email plugin <= 1.3.63 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2024-21748MEDIUMWordPress Icegram Engage plugin <= 3.1.21 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2025-39451HIGHWordPress JetBlocks For Elementor plugin <= 1.3.16 - Broken Access Control VulnerabilityEPSS 0.3%CVE-2026-44554HIGHOpen WebUI: Knowledge Base Destruction and RAG Poisoning via Unauthorized Collection OverwriteEPSS 0.3%CVE-2023-37394MEDIUMWordPress WP Dummy Content Generator plugin <= 2.3.0 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2024-32814MEDIUMWordPress Advanced Local Pickup for WooCommerce plugin <= 1.6.1 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2025-64348CRITICALELOG configuration file authorization bypassEPSS 0.3%CVE-2023-41240MEDIUMWordPress Pricing Deals for WooCommercePricing Deals for WooCommerce plugin <= 2.0.3.2 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2026-33759MEDIUMAVideo: Unauthenticated IDOR in playlistsVideos.json.php Exposes Private Playlist ContentsEPSS 0.3%CVE-2023-40672MEDIUMWordPress Sticky Social Media Icons plugin <= 2.1 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2024-35716MEDIUMWordPress Copymatic plugin <= 1.9 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2026-24134MEDIUMStudioCMS has an Authorization Bypass Through User-Controlled KeyEPSS 0.3%CVE-2025-11438MEDIUMJhumanJ OpnForm API Endpoint custom-domains authorizationEPSS 0.3%CVE-2025-12826MEDIUMCustom Post Type UI <= 1.18.0 - Missing Authorization to Unauthenticated (Previously Administrator+) Custom Post Type ModificationEPSS 0.3%CVE-2026-12094MEDIUMAdvanced Contact Form 7 <= 1.0.0 - Missing Authorization to Unauthenticated Arbitrary Contact Form Submission Deletion via 'form_id' ParameterEPSS 0.3%CVE-2026-42433HIGHOpenClaw < 2026.4.10 - Unauthorized Matrix Profile Config Persistence Access via operator.write Message ToolsEPSS 0.3%