Falhas do tipo CWE-862
6.960 resultadosCVE-2025-52813HIGHWordPress MobiLoud <= 4.6.5 - Broken Access Control VulnerabilityEPSS 0.3%CVE-2025-53485HIGHSecurePoll: Unauthorized access to SetTranslationHandler allows arbitrary text changesEPSS 0.3%CVE-2021-4446MEDIUMEssential Addons for Elementor <= 4.6.4 - Missing AuthorizationEPSS 0.3%CVE-2025-2832MEDIUMmingyuefusu 明月复苏 tushuguanlixitong 图书管理系统 cross-site request forgeryEPSS 0.3%CVE-2026-11818MEDIUMWPCafe <= 3.0.14 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Modification via REST APIEPSS 0.3%CVE-2023-5862MEDIUMMissing Authorization in hamza417/inureEPSS 0.3%CVE-2025-2719MEDIUMSwatchly – WooCommerce Variation Swatches for Products (product attributes: Image swatch, Color swatches, Label swatches) 1.2.8 - 1.4.0 - Missing Authorization to Authenticated (Subscriber+) Limited Options UpdateEPSS 0.3%CVE-2026-56396HIGHphpMyFAQ - Privilege Escalation via Missing Authorization in editUser() and updateUserRights()EPSS 0.3%CVE-2026-44281HIGHGLPI vulnerable to unauthorized reading of a specific asset objectEPSS 0.3%CVE-2025-12633HIGHBooking Calendar | Appointment Booking | Bookit <= 2.5.0 - Missing Authorization to Unauthenticated Stripe ConnectionEPSS 0.3%CVE-2026-45717HIGHBudibase: `PUT /api/datasources/:datasourceId` is protected only by `TABLE/READ` permission instead of builder access, allowing any authenticated app user to overwrite datasource connection parameters including host, port, and URL.EPSS 0.3%CVE-2026-4162HIGHGravity SMTP <= 2.1.4 - Missing Authorization to Authenticated (Subscriber+) Plugin UninstallEPSS 0.3%CVE-2025-12782MEDIUMBeaver Builder – WordPress Page Builder <= 2.9.4 - Missing Authorization to Authenticated (Contributor+) Builder Status TamperingEPSS 0.3%CVE-2026-34886HIGHWordPress Simple Membership plugin <= 4.7.1 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2024-4746MEDIUMWordPress Netgsm plugin <= 2.9.32 - Broken Access Control + CSRF vulnerabilityEPSS 0.3%CVE-2025-46259MEDIUMWordPress The Plus Addons for Elementor - Pro Plugin < 6.3.7 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2025-14455MEDIUMImage Photo Gallery Final Tiles Grid <= 3.6.7 - Missing Authorization to Authenticated (Contributor+) Gallery ManagementEPSS 0.3%CVE-2023-44210HIGHSensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Cyber Protect CEPSS 0.3%CVE-2024-56215MEDIUMWordPress Member Directory and Contact Form plugin <= 1.7.0 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2025-59581MEDIUMWordPress Ibtana Plugin <= 1.2.5.3 - Arbitrary Content Deletion VulnerabilityEPSS 0.3%