Falhas do tipo CWE-862
6.961 resultadosCVE-2026-11359MEDIUMMemberships and User Profiles for WooCommerce <= 3.4 - Missing Authorization to Authenticated (Subscriber+) ProfileGrid Plugin Installation and ActivationEPSS 0.2%CVE-2026-23517MEDIUMFleet has an Access Control vulnerability in debug/pprof endpointsEPSS 0.2%CVE-2024-0122HIGHNVIDIA Delegated Licensing Service for all appliance platforms contains a vulnerability where an attacker may cause an unauthorized action. EPSS 0.2%CVE-2025-60086HIGHWordPress WP Voting Contest plugin <= 5.8 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2025-14798MEDIUMLearnPress – WordPress LMS Plugin <= 4.3.2.4 - Missing Authorization to Unauthenticated Sensitive User Information Disclosure via REST APIEPSS 0.2%CVE-2025-59021MEDIUMTYPO3 CMS Allows Broken Access Control in Redirects ModuleEPSS 0.2%CVE-2026-24590MEDIUMWordPress Paid Videochat Turnkey Site plugin <= 7.3.23 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2026-39503HIGHWordPress Easy Digital Downloads plugin <= 3.6.5 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2026-34898HIGHWordPress Event Tickets Manager for WooCommerce plugin <= 1.5.3 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2026-25810MEDIUMPlaciPy is Missing Object-Level Authorization in student.submission.routes.tsEPSS 0.2%CVE-2025-68024MEDIUMWordPress Addonify – WooCommerce Wishlist plugin <= 2.0.15 - Settings Change vulnerabilityEPSS 0.2%CVE-2026-24362MEDIUMWordPress Ultimate Post Kit plugin <= 4.0.21 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2025-64148MEDIUMA missing permission check in Jenkins Publish to Bitbucket Plugin 0.4 and earlier allows attackers with Overall/Read permission to enumerateEPSS 0.2%CVE-2025-13358MEDIUMAccessiy By CodeConfig Accessibility <= 1.0.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Page CreationEPSS 0.2%CVE-2025-66142MEDIUMWordPress Comparimager for Elementor plugin <= 1.0.1 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2025-68025MEDIUMWordPress Addonify Floating Cart For WooCommerce plugin <= 1.2.17 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2025-68028MEDIUMWordPress GA4WP: Google Analytics for WordPress plugin <= 2.10.0 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2025-23929MEDIUMWordPress Email Capture & Lead Generation Plugin <= 1.0.2 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2023-35998MEDIUMITM Server Missing Authorization in SOAP EndpointsEPSS 0.2%CVE-2026-1925MEDIUMEmailKit – Email Customizer for WooCommerce & WP <= 1.6.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Title ModificationEPSS 0.2%