Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-285 (授权机制不恰当) — Vulnerability Class 971

971 vulnerabilities classified as CWE-285 (授权机制不恰当). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2025-65028 Rallly Has an IDOR Vulnerability in Vote Update Endpoint Allows Unauthorized Manipulation of Participant Votes — rallly 6.5 Medium2025-11-19
CVE-2025-13085 SiteSEO – SEO Simplified <= 1.3.2 - Insecure Direct Object Reference to Sensitive Post Meta Disclosure — SiteSEO – SEO Simplified 4.3 Medium2025-11-19
CVE-2025-12814 SiteSEO – SEO Simplified <= 1.3.2 - Improper Authorization to Authenticated Settings Reset — SiteSEO – SEO Simplified 5.3 Medium2025-11-19
CVE-2025-12777 YITH WooCommerce Wishlist <= 4.10.0 - Unauthenticated Wishlist Token Disclosure to Wishlist Item Deletion — YITH WooCommerce Wishlist 5.3 Medium2025-11-19
CVE-2025-12494 Image Gallery – Photo Grid & Video Gallery <= 2.12.28 - Improper Authorization to Authenticated (Author+) Arbitrary Image File Move — Modula Image Gallery – Photo Grid & Video Gallery 4.3 Medium2025-11-15
CVE-2025-13118 macrozheng mall-swarm/mall paySuccess improper authorization — mall-swarm 6.3 Medium2025-11-13
CVE-2025-13117 macrozheng mall-swarm/mall cancelOrder improper authorization — mall-swarm 5.4 Medium2025-11-13
CVE-2025-13116 macrozheng mall-swarm/mall cancelUserOrder improper authorization — mall-swarm 5.4 Medium2025-11-13
CVE-2025-13115 macrozheng mall-swarm/mall Order Details detail improper authorization — mall-swarm 4.3 Medium2025-11-13
CVE-2025-13114 macrozheng mall-swarm attr updateAttr improper authorization — mall-swarm 6.3 Medium2025-11-13
CVE-2025-64523 FileBrowser has Insecure Direct Object Reference (IDOR) in Share Deletion Function — filebrowser 7.1 -2025-11-12
CVE-2025-11521 Astra Security Suite – Firewall & Malware Scan <= 0.2 - Unauthenticated Arbitrary File Upload — Astra Security Suite – Firewall & Malware Scan 8.1 High2025-11-11
CVE-2025-4519 IDonate 2.1.5 - 2.1.9 - Missing Authorization to Authenticated (Subscriber+) Account Takeover/Privilege Escalation via idonate_donor_password Function — IDonate – Blood Donation, Request And Donor Management System 8.8 High2025-11-07
CVE-2025-12360 Better Find and Replace <= 1.7.7 - Missing Authorization — Better Find and Replace – AI-Powered Suggestions 4.3 Medium2025-11-06
CVE-2025-62520 MantisBT unauthorized disclosure of private project column configuration — mantisbt 4.3AIMediumAI2025-11-04
CVE-2025-12367 SiteSEO – SEO Simplified <= 1.3.1 - Missing Authorization to Authenticated (Author+) Plugin Settings Update — SiteSEO – SEO Simplified 4.3 Medium2025-11-01
CVE-2025-11174 Document Library Lite <= 1.1.6 - Missing Authorization to Sensitive Information Exposure — Document Library Lite 5.3 Medium2025-11-01
CVE-2025-12304 dulaiduwang003 TIME-SEA-PLUS Order Status PayController.java alipayIsSucceed improper authorization — TIME-SEA-PLUS 4.3 Medium2025-10-27
CVE-2025-12005 WP VR – 360 Panorama and Free Virtual Tour Builder For WordPress <= 8.5.41 - Improper Authorization to Authenticated (Contributor+) Plugin Settings Update — WP VR – 360 Panorama and Free Virtual Tour Builder For WordPress 4.3 Medium2025-10-25
CVE-2025-6639 Tutor LMS Pro – eLearning and online course solution <= 3.8.3 - Authenticated (Subscriber+) Insecure Direct Object Reference to View/Edit Other Assignments — Tutor LMS Pro 5.4 Medium2025-10-25
CVE-2025-11879 GenerateBlocks <= 2.1.1 - Improper Authorization to Authenticated (Contributor+) Arbitrary Options Disclosure — GenerateBlocks 6.5 Medium2025-10-25
CVE-2025-11244 Password Protected <= 2.7.11 - Unauthenticated Authorization Bypass via IP Address Spoofing — Password Protected — Lock Entire Site, Pages, Posts, Categories, and Partial Content 3.7 Low2025-10-25
CVE-2025-10902 Originality.ai AI Checker <= 1.0.15 - Missing Authorization to Authenticated (Subscriber+) Scan Log Deletion via ' ai_scan_result_remove' — Originality.ai AI Checker 4.3 Medium2025-10-24
CVE-2025-62401 Moodle: possible to bypass timer in timed assignments 5.4 Medium2025-10-23
CVE-2025-62610 Hono Improperly Authorizes JWT Audience Validation — hono 8.1 High2025-10-22
CVE-2025-11256 Kognetiks Chatbot <= 2.3.5 - Missing Authorization to Unauthenticated Limited File Uploads and Conversation Erasing — Kognetiks Chatbot for WordPress 5.3 Medium2025-10-18
CVE-2025-11510 FileBird <= 6.4.9 - Improper Authorization to Authenticated (Author+) Settings Reset — FileBird – WordPress Media Library Folders & File Manager 4.3 Medium2025-10-18
CVE-2025-54822 Fortinet FortiOS和Fortinet FortiProxy 授权问题漏洞 — FortiProxy 4.2 Medium2025-10-14
CVE-2025-61928 Better Auth: Unauthenticated API key creation through api-key plugin — better-auth 7.5AIHighAI2025-10-09
CVE-2025-59271 Redis Enterprise Elevation of Privilege Vulnerability — Azure Cache for Redis Enterprise 8.7 High2025-10-09

Vulnerabilities classified as CWE-285 (授权机制不恰当) represent 971 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.