Falhas do tipo CWE-862
7.014 resultadosCVE-2026-3445HIGHPaid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress <= 4.16.11 - Missing Authorization to Authenticated (Subscriber+) Membership Payment BypassEPSS 0.2%CVE-2025-68994MEDIUMWordPress Product Loops for WooCommerce plugin <= 2.1.2 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2026-5693MEDIUMSmart Appointment & Booking <= 1.0.8 - Missing Authorization to Unauthenticated Arbitrary Booking CancellationEPSS 0.2%CVE-2026-39668MEDIUMWordPress Book Previewer for Woocommerce plugin <= 1.0.6 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2026-0506HIGHMissing Authorization check in SAP NetWeaver Application Server ABAP and ABAP PlatformEPSS 0.2%CVE-2025-69009MEDIUMWordPress Medicalequipment theme <= 1.0.9 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2026-23548MEDIUMWordPress DirectoryPress plugin <= 3.6.25 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2026-39637MEDIUMWordPress Mogi theme <= 1.2.3 - Arbitrary Shortcode Execution vulnerabilityEPSS 0.2%CVE-2025-6726MEDIUMBlock Editor Gallery Slider <= 1.1.1 - Missing Authorization to Authenticated (Subscriber+) Limited Post Meta UpdateEPSS 0.2%CVE-2026-25384MEDIUMWordPress WP-Lister Lite for eBay plugin <= 3.8.5 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2025-40667HIGHMissing authorization vulnerability in TCMAN GIM v11EPSS 0.2%CVE-2026-24967MEDIUMWordPress Amelia plugin <= 1.2.38 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2025-54743MEDIUMWordPress Download After Email Plugin 2.1.5-2.1.6 - Other Vulnerability Type VulnerabilityEPSS 0.2%CVE-2026-25370MEDIUMWordPress WP Compress plugin <= 6.60.28 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2025-13529MEDIUMUnify <= 3.4.9 - Missing Authorization to Unauthenticated Option Deletion via 'unify_plugin_downgrade' ParameterEPSS 0.2%CVE-2025-12449MEDIUMaBlocks – WordPress Gutenberg Blocks <= 2.4.0 - Missing Authorization to Authenticated (Subscriber+) Settings ModificationEPSS 0.2%CVE-2025-64142MEDIUMA missing permission check in Jenkins Nexus Task Runner Plugin 0.9.2 and earlier allows attackers with Overall/Read permission to connect toEPSS 0.2%CVE-2025-14608MEDIUMWP Last Modified Info <= 1.9.5 - Insecure Direct Object Reference to Authenticated (Author+) Post Metadata ModificationEPSS 0.2%CVE-2025-8488MEDIUMUltimate Addons for Elementor (Formerly Elementor Header & Footer Builder) <= 2.4.6 - Missing Authorization to Authenticated (Subscriber+) Limited Settings UpdateEPSS 0.2%CVE-2025-49976MEDIUMWordPress WANotifier plugin <= 2.7.12 - Broken Access Control vulnerabilityEPSS 0.2%