Falhas do tipo CWE-862

6.946 resultados
CVE-2026-3462MEDIUMFrisbii Pay <= 1.8.9 - Missing Authorization to Authenticated (Subscriber+) Payment Token ModificationEPSS 0.3%CVE-2026-1720HIGHWowOptin: Next-Gen Popup Maker – Create Stunning Popups and Optins for Lead Generation <= 1.4.24 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin InstallationEPSS 0.3%CVE-2026-4888MEDIUMEverest Forms – Contact Form, Payment Form, Quiz, Survey & Custom Form Builder <= 3.4.7 - Missing Authorization to Authenticated (Subscriber+) Email SendingEPSS 0.3%CVE-2025-24590MEDIUMWordPress picu – Online Photo Proofing Gallery plugin <= 2.4.0 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2022-2657Multivendor Marketplace Solution for WooCommerce < 3.8.12 - Unauthorised AJAX CallsEPSS 0.3%CVE-2025-49432MEDIUMWordPress Ultimate Video Player Plugin <= 10.1 - Broken Access Control VulnerabilityEPSS 0.3%CVE-2026-57632MEDIUMWordPress Email Marketing for WooCommerce by Omnisend plugin <= 1.19.0 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2023-7289MEDIUMPaytium: Mollie payment forms & donations <= 4.3.7 - Missing Authorization in 'paytium_sw_save_api_keys'EPSS 0.3%CVE-2025-66530MEDIUMWordPress Webba Booking plugin <= 6.2.1 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2025-66143MEDIUMWordPress Crumber plugin <= 1.0.10 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2025-7499MEDIUMBetterDocs <= 4.1.1 - Missing Authorization to Private And Password-Protected Posts Information DisclosureEPSS 0.3%CVE-2024-56227MEDIUMWordPress Royal Elementor Addons plugin <= 1.7.1001 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2025-48272MEDIUMWordPress WP Job Portal plugin <= 2.3.2 - Insecure Direct Object References (IDOR) VulnerabilityEPSS 0.3%CVE-2025-1502MEDIUMIP2Location Redirection <= 1.33.3 - Missing Authorization to Unauthenticated Settings ExportEPSS 0.3%CVE-2025-9984MEDIUMFeatured Image from URL (FIFU) <= 5.2.7 - Missing Authorization to Password Protected Post DisclosureEPSS 0.3%CVE-2025-26367MEDIUMA CWE-862 "Missing Authorization" in maxprofile/user-groups/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authEPSS 0.3%CVE-2025-68270CRITICALCourseLimitedStaff Role Allows Studio AccessEPSS 0.3%CVE-2026-23804MEDIUMWordPress Better Business Reviews plugin <= 0.1.1 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2024-10665MEDIUMYaad Sarig Payment Gateway For WC <= 2.2.4 - Missing Authorization to Authenticated (Subscriber+) Log Read/DeletionEPSS 0.3%CVE-2026-2238MEDIUMMissing Authorization in GitLabEPSS 0.3%