Falhas do tipo CWE-862
7.039 resultadosCVE-2026-24995MEDIUMWordPress Latest Post Shortcode plugin <= 14.2.0 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2026-8239MEDIUMConcrete CMS 9.5.0 and below is vulnerable to IDOR in '/ccm/frontend/conversations/get_rating'EPSS 0.2%CVE-2025-48916MEDIUMBookable Calendar - Less critical - Access bypass - SA-CONTRIB-2025-070EPSS 0.2%CVE-2026-42412MEDIUMWordPress WP User Frontend plugin <= 4.3.1 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2025-5185MEDIUMSummer Pearl Group Vacation Rental Management Platform cross-site request forgeryEPSS 0.2%CVE-2026-45443MEDIUMWordPress PDF for Elementor Forms + Drag And Drop Template Builder plugin <= 5.5.1 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2025-54712MEDIUMWordPress Easy Elementor Addons Plugin <= 2.2.7 - Broken Access Control VulnerabilityEPSS 0.2%CVE-2026-9303MEDIUMcalcom cal.diy cross-site request forgeryEPSS 0.2%CVE-2025-9029MEDIUMWDesignKit – Elementor & Gutenberg Starter Templates, Patterns, Cloud Workspace & Widget Builder <= 1.2.16 - Missing Authentication via wdkit_handle_review_submission FunctionEPSS 0.2%CVE-2025-53112MEDIUMGLPI's incomprehensive permission checks can lead to data removal from allowed usersEPSS 0.2%CVE-2025-12015MEDIUMConvert WebP & AVIF | Quicq | Best image optimizer and compression plugin | Improve your Google Pagespeed <= 2.0.0 - Missing Authorization to Authenticated (Subscriber+) Afosto DisconnectEPSS 0.2%CVE-2026-1751LOWMissing Authorization in GitLabEPSS 0.2%CVE-2025-42987MEDIUMMissing Authorization Check in SAP S/4HANA (Manage Processing Rules - For Bank Statement)EPSS 0.2%CVE-2025-69315MEDIUMWordPress Simply Schedule Appointments plugin <= 1.6.9.15 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2026-23545MEDIUMWordPress Aruba HiSpeed Cache plugin <= 3.0.4 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2026-4968MEDIUMSourceCodester Diary App diary.php cross-site request forgeryEPSS 0.2%CVE-2025-12167MEDIUMContact Form 7 AWeber Extension <= 0.1.42 - Missing Authorization to Authenticated (Subscriber+) Log ResetEPSS 0.2%CVE-2025-42991MEDIUMMissing Authorization check in SAP S/4HANA (Bank Account Application)EPSS 0.2%CVE-2025-63024MEDIUMWordPress Order Delivery Date for WooCommerce plugin <= 4.3.1 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2025-55716MEDIUMWordPress WP Statistics Plugin <= 14.15 - Broken Access Control VulnerabilityEPSS 0.2%