Falhas do tipo CWE-862
6.917 resultadosCVE-2024-13652MEDIUMECPay Ecommerce for WooCommerce <= 1.1.2411060 - Missing Authorization to Authenticated (Subscriber+) Log DeletionEPSS 0.3%CVE-2025-53421MEDIUMWordPress Accordion plugin <= 2.3.14 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2025-62889MEDIUMWordPress King Addons for Elementor plugin <= 51.1.61 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2025-24403MEDIUMA missing permission check in Jenkins Azure Service Fabric Plugin 1.6 and earlier allows attackers with Overall/Read permission to enumerateEPSS 0.3%CVE-2025-10849MEDIUMFelan Framework <= 1.1.4 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Activation/Deactivation via process_plugin_actionsEPSS 0.3%CVE-2024-13737MEDIUMMotors – Car Dealer, Classifieds & Listing <= 1.4.57 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Deletion and Listing Template CreationEPSS 0.3%CVE-2025-49969MEDIUMWordPress Zara 4 Image Compression plugin <= 1.2.17.2 - Broken Access Control VulnerabilityEPSS 0.3%CVE-2025-67575MEDIUMWordPress Sitewide Notice WP plugin <= 2.4.1 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2026-3426MEDIUMRTMKit Addons for Elementor <= 2.0.2 - Authenticated (Author+) Missing Authorization to Widget Configuration ModificationEPSS 0.3%CVE-2025-14481MEDIUMYoast SEO <= 26.5 - Insecure Direct Object Reference to Authenticated (Contributor+) Sensitive Information Exposure via 'post_id' ParameterEPSS 0.3%CVE-2025-69181HIGHWordPress Lawyer Directory plugin <= 1.3.4 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2025-30605MEDIUMWordPress sourceplay-navermap plugin <= 0.0.2 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2024-13415MEDIUMFood Menu – Restaurant Menu & Online Ordering for WooCommerce <= 5.1.4 - Missing Authorization to Authenticated (Subscriber+) Settings UpdateEPSS 0.3%CVE-2025-31406MEDIUMWordPress ELEX WooCommerce Request a Quote plugin <= 2.3.9 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2024-4341MEDIUMIDOR in ExtremePacs's Extreme XDSEPSS 0.3%CVE-2024-41624MEDIUMIncorrect access control in Himalaya Xiaoya nano smart speaker rom_version 1.6.96 allows a remote attacker to have an unspecified impact.EPSS 0.3%CVE-2026-33162MEDIUMCraft CMS: Authorization bypass in "entries/move-to-section" allows control panel user to move entries without section permissionsEPSS 0.3%CVE-2025-43329HIGHA permissions issue was addressed with additional restrictions. This issue is fixed in iOS 26 and iPadOS 26, macOS Tahoe 26, tvOS 26, watchOEPSS 0.3%CVE-2020-27349—aptdaemon performed policykit permissions checks too lateEPSS 0.3%CVE-2024-41728LOWMissing Authorization check in SAP NetWeaver Application Server for ABAP and ABAP PlatformEPSS 0.3%