Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-862 (授权机制缺失) — Vulnerability Class 5531

5531 vulnerabilities classified as CWE-862 (授权机制缺失). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2025-24643 WordPress WPGuppy plugin <= 1.1.0 - Broken Authentication vulnerability — WPGuppy 6.5 Medium2025-02-03
CVE-2025-24697 WordPress Image Gallery – Responsive Photo Gallery plugin <= 1.0.5 - Broken Access Control vulnerability — Image Gallery – Responsive Photo Gallery 6.5 Medium2025-02-03
CVE-2025-24642 WordPress Setup Default Featured Image plugin <= 1.2 - Broken Access Control vulnerability — Setup Default Featured Image 6.5 Medium2025-02-03
CVE-2025-23527 WordPress WC Wallet plugin <= 2.2.0 - Arbitrary Content Deletion vulnerability — WC Wallet 6.5 Medium2025-02-03
CVE-2024-13775 WooCommerce Support Ticket System <= 17.8 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Deletion and Information Exposure — WooCommerce Support Ticket System 5.4 Medium2025-02-01
CVE-2024-13371 WP Job Portal <= 2.2.6 - Missing Authorization to Unauthenticated Arbitrary Email Sending — WP Job Portal – AI-Powered Recruitment System for Company or Job Board website 5.3 Medium2025-02-01
CVE-2024-12825 Custom Related Posts <= 1.7.3 - Missing Authorization to Authenticated (Subscriber+) Private Post Search and Relation Updates — Custom Related Posts 5.4 Medium2025-02-01
CVE-2025-0939 MagicForm - WordPress Form Builder <= 1.6.2 - Missing Authorization — MagicForm 6.3 Medium2025-02-01
CVE-2024-12171 ELEX WordPress HelpDesk & Customer Ticketing System <= 3.2.6 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation — ELEX WordPress HelpDesk & Customer Ticketing System 8.8 High2025-02-01
CVE-2024-13651 RapidLoad – Optimize Web Vitals Automatically <= 2.4.4 - Missing Authorization to Authenticated (Subscriber+) Limited Setting Reset — RapidLoad AI – Optimize Web Vitals Automatically 4.3 Medium2025-02-01
CVE-2024-12184 WordPress Contact Forms by Cimatti <= 1.9.4 - Missing Authorization to Unauthenticated Form Submission Download — Contact Forms by Cimatti 5.3 Medium2025-02-01
CVE-2024-12620 AnimateGL Animations for WordPress – Elementor & Gutenberg Blocks Animations <= 1.4.23 - Missing Authorization to Unauthenticated Settings Update — AnimateGL Animations for WordPress – Elementor & Gutenberg Blocks Animations 5.3 Medium2025-02-01
CVE-2025-22265 WordPress EMI Calculator plugin <= 1.1 - Settings Change vulnerability — EMI Calculator 6.5 Medium2025-01-31
CVE-2025-22720 WordPress WpRently | WordPress plugin plugin <= 2.2.1 - Broken Access Control vulnerability — Booking and Rental Manager 5.8 Medium2025-01-31
CVE-2024-13530 Custom Login Page Styler <= 7.1.1 - Missing Authorization to Authenticated (Subsciber+) Log Deletion and Session Termination — Login Page Styler – Custom WordPress Login Page Customizer & Security 4.3 Medium2025-01-31
CVE-2024-13415 Food Menu – Restaurant Menu & Online Ordering for WooCommerce <= 5.1.4 - Missing Authorization to Authenticated (Subscriber+) Settings Update — Food Menu – Restaurant Menu & Online Ordering for WooCommerce 4.3 Medium2025-01-31
CVE-2024-13424 Ni Sales Commission For WooCommerce <= 1.2.4 - Missing Authorization to Authenticated (Subscriber+) Commission Update — Ni Sales Commission For WooCommerce 4.3 Medium2025-01-31
CVE-2024-13717 Contact Form and Calls To Action by vcita <= 2.7.1 - Missing Authorization to Authenticated (Subscriber+) Contact/Widget Toggle — Contact Form and Calls To Action by vcita 4.3 Medium2025-01-31
CVE-2024-13767 Live2DWebCanvas <= 1.9.11 - Authenticated (Subscriber+) Arbitrary File Deletion — Live2DWebCanvas 8.1 High2025-01-31
CVE-2024-10591 MWB HubSpot for WooCommerce – CRM, Abandoned Cart, Email Marketing, Marketing Automation & Analytics <= 1.5.9 - Missing Authorization to Authenticated (Contributor+) Arbitrary Options Update — MWB HubSpot for WooCommerce – CRM, Abandoned Cart, Email Marketing, Marketing Automation & Analytics 8.8 High2025-01-30
CVE-2024-12129 Royal Core <= 2.9.2 - Authenticated (Subscriber+) Arbitrary Options Update — Royal Core 8.8 High2025-01-30
CVE-2024-12822 Media Manager for UserPro <= 3.12.0 - Missing Authorization to Unauthenticated Arbitrary Options Update — Media Manager for UserPro 9.8 Critical2025-01-30
CVE-2024-13715 zStore Manager Basic <= 3.311 - Missing Authorization to Authenticated (Subscriber+) Cache Clearing — zStore Manager Basic 4.3 Medium2025-01-30
CVE-2024-12821 Media Manager for UserPro <= 3.12.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update — Media Manager for UserPro 8.8 High2025-01-30
CVE-2024-13652 ECPay Ecommerce for WooCommerce <= 1.1.2411060 - Missing Authorization to Authenticated (Subscriber+) Log Deletion — ECPay Ecommerce for WooCommerce 4.3 Medium2025-01-30
CVE-2024-12269 Safe Ai Malware Protection for WP <= 1.0.17 - Missing Authorization to Unauthenticated Database Export — Safe Ai Malware Protection for WP 7.5 High2025-01-30
CVE-2024-11583 Borderless – Widgets, Elements, Templates and Toolkit for Elementor & Gutenberg <= 1.5.9 - Missing Authorization to Icon Font Deletion — Borderless – Addons and Templates for Elementor 4.3 Medium2025-01-30
CVE-2025-21396 Microsoft Account Elevation of Privilege Vulnerability — Microsoft Account 8.2 High2025-01-29
CVE-2025-23982 WordPress Fare Calculator plugin <= 1.1 - CSRF to Stored Cross-Site Scripting vulnerability — Fare Calculator 7.1 High2025-01-27
CVE-2025-24743 WordPress RomethemeKit For Elementor plugin <= 1.5.2 - Broken Access Control vulnerability — RTMKit 4.3 Medium2025-01-27

Vulnerabilities classified as CWE-862 (授权机制缺失) represent 5531 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.