Falhas do tipo CWE-862

7.000 resultados
CVE-2025-13414MEDIUMChamber Dashboard Business Directory <= 3.3.11 - Missing Authorization to Unauthenticated Business Information ExportEPSS 0.2%CVE-2026-25399MEDIUMWordPress Serious Slider plugin <= 1.2.7 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2026-25420MEDIUMWordPress MailerLite plugin <= 1.7.18 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2024-37202MEDIUMWordPress Ultimate Custom Add To Cart Button (Ajax) For WooCommerce by Binary Carpenter plugin <= 1.222.17 - Broken Access Control to XSS vulnerabilityEPSS 0.2%CVE-2026-35063HIGHMissing Authorization in OpenPLC_V3EPSS 0.2%CVE-2025-14029MEDIUMCommunity Events <= 1.5.6 - Missing Authorization to Unauthenticated Arbitrary Event Approval via 'eventlist' ParameterEPSS 0.2%CVE-2026-25375MEDIUMWordPress Image Photo Gallery Final Tiles Grid plugin <= 3.6.10 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2026-9616MEDIUMGenerate Security.txt <= 1.0.12 - Missing Authorization to Authenticated (Subscriber+) Security.txt Deletion via delete_securitytxt AJAX ActionEPSS 0.2%CVE-2025-69327MEDIUMWordPress Car Rental Manager plugin <= 1.0.9 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2026-49205MEDIUMphpMyFAQ: Missing userHasPermission() in 4 API write endpoints (CVE-2026-24421 Incomplete Fix)EPSS 0.2%CVE-2025-14080MEDIUMFrontend Post Submission Manager Lite <= 1.2.5 - Missing Authorization to Unauthenticated Arbitrary Post ModificationEPSS 0.2%CVE-2025-13177MEDIUMBdtask/CodeCanyon SalesERP cross-site request forgeryEPSS 0.2%CVE-2025-6864MEDIUMSeaCMS admin_type.php cross-site request forgeryEPSS 0.2%CVE-2025-68995MEDIUMWordPress My Sticky Elements plugin <= 2.3.3 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2026-1103MEDIUMAIKTP <= 5.0.04 - Missing Authorization to Authenticated (Subscriber+) Multiple Administrator ActionsEPSS 0.2%CVE-2025-13354MEDIUMTag, Category, and Taxonomy Manager – AI Autotagger with OpenAI <= 3.40.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Taxonomy Term ManipulationEPSS 0.2%CVE-2025-12043MEDIUMAutochat Automatic Conversation <= 1.1.9 - Missing Authorization to Unauthenticated Settings UpdateEPSS 0.2%CVE-2025-32279MEDIUMWordPress Live Forms plugin <= 4.8.5 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2025-63077MEDIUMWordPress Happy Addons for Elementor plugin <= 3.20.3 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2025-64132MEDIUMJenkins MCP Server Plugin 0.84.v50ca_24ef83f2 and earlier does not perform permission checks in multiple MCP tools, allowing attackers to trEPSS 0.2%