Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-264 (权限、特权和访问控制) — Vulnerability Class 277

277 vulnerabilities classified as CWE-264 (权限、特权和访问控制). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2022-38058 WordPress WP Shamsi plugin <= 4.1.1 - Authenticated Plugin Setting change vulnerability — WP Shamsi (WordPress plugin) 4.3 Medium2022-09-09
CVE-2022-38070 WordPress Pop-up plugin <= 1.1.5 - Privilege Escalation vulnerability — Pop-up (WordPress plugin) 5.4 Medium2022-09-09
CVE-2022-37344 WordPress Accommodation System plugin <= 1.0.1 - Missing Access Control vulnerability — Accommodation System (WordPress plugin) 7.6 High2022-09-06
CVE-2022-36427 WordPress About Rentals plugin <= 1.5 - Missing Access Control vulnerability — About Rentals (WordPress plugin) 7.3 High2022-09-06
CVE-2022-36387 WordPress About Me plugin <= 1.0.12 - Broken Access Control vulnerability — About Me (WordPress plugin) 7.6 High2022-09-06
CVE-2022-36425 WordPress Beaver Builder plugin <= 2.5.4.3 - Broken Access Control vulnerability — Beaver Builder – WordPress Page Builder (WordPress plugin) 5.4 Medium2022-09-06
CVE-2022-34868 WordPress ЮKassa для WooCommerce plugin <= 2.3.0 - Authenticated Arbitrary Settings Update vulnerability — ЮKassa для WooCommerce (WordPress plugin) 8.8 High2022-08-23
CVE-2022-35242 WordPress THE Leads Management System: 59sec LITE plugin <= 3.4.1 - Unauthenticated plugin settings change vulnerability — THE Leads Management System: 59sec LITE (WordPress plugin) 6.5 Medium2022-08-23
CVE-2022-34149 WordPress WP OAuth Server plugin <= 3.0.4 - Authentication Bypass vulnerability — WP OAuth Server (WordPress plugin) 9.8 Critical2022-08-22
CVE-2022-25649 WordPress Affiliate For WooCommerce premium plugin <= 4.7.0 - Multiple Improper Access Control vulnerabilities — Affiliate For WooCommerce (WordPress plugin) 5.0 Medium2022-08-05
CVE-2022-33970 WordPress Shortcode Addons plugin <= 3.1.2 - Authenticated WordPress Options Change vulnerability — Shortcode Addons (WordPress plugin) 7.2 High2022-07-27
CVE-2022-36375 WordPress Tabs plugin <= 3.6.0 - Authenticated WordPress Options Change vulnerability — Tabs (WordPress plugin) 7.2 High2022-07-25
CVE-2022-33969 WordPress Flipbox plugin <= 2.6.0 - Authenticated WordPress Options Change vulnerability — Flipbox (WordPress plugin) 7.2 High2022-07-25
CVE-2022-27235 WordPress Social Share Buttons by Supsystic plugin <= 2.2.3 - Multiple Broken Access Control vulnerabilities — Social Share Buttons by Supsystic (WordPress plugin) 6.3 Medium2022-07-22
CVE-2022-34487 WordPress Shortcode Addons plugin <= 3.0.2 - Unauthenticated Arbitrary Option Update vulnerability — Shortcode Addons (WordPress plugin) 9.8 Critical2022-07-21
CVE-2022-33198 WordPress Accordions plugin <= 2.0.2 - Unauthenticated WordPress Options Change vulnerability — Accordions (WordPress plugin) 9.8 Critical2022-07-21
CVE-2022-23714 Elastic 安全漏洞 — Endpoint Security 7.8 -2022-07-06
CVE-2021-33036 Apache Hadoop Privilege escalation vulnerability — Apache Hadoop 8.8 -2022-06-15
CVE-2020-36528 Platinum Mobile MobileHandler.ashx access control — Platinum Mobile 5.5 Medium2022-06-03
CVE-2022-29423 WordPress Countdown & Clock plugin <= 2.3.2 - Pro Features Lock Bypass vulnerability — Countdown & Clock (WordPress plugin) 3.8 Low2022-05-06
CVE-2022-1548 Playbook members are allowed to escalate their membership privileges and perform actions restricted to playbook admins. — Mattermost Playbooks 3.7 Low2022-05-03
CVE-2022-29444 WordPress Breeze plugin <= 2.0.2 - Plugin Settings Change leading to Cross-Site Scripting (XSS) vulnerability — Breeze (WordPress plugin) 6.5 Medium2022-05-02
CVE-2022-0237 Rapid7 Insight Agent Privilege Escalation — Insight Agent 4.0 Medium2022-03-17
CVE-2022-23731 Lg Electronics Lg WebOs 安全漏洞 — LG webOS TV 8.4 -2022-03-11
CVE-2022-23709 Elastic Stack Kibana 安全漏洞 — kibana 4.3 -2022-03-03
CVE-2022-23708 Elasticsearch 安全漏洞 — elasticsearch 4.3 -2022-03-03
CVE-2021-27644 DolphinScheduler mysql jdbc connector parameters deserialize remote code execution — Apache DolphinScheduler 8.8 -2021-11-01
CVE-2021-25482 Samsung SMR SQL注入漏洞 — Samsung Mobile Devices 5.9 Medium2021-10-06
CVE-2021-25472 Samsung SMR 安全漏洞 — Samsung Mobile Devices 4.0 Medium2021-10-06
CVE-2021-36879 WordPress uListing plugin <= 2.0.5 - Unauthenticated Privilege Escalation vulnerability — uListing (WordPress plugin) 9.8 Critical2021-09-27

Vulnerabilities classified as CWE-264 (权限、特权和访问控制) represent 277 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.