Falhas do tipo CWE-862
7.018 resultadosCVE-2026-41382LOWOpenClaw < 2026.3.31 - Discord Voice Ingress Authorization Bypass via Channel and Role Validation GapsEPSS 0.2%CVE-2025-67572MEDIUMWordPress PenNews theme < 6.7.4 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2026-1934MEDIUMMotors – Car Dealership & Classified Listings Plugin <= 1.4.103 - Missing Authorization to Authenticated (Subscriber+) Payment Bypass via 'stm_payment_status' ParameterEPSS 0.2%CVE-2025-67573MEDIUMWordPress Sailing theme < 4.4.6 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2025-62152MEDIUMWordPress ConveyThis plugin <= 269.2 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2025-49377MEDIUMWordPress Hydra Booking plugin <= 1.1.9 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2026-24540MEDIUMWordPress Integrate Google Drive plugin <= 1.5.6 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2025-14508MEDIUMMediaCommander – Bring Folders to Media, Posts, and Pages <= 2.3.1 - Missing Authorization to Authenticated (Author+) Media Folder DeletionEPSS 0.2%CVE-2025-63047MEDIUMWordPress ListingPro theme <= 2.9.9 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2026-15034MEDIUMflask-dashboard Flask-MonitoringDashboard cross-site request forgeryEPSS 0.2%CVE-2025-53200MEDIUMWordPress ChatBot plugin <= 6.7.3 - Broken Access Control VulnerabilityEPSS 0.2%CVE-2025-49396MEDIUMWordPress Themify Builder Plugin <= 7.6.7 - Broken Access Control VulnerabilityEPSS 0.2%CVE-2026-1946MEDIUMGW AI Website Builder <= 1.0.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Settings DeletionEPSS 0.2%CVE-2025-62931MEDIUMWordPress MSN Partner Hub plugin <= 2.9 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2025-62740MEDIUMWordPress WP-CRM System plugin <= 3.4.6 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2025-62738MEDIUMWordPress Formstack Online Forms plugin <= 2.0.2 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2026-57689MEDIUMWordPress Werkstatt theme <= 4.7.2 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2025-0763MEDIUMUltimate Classified Listings <= 1.7 - Missing Authorization to Authenticated (Subscriber+) Plugin Settings UpdateEPSS 0.2%CVE-2025-67570MEDIUMWordPress WPForms Google Sheet Connector plugin <= 4.0.0 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2025-14854MEDIUMWP-CRM System – Manage Clients and Projects <= 3.4.5 - Missing Authorization to Authenticated (Subscriber+) CRM Data Exposure and Task ModificationEPSS 0.2%