Falhas do tipo CWE-862

6.960 resultados
CVE-2025-58603MEDIUMWordPress Surfer Plugin <= 1.6.4.574 - Broken Access Control VulnerabilityEPSS 0.3%CVE-2026-1298MEDIUMEasy Replace Image <= 3.5.2 - Missing Authorization to Authenticated (Contributor+) Arbitrary Attachment ReplacementEPSS 0.3%CVE-2025-10579MEDIUMBackWPup <= 5.5.0 - Missing Authorization to Sensitive Information ExposureEPSS 0.3%CVE-2026-9013MEDIUMBogo <= 3.9.1 - Missing Authorization to Authenticated (Subscriber+) Sensitive Information Exposure via REST APIEPSS 0.3%CVE-2026-57685MEDIUMWordPress Martfury - WooCommerce Marketplace WordPress theme theme <= 3.2.8 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2023-36002MEDIUMITM Server Missing Authorization for URL validationEPSS 0.3%CVE-2025-48262MEDIUMWordPress Url Rewrite Analyzer plugin <= 1.3.3 - Broken Access Control VulnerabilityEPSS 0.3%CVE-2025-60155MEDIUMWordPress WP Virtual Assistant Plugin <= 3.0 - Broken Access Control VulnerabilityEPSS 0.3%CVE-2026-7492MEDIUMMissing Authorization in GitLabEPSS 0.3%CVE-2025-60121MEDIUMWordPress WooEvents plugin <= 4.1.7 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2025-60130MEDIUMWordPress WEDOS Global Plugin <= 1.2.2 - Broken Access Control VulnerabilityEPSS 0.3%CVE-2024-12825MEDIUMCustom Related Posts <= 1.7.3 - Missing Authorization to Authenticated (Subscriber+) Private Post Search and Relation UpdatesEPSS 0.3%CVE-2025-62919MEDIUMWordPress TS Demo Importer plugin <= 0.1.3 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2026-5175MEDIUMImproper access control in the multi-factor authentication (MFA) management API in Devolutions Server allows an authenticated attacker to deEPSS 0.3%CVE-2026-42664HIGHWordPress AI Product Search for WooCommerce – Motive Commerce Search plugin <= 1.38.2 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2025-60129MEDIUMWordPress Yext Plugin <= 1.1.3 - Broken Access Control VulnerabilityEPSS 0.3%CVE-2026-47346HIGHTYPO3 CMS - Broken Access Control in Form FrameworkEPSS 0.3%CVE-2024-13717MEDIUMContact Form and Calls To Action by vcita <= 2.7.1 - Missing Authorization to Authenticated (Subscriber+) Contact/Widget ToggleEPSS 0.3%CVE-2023-4468MEDIUMPoly Trio 8500/Trio 8800/Trio C60 Poly Lens Management Cloud Registration authorizationEPSS 0.3%CVE-2026-27433MEDIUMWordPress Motors theme <= 5.6.80 - Broken Access Control vulnerabilityEPSS 0.3%