Falhas do tipo CWE-862
6.917 resultadosCVE-2026-8976MEDIUMRSS Aggregator by Feedzy <= 5.1.7 - Missing Authorization to Authenticated (Contributor+) Import Job Creation, Execution, Purge, Log Clearing, and Information Disclosure via Multiple AJAX Sub-ActionsEPSS 0.3%CVE-2026-45438HIGHWordPress Smart Coupons for WooCommerce plugin < 2.3.0 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2026-26977MEDIUMFrappe Learning Management System exposes details of unpublished courses to unauthorized usersEPSS 0.3%CVE-2025-53499CRITICALUnauthorized Inspection of Protected Variables in AbuseFilterEPSS 0.3%CVE-2026-53821HIGHOpenClaw < 2026.5.18 - Scope Elevation in trusted-proxy Control UI WebSocketEPSS 0.3%CVE-2024-55073HIGHA Broken Object Level Authorization vulnerability in the component /api/users/{user-id} of hay-kot mealie v2.2.0 allows users to edit their EPSS 0.3%CVE-2024-13520MEDIUMGift Cards (Gift Vouchers and Packages) (WooCommerce Supported) <= 4.4.9 - Missing Authorization to Unauthenticated Price, Date, and Note UpdatesEPSS 0.3%CVE-2023-47770HIGHWordPress BeTheme theme <= 27.1.1 - Contributor+ Broken Access Control vulnerabilityEPSS 0.3%CVE-2026-4066MEDIUMSmart Custom Fields <= 5.0.6 - Missing Authorization to Authenticated (Contributor+) Sensitive Information Exposure via Relational Post SearchEPSS 0.3%CVE-2025-5521MEDIUMWuKongOpenSource WukongCRM updataPassword cross-site request forgeryEPSS 0.3%CVE-2020-26231MEDIUMBypass of fix for CVE-2020-15247, Twig sandbox escapeEPSS 0.3%CVE-2025-49265HIGHWordPress Membership For WooCommerce plugin <= 2.8.1 - Broken Access Control VulnerabilityEPSS 0.3%CVE-2024-13554MEDIUMThe Ultimate WordPress Toolkit – WP Extended <= 3.0.13 - Missing Authorization to Unauthenticated Post Order ManipulationEPSS 0.3%CVE-2026-1860MEDIUMKali Forms <= 2.4.8 - Insecure Direct Object Reference to Authenticated (Contributor+) Sensitive Form Data ExposureEPSS 0.3%CVE-2025-53495CRITICALUnauthorized Disclosure of IP Reputation in AbuseFilterEPSS 0.3%CVE-2020-36890HIGHKentico Xperience <= 10 Administrator Access Control BypassEPSS 0.3%CVE-2024-52391MEDIUMWordPress Pie Register Premium plugin < 3.8.3.3 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2025-62889MEDIUMWordPress King Addons for Elementor plugin <= 51.1.61 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2026-33162MEDIUMCraft CMS: Authorization bypass in "entries/move-to-section" allows control panel user to move entries without section permissionsEPSS 0.3%CVE-2024-13737MEDIUMMotors – Car Dealer, Classifieds & Listing <= 1.4.57 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Deletion and Listing Template CreationEPSS 0.3%