Falhas do tipo CWE-862

6.851 resultados
CVE-2023-2791MEDIUMPlaybooks lets you edit arbitrary postsEPSS 0.4%CVE-2024-4858MEDIUMTestimonial Carousel For Elementor <= 10.2.0 - Missing Authorization to Limited Setting UpdateEPSS 0.4%CVE-2023-29429MEDIUMWordPress User Registration plugin <= 2.3.2.1 - Broken Access Control vulnerabilityEPSS 0.4%CVE-2026-25058HIGHVexa's unauthenticated internal transcript endpoint exposed by defaultEPSS 0.4%CVE-2024-35735MEDIUMWordPress WP Time Slots Booking Form plugin <= 1.2.11 - Broken Access Control vulnerabilityEPSS 0.4%CVE-2024-31276MEDIUMWordPress Products, Order & Customers Export for WooCommerce plugin <= 2.0.8 - Broken Access Control vulnerabilityEPSS 0.4%CVE-2024-0619MEDIUMPayflex Payment Gateway <= 2.5.0 - Missing Authorization to Order Status UpdateEPSS 0.4%CVE-2024-8199MEDIUMReviews Feed – Add Testimonials and Customer Reviews From Google Reviews, Yelp, TripAdvisor, and More <= 1.1.2 - Missing Authorization to Authenticated (Subscriber+) Limited Settings UpdateEPSS 0.4%CVE-2022-45819LOWWordPress Popup Maker plugin <= 1.17.1 - Broken Access Control vulnerabilityEPSS 0.4%CVE-2024-34758MEDIUMWordPress FundEngine – Donation and Crowdfunding Platform plugin <= 1.6.4 - Broken Access Control vulnerabilityEPSS 0.4%CVE-2024-37516MEDIUMWordPress Featured Image from URL (FIFU) plugin <= 4.8.2 - Broken Access Control vulnerabilityEPSS 0.4%CVE-2024-7045MEDIUMImproper Access Control in open-webui/open-webuiEPSS 0.4%CVE-2024-7046MEDIUMImproper Access Control in open-webui/open-webuiEPSS 0.4%CVE-2025-42955LOWMissing authorization check in SAP Cloud ConnectorEPSS 0.4%CVE-2026-9284HIGHWooCommerce PayPal Payments <= 4.0.1 - Missing Authorization to Unauthenticated Order Manipulation and Information DisclosureEPSS 0.4%CVE-2024-52395MEDIUMWordPress Floating Buttons for WooCommerce plugin <= 2.8.8 - Broken Access Control vulnerabilityEPSS 0.4%CVE-2025-31681CRITICALAuthenticator Login - Critical - Access bypass - SA-CONTRIB-2025-009EPSS 0.4%CVE-2024-6591MEDIUMUltimate WordPress Auction Plugin <= 4.2.7 - Missing Authorization to Unauthenticated Email CreationEPSS 0.4%CVE-2025-70986HIGHIncorrect access control in the selectDept function of RuoYi v4.8.2 allows unauthorized attackers to arbitrarily access sensitive departmentEPSS 0.4%CVE-2025-31691CRITICALOAuth2 Server - Moderately critical - Access bypass - SA-CONTRIB-2025-020EPSS 0.4%