Falhas do tipo CWE-862

7.000 resultados
CVE-2025-47471MEDIUMWordPress Envo Extra plugin <= 1.9.9 - Broken Access Control VulnerabilityEPSS 0.2%CVE-2025-58785MEDIUMWordPress Ray Enterprise Translation plugin <= 1.7.2 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2025-42899MEDIUMMissing Authorization check in SAP S4CORE (Manage Journal Entries)EPSS 0.2%CVE-2025-49293MEDIUMWordPress Crawlomatic Multisite Scraper Post Generator plugin <= 2.6.8.2 - Broken Access Control VulnerabilityEPSS 0.2%CVE-2024-13307MEDIUMReales WP - Real Estate WordPress Theme <= 2.1.2 - Missing Authorization to Unauthenticated Attachment Deletion and Favorite Property UpdatesEPSS 0.2%CVE-2026-33357HIGHMeari OpenAPI device status IDOREPSS 0.2%CVE-2025-47528MEDIUMWordPress Ovation Elements plugin <= 1.1.2 - Broken Access Control VulnerabilityEPSS 0.2%CVE-2025-39511MEDIUMWordPress Pinterest Automatic Pin plugin <= 4.19.0 - Broken Access Control VulnerabilityEPSS 0.2%CVE-2025-49289MEDIUMWordPress PDF for WPForms plugin <= 5.5.0 - Broken Access Control VulnerabilityEPSS 0.2%CVE-2025-49248MEDIUMWordPress Team Showcase plugin < 25.05.13 - Broken Access Control VulnerabilityEPSS 0.2%CVE-2025-49272MEDIUMWordPress Trinity Audio plugin <= 5.20.0 - Broken Access Control VulnerabilityEPSS 0.2%CVE-2026-25443HIGHWordPress Fraud Prevention For Woocommerce plugin <= 2.3.3 - Arbitrary Content Deletion vulnerabilityEPSS 0.2%CVE-2025-29010MEDIUMWordPress Behance Portfolio Manager plugin <= 1.7.5 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2025-28996MEDIUMWordPress GPP Slideshow plugin <= 1.3.5 - Broken Access Control VulnerabilityEPSS 0.2%CVE-2025-54695MEDIUMWordPress HT Mega Plugin plugin <= 2.9.0 - Broken Access Control VulnerabilityEPSS 0.2%CVE-2025-12392MEDIUMCryptocurrency Payment Gateway for WooCommerce <= 2.0.25 - Missing Authorization to Unauthenticated Tracking Status UpdateEPSS 0.2%CVE-2025-32295MEDIUMWordPress Salon Booking Wordpress plugin <= 10.10.2 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2026-54010HIGHOpen WebUI: Forged chat-file link allows cross-user file read and deletionEPSS 0.2%CVE-2025-30624MEDIUMWordPress WordLift plugin <= 3.54.4 - Broken Access Control VulnerabilityEPSS 0.2%CVE-2024-10390MEDIUMElfsight Telegram Chat CC <= 1.1.0 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site ScriptingEPSS 0.2%