Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-639 (通过用户控制密钥绕过授权机制) — Vulnerability Class 1039

1039 vulnerabilities classified as CWE-639 (通过用户控制密钥绕过授权机制). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2024-10692 PowerPack Elementor Addons (Free Widgets, Extensions and Templates) <= 2.8.1 - Authenticated (Contributor+) Post Disclosure — PowerPack Addons for Elementor (Free Widgets, Extensions and Templates) 4.3 Medium2024-12-06
CVE-2024-10777 AnyWhere Elementor <= 1.2.11 - Authenticated (Contributor+) Post Disclosure — Dynific Addons for Elementor (formerly AnyWhere Elementor) 4.3 Medium2024-12-05
CVE-2024-10787 LA-Studio Element Kit for Elementor <= 1.4.4 - Authenticated (Contributor+) Post Disclosure — LA-Studio Element Kit for Elementor 4.3 Medium2024-12-04
CVE-2024-12099 Dollie Hub – Build Your Own WordPress Cloud Platform <= 6.2.0 - Authenticated (Contributor+) Post Disclosure — Dollie AI – Connect 4.3 Medium2024-12-04
CVE-2024-42422 Dell NetWorker 安全漏洞 — NetWorker 8.3 High2024-12-03
CVE-2024-12062 Charity Addon for Elementor <= 1.3.3 - Authenticated (Contributor+) Post Disclosure — Charity Addon for Elementor 4.3 Medium2024-12-03
CVE-2024-38827 Spring Security Authorization Bypass for Case Sensitive Comparisons — Spring Security 4.8 Medium2024-12-02
CVE-2024-10780 Restaurant & Cafe Addon for Elementor <= 1.5.9 - Authenticated (Contributor+) Post Disclosure — Restaurant & Cafe Addon for Elementor 4.3 Medium2024-11-28
CVE-2024-10670 Primary Addon for Elementor <= 1.6.2 - Authenticated (Contributor+) Post Disclosure — Primary Addon for Elementor 4.3 Medium2024-11-28
CVE-2024-10798 Royal Elementor Addons and Templates <= 1.7.1003 - Authenticated (Contributor+) Post Disclosure — Royal Addons for Elementor – Addons and Templates Kit for Elementor 4.3 Medium2024-11-28
CVE-2024-10868 Enter Addons – Ultimate Template Builder for Elementor <= 2.1.9 - Authenticated (Contributor+) Post Disclosure — Enter Addons – Ultimate Template Builder for Elementor 4.3 Medium2024-11-23
CVE-2024-50395 Media Streaming add-on — Media Streaming add-on 7.8 -2024-11-22
CVE-2024-10666 Easy Twitter Feed – Twitter feeds plugin for WP <= 1.2.6 - Authenticated (Contributor+) Post Exposure — Feeds for Twitter – Embed Social Media Posts with Live Updates 4.3 Medium2024-11-22
CVE-2024-10671 Button Block – Get fully customizable & multi-functional buttons <= 1.1.4 - Authenticated (Contributor+) Post Disclosure — Button Block – Design Stylish, Interactive, and Multi-Functional Buttons 4.3 Medium2024-11-21
CVE-2024-10782 Theme Builder For Elementor <= 1.2.2 - Authenticated (Contributor+) Post Disclosure — Theme Builder For Elementor 4.3 Medium2024-11-21
CVE-2024-10796 If-So Dynamic Content Personalization <= 1.9.2.1 - Authenticated (Contributor+) Post Disclosure — If-So Dynamic Content Personalization 4.3 Medium2024-11-21
CVE-2024-10696 UltraAddons – Elementor Addons (Header Footer Builder, Custom Font, Custom CSS,Woo Widget, Menu Builder, Anywhere Elementor Shortcode) <= 1.1.8 - Insecure Direct Object Reference to Sensitive Information Exposure via UA_Template Shortcode — UltraAddons for Elementor 4.3 Medium2024-11-21
CVE-2024-10855 Image Optimizer, Resizer and CDN – Sirv <= 7.3.0 - Missing Authorization to Authenticated (Contributor+) Arbitrary Option Deletion — Image Optimizer, Resizer and CDN – Sirv 8.1 High2024-11-20
CVE-2024-11318 IDOR vulnerability in AbsysNet — AbsysNet 7.5 High2024-11-18
CVE-2024-10795 Popularis Extra <= 1.2.7 - Authenticated (Contributor+) Post Disclosure — Popularis Extra 4.3 Medium2024-11-16
CVE-2024-52507 Share information of the Nextcloud Tables app is not limited to affected users — security-advisories 3.5 Low2024-11-15
CVE-2024-52511 Nextcloud Tables has an Authorization Bypass Through User-Controlled Key in Tables — security-advisories 6.3 Medium2024-11-15
CVE-2024-10174 WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts <= 2.6.13 - Insecure Direct Object Reference to Unauthenticated Authorization Bypass — Project Manager – AI Powered Project Management, Task Management, Kanban Board & Time Tracker 7.3 High2024-11-13
CVE-2024-10794 Boostify Header Footer Builder for Elementor <= 1.3.6 - Authenticated (Contributor+) Post Disclosure — Boostify Header Footer Builder for Elementor 4.3 Medium2024-11-13
CVE-2024-10778 BuddyPress Builder for Elementor – BuddyBuilder <= 1.7.4 - Authenticated (Contributor+) Post Disclosure — BuddyPress Builder for Elementor – BuddyBuilder 4.3 Medium2024-11-13
CVE-2023-47543 Fortinet FortiPortal 安全漏洞 — FortiPortal 5.1 Medium2024-11-12
CVE-2024-10695 Futurio Extra <= 2.0.13 - Authenticated (Contributor+) Post Disclosure — Futurio Extra 4.3 Medium2024-11-12
CVE-2024-10688 Attesa Extra <= 1.4.2 - Authenticated (Contributor+) Post Disclosure — Attesa Extra 4.3 Medium2024-11-09
CVE-2024-10669 Countdown Timer block – Display the event's date into a timer. <= 1.2.4 - Authenticated (Contributor+) Post Disclosure — Countdown Timer Block – Animated Countdown for Events or Launches 4.3 Medium2024-11-09
CVE-2024-10667 Content Slider Block – Create fully functional slider with Gutenberg block <= 3.1.5 - Authenticated (Contributor+) Post Disclosure — Content Slider Block – Slide Through Text or Media Content 4.3 Medium2024-11-09

Vulnerabilities classified as CWE-639 (通过用户控制密钥绕过授权机制) represent 1039 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.