Falhas do tipo CWE-862
7.016 resultadosCVE-2026-8688MEDIUMAdvance Nav Menu Manager <= 1.3 - Missing Authorization to Authenticated (Subscriber+) Nav Menu Item Modification via anmm_save_menu_data AJAX ActionEPSS 0.2%CVE-2025-49974MEDIUMWordPress UpStream: a Project Management Plugin for WordPress plugin <= 2.1.1 - Broken Access Control VulnerabilityEPSS 0.2%CVE-2026-49374HIGHIn JetBrains TeamCity before 2026.1 improper permission checks exposed build configuration parametersEPSS 0.2%CVE-2026-53640LOWFOSSBilling missing authorization checks on read-only admin API endpoints expose sensitive staff, client, and redirect dataEPSS 0.2%CVE-2026-53643HIGHFOSSBilling allows low-privileged staff accounts to perform unauthorized actions via admin API endpointsEPSS 0.2%CVE-2025-64369MEDIUMWordPress Contact Form Email plugin <= 1.3.58 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2025-5814MEDIUMProfiler – What Slowing Down Your WP <= 1.0.0 - Missing Authentication to Unauthenticated Arbitrary Plugin Reactivation via State RestorationEPSS 0.2%CVE-2025-69311HIGHWordPress Broadstreet Ads plugin <= 1.52.1 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2026-32818MEDIUMAdmidio is Missing Authorization on Forum Topic and Post DeletionEPSS 0.2%CVE-2025-5813MEDIUMAmazon Products to WooCommerce <= 1.2.7 - Missing Authorization to Unauthenticated Arbitrary Product CreationEPSS 0.2%CVE-2025-14384MEDIUMAll in One SEO – Powerful SEO Plugin to Boost SEO Rankings & Increase Traffic <= 4.9.2 - Missing Authorization to Authenticated (Contributor+) AI Access Token and Credit DisclosureEPSS 0.2%CVE-2025-8778MEDIUMNitroPack <= 1.18.4 - Missing Authorization to Authenticated (Subscriber+) Limited Settings Update via nitropack_set_compression_ajax FunctionEPSS 0.2%CVE-2025-60079HIGHWordPress Parallax Section block plugin <= 1.0.9 - Broken Authentication vulnerabilityEPSS 0.2%CVE-2025-54733MEDIUMWordPress All Bootstrap Blocks Plugin <= 1.3.28 - Broken Access Control VulnerabilityEPSS 0.2%CVE-2026-32514MEDIUMWordPress Petitioner plugin <= 0.7.3 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2026-10609MEDIUMOpenshift/cluster-logging-operator: cluster logging operator creates and forwards serviceaccount tokens without verifying clf creator authorizationEPSS 0.2%CVE-2025-69381HIGHWordPress WooCommerce Bulk Product Editor plugin <= 3.0 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2025-64234MEDIUMWordPress Evergreen Content Poster plugin <= 1.4.5 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2025-3953MEDIUMWP Statistics – The Most Popular Privacy-Friendly Analytics Plugin <= 14.13.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Settings UpdateEPSS 0.2%CVE-2025-13404MEDIUMatec Duplicate Page & Post <= 1.2.20 - Missing Authorization to Authenticated (Contributor+) Arbitrary Post Duplication and Data ExposureEPSS 0.2%