Falhas do tipo CWE-862

7.039 resultados
CVE-2026-52701MEDIUMWordPress User Registration plugin <= 5.2.2 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2026-23522LOWLobe Chat has IDOR in Knowledge Base File Removal that Allows Cross User File DeletionEPSS 0.2%CVE-2026-4925MEDIUMImproper access control in the users MFA feature in Devolutions Server allows an authenticated user to bypass administrator-enforced restricEPSS 0.2%CVE-2025-67579MEDIUMWordPress User Extra Fields plugin <= 16.8 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2025-54047MEDIUMWordPress Cost Calculator plugin <= 7.4 - Broken Access Control VulnerabilityEPSS 0.2%CVE-2025-54011MEDIUMWordPress SMTP2GO plugin <= 1.12.1 - Broken Access Control VulnerabilityEPSS 0.2%CVE-2026-57375MEDIUMWordPress MStore API plugin <= 4.18.4 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2026-1835MEDIUMlcg0124 BootDo cross-site request forgeryEPSS 0.2%CVE-2025-31606MEDIUMWordPress SP Blog Designer plugin <= 1.0.0 - Arbitrary Shortcode Execution vulnerabilityEPSS 0.2%CVE-2025-67584MEDIUMWordPress GoDAM plugin <= 1.4.6 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2025-1778MEDIUMArt Theme <= 3.12.2.3 - Missing Authorization to Authenticated (Subscriber+) Theme Option DeleteEPSS 0.2%CVE-2026-24310LOWMissing Authorization check in SAP NetWeaver Application Server for ABAPEPSS 0.2%CVE-2026-25028MEDIUMWordPress ElementInvader Addons for Elementor plugin <= 1.4.1 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2023-43488HIGHThe vulnerability allows a low privileged (untrusted) application to modify a critical system property that should be denied, in order to eEPSS 0.2%CVE-2025-66099MEDIUMWordPress Chat Help plugin <= 3.1.3 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2026-2233MEDIUMUser Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registration <= 4.2.8 - Missing Authorization to Unauthenticated Arbitrary Post Modification via 'post_id' ParameterEPSS 0.2%CVE-2025-66107MEDIUMWordPress Subscriptions & Memberships for PayPal plugin <= 1.1.7 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2026-61952MEDIUMWordPress WooCommerce Bulk Edit Products – WP Sheet Editor plugin <= 1.8.21 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2025-14371MEDIUMTaxoPress <= 3.41.0 - Missing Authorization to Authenticated (Contributor+) Arbitrary Post Tag ModificationEPSS 0.2%CVE-2026-42051MEDIUMKirby: System API endpoint leaks license data and installed version to authenticated usersEPSS 0.2%