Falhas do tipo CWE-862
6.842 resultadosCVE-2024-52383HIGHWordPress Ai Auto Tool Content Writing Assistant plugin <= 2.1.2 - Broken Access Control vulnerabilityEPSS 0.4%CVE-2026-45395HIGHOpen WebUI: Missing `workspace.tools` Authorization Check on Tool Update Endpoint Allows Privilege Escalation to Code ExecutionEPSS 0.4%CVE-2024-31368MEDIUMWordPress Soledad theme <= 8.4.2 - Unauthenticated Broken Access Control vulnerabilityEPSS 0.4%CVE-2024-44021MEDIUMWordPress Truepush plugin <= 1.0.8 - Broken Access Control vulnerabilityEPSS 0.4%CVE-2024-34378HIGHWordPress LeadConnector plugin <= 1.7 - API Broken Access Control vulnerabilityEPSS 0.4%CVE-2025-6190HIGHRealty Portal – Agent <= 0.3.9 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation via rp_user_profile() FunctionEPSS 0.4%CVE-2024-32509MEDIUMWordPress WP Cost Estimation & Payment Forms Builder plugin <= 10.1.76 - Broken Access Control vulnerabilityEPSS 0.4%CVE-2026-39429HIGHkcp's cache server is accessible without authentication or authorization checksEPSS 0.4%CVE-2024-5087MEDIUMMinimal Coming Soon – Coming Soon Page <= 2.38 - Missing Authorization to Limited Settings ChangeEPSS 0.4%CVE-2023-41664MEDIUMWordPress Easy Newsletter Signups plugin <= 1.0.4 - Broken Access Control vulnerabilityEPSS 0.4%CVE-2024-43274MEDIUMWordPress JS Help Desk – The Ultimate Help Desk plugin <= 2.8.6 - Broken Access Control vulnerabilityEPSS 0.4%CVE-2026-0845HIGHWCFM - WooCommerce Frontend Manager <= 6.7.24 - Authenticated (Shop Manager+) Arbitrary Options UpdateEPSS 0.4%CVE-2024-43982HIGHWordPress Login As Users plugin <= 1.4.3 - Broken Access Control to Account Takeover vulnerabilityEPSS 0.4%CVE-2024-33558MEDIUMWordPress XStore Core plugin <= 5.3.5 - Limited Arbitrary File Download vulnerabilityEPSS 0.4%CVE-2024-9586MEDIUMLinkz.ai <= 1.1.8 - Missing Authorization to Unauthenticated Plugin Settings UpdateEPSS 0.4%CVE-2024-2844MEDIUMEasy Appointments <= 3.11.18 - Insufficient AuthorizationEPSS 0.4%CVE-2025-30880HIGHWordPress JS Help Desk plugin <= 2.9.2 - Broken Access Control vulnerabilityEPSS 0.4%CVE-2026-3614HIGHAcyMailing 9.11.0 - 10.8.1 - Missing Authorization to Authenticated (Subscriber+) Privilege EscalationEPSS 0.4%CVE-2025-5486CRITICALWP Email Debug 1.0 - 1.1.0 - Missing Authorization to Unauthenticated Privilege Escalation via Password ResetEPSS 0.4%CVE-2025-30797HIGHWordPress Greek Multi Tool – Fix peralinks, accents, auto create menus and more plugin <= 2.3.1 - Broken Access Control VulnerabilityEPSS 0.4%