Falhas do tipo CWE-862
6.960 resultadosCVE-2025-10054MEDIUMELEX WordPress HelpDesk & Customer Ticketing System <= 3.3.1 - Missing Authorization to Authenticated (Subscriber+) Role RemovalEPSS 0.3%CVE-2026-4261HIGHExpire Users <= 1.2.2 - Authenticated (Subscriber+) Privilege Escalation to Administrator via save_extra_user_profile_fieldsEPSS 0.3%CVE-2024-4745MEDIUMWordPress Giveaways and Contests by RafflePress plugin <= 1.12.4 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2025-68569MEDIUMWordPress WP Time Slots Booking Form plugin <= 1.2.39 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2024-40834MEDIUMThis issue was addressed by adding an additional prompt for user consent. This issue is fixed in macOS Monterey 12.7.6, macOS Sonoma 14.6, mEPSS 0.3%CVE-2023-4468MEDIUMPoly Trio 8500/Trio 8800/Trio C60 Poly Lens Management Cloud Registration authorizationEPSS 0.3%CVE-2026-2819MEDIUMDromara RuoYi-Vue-Plus Workflow deleteByInstanceIds SaServletFilter authorizationEPSS 0.3%CVE-2026-47346HIGHTYPO3 CMS - Broken Access Control in Form FrameworkEPSS 0.3%CVE-2025-67926MEDIUMWordPress Fluent Support plugin <= 1.10.4 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2025-52801HIGHWordPress TheBooking Plugin <= 1.4.4 - Broken Access Control VulnerabilityEPSS 0.3%CVE-2025-68032MEDIUMWordPress Advanced WC Analytics plugin <= 3.19.0 - Settings Change vulnerabilityEPSS 0.3%CVE-2024-13717MEDIUMContact Form and Calls To Action by vcita <= 2.7.1 - Missing Authorization to Authenticated (Subscriber+) Contact/Widget ToggleEPSS 0.3%CVE-2026-42670HIGHWordPress Five Star Restaurant Reservations plugin <= 2.7.14 - Payment Bypass vulnerabilityEPSS 0.3%CVE-2021-4446MEDIUMEssential Addons for Elementor <= 4.6.4 - Missing AuthorizationEPSS 0.3%CVE-2025-52813HIGHWordPress MobiLoud <= 4.6.5 - Broken Access Control VulnerabilityEPSS 0.3%CVE-2026-29070MEDIUMOpen WebUI has unauthorized deletion of knowledge filesEPSS 0.3%CVE-2025-8268MEDIUMAi Engine <= 2.9.5 - Missing Authorization to Unauthenticated Uploaded Files Disclosure And DeletionEPSS 0.3%CVE-2026-47193HIGHOpenProject: Journal diff endpoint bypasses object, journal, and field visibility checksEPSS 0.3%CVE-2025-53485HIGHSecurePoll: Unauthorized access to SetTranslationHandler allows arbitrary text changesEPSS 0.3%CVE-2026-2022MEDIUMSmart Forms <= 2.6.99 - Missing Authorization to Authenticated (Subscriber+) Campaign Data ExposureEPSS 0.3%