Falhas do tipo CWE-862
7.016 resultadosCVE-2026-9237MEDIUMEmployee, Leave and Recruitment Management System <= 1.2.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Job Deletion via crewhrm_singleJobAction AJAX ActionEPSS 0.2%CVE-2025-14948MEDIUMminiOrange OTP Verification and SMS Notification for WooCommerce <= 4.3.8 - Missing Authorization to Unauthenticated Notification Settings ModificationEPSS 0.2%CVE-2025-12639MEDIUMwModes – Catalog Mode, Product Pricing, Enquiry Forms & Promotions | for WooCommerce <= 1.2.2 - Missing Authorization to Sensitive Information DisclosureEPSS 0.2%CVE-2025-14880MEDIUMNetcash WooCommerce Payment Gateway <= 4.1.3 - Missing Authorization to Unauthenticated Order Status ModificationEPSS 0.2%CVE-2025-47565MEDIUMWordPress EventON plugin <= 4.9.9 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2025-14001MEDIUMWP Duplicate Page <= 1.8 - Missing Authorization to Authenticated (Contributor+) Arbitrary Post DuplicationEPSS 0.2%CVE-2025-5812MEDIUMVG WORT METIS <= 2.0.0 - Missing Authorization to Authenticated (Subscriber+) Limited Settings UpdateEPSS 0.2%CVE-2026-33915MEDIUMOpenEMR Missing ACL Checks on Insurance Company API RoutesEPSS 0.2%CVE-2025-49974MEDIUMWordPress UpStream: a Project Management Plugin for WordPress plugin <= 2.1.1 - Broken Access Control VulnerabilityEPSS 0.2%CVE-2025-66077MEDIUMWordPress Legal Pages plugin <= 1.4.6 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2025-14608MEDIUMWP Last Modified Info <= 1.9.5 - Insecure Direct Object Reference to Authenticated (Author+) Post Metadata ModificationEPSS 0.2%CVE-2026-28380MEDIUMBAC in Snapshot API allows deletion of unauthorized dashboard snapshotsEPSS 0.2%CVE-2026-8688MEDIUMAdvance Nav Menu Manager <= 1.3 - Missing Authorization to Authenticated (Subscriber+) Nav Menu Item Modification via anmm_save_menu_data AJAX ActionEPSS 0.2%CVE-2025-66083MEDIUMWordPress WpEvently plugin <= 5.0.4 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2026-9172MEDIUMDevs Accounting <= 1.2.0 - Missing Authorization to Unauthenticated Account Deletion via /delete-account/ REST EndpointEPSS 0.2%CVE-2025-64139MEDIUMA missing permission check in Jenkins Start Windocks Containers Plugin 1.4 and earlier allows attackers with Overall/Read permission to connEPSS 0.2%CVE-2026-45244LOWSummarize < 0.15.1 Unapproved Browser Automation ExecutionEPSS 0.2%CVE-2025-14755MEDIUMCost Calculator Builder <= 4.0.1 - Unauthenticated Price Manipulation and Insecure Direct Object ReferenceEPSS 0.2%CVE-2025-12449MEDIUMaBlocks – WordPress Gutenberg Blocks <= 2.4.0 - Missing Authorization to Authenticated (Subscriber+) Settings ModificationEPSS 0.2%CVE-2025-12895MEDIUMKalium <= 3.29 - Missing Authorization to Unauthenticated Mail Relay via kalium_vc_contact_form_requestEPSS 0.2%