CWE-862 (授权机制缺失) — Vulnerability Class 5531

5531 vulnerabilities classified as CWE-862 (授权机制缺失). AI Chinese analysis included.

CVE ID	Title	CVSS	Severity	Published
CVE-2025-22787	WordPress Button Block plugin <= 1.1.5 - Broken Access Control vulnerability — Button Block	4.3	Medium	2025-01-15
CVE-2024-11851	NitroPack <= 1.17.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Transient Update — NitroPack – Performance, Page Speed & Cache Plugin for Core Web Vitals, CDN & Image Optimization	4.3	Medium	2025-01-15
CVE-2024-11848	NitroPack <= 1.17.0 - Missing Authorization to Authenticated (Subscriber+) Limited Options Update — NitroPack – Performance, Page Speed & Cache Plugin for Core Web Vitals, CDN & Image Optimization	8.1	High	2025-01-15
CVE-2025-23025	Privilege escalation (PR) through realtime WYSIWYG editing in XWiki — xwiki-platform	9.1	Critical	2025-01-14
CVE-2024-12006	W3 Total Cache <= 2.8.1 Missing Authorization to Unauthenticated Plugin Deactivation and Extensions Activation/Deactivation — W3 Total Cache	5.3	Medium	2025-01-14
CVE-2024-12365	W3 Total Cache <= 2.8.1 - Authenticated (Subscriber+) Missing Authorization to Server-Side Request Forgery — W3 Total Cache	8.5	High	2025-01-14
CVE-2025-0068	Missing Authorization check in Remote Function Call (RFC) in SAP NetWeaver Application Server ABAP — SAP NetWeaver Application Server ABAP	4.3	Medium	2025-01-14
CVE-2025-0067	Missing Authorization check in SAP NetWeaver Application Server Java — SAP NetWeaver Application Server Java	6.3	Medium	2025-01-14
CVE-2025-22800	WordPress Post SMTP plugin <= 2.9.11 - Broken Access Control vulnerability — Post SMTP	4.3	Medium	2025-01-13
CVE-2024-12204	Coupon X: Discount Pop Up, Promo Code Pop Ups, Announcement Pop Up, WooCommerce Popups <= 1.3.5 - Missing Authorization — Coupon X – Discount Popups & Promo Codes Pop Ups for WooCommerce	5.4	Medium	2025-01-11
CVE-2024-12606	AI Scribe – SEO AI Writer, Content Generator, Humanizer, Blog Writer, SEO Optimizer, DALLE-3, AI WordPress Plugin ChatGPT (GPT-4o 128K) <= 2.5 - Missing Authorization to Authenticated (Subscriber+) Settings Update — Opace AI Scribe: SEO Content Creator & Humaizer for OpenAI & Anthropic	4.3	Medium	2025-01-10
CVE-2024-13312	Open Social - Moderately critical - Access bypass - SA-CONTRIB-2024-076 — Open Social	7.5	-	2025-01-09
CVE-2024-13303	Download All Files - Critical - Access bypass - SA-CONTRIB-2024-069 — Download All Files	7.5	-	2025-01-09
CVE-2024-13243	Entity Delete Log - Moderately critical - Access bypass - SA-CONTRIB-2024-007 — Entity Delete Log	9.1	-	2025-01-09
CVE-2025-22561	WordPress Title Experiments Free plugin <= 9.0.4 - Broken Access Control vulnerability — Title Experiments Free	4.3	Medium	2025-01-09
CVE-2024-6155	Greenshift – animation and page builder blocks <= 9.0.0 - Missing Authorization to Authenticated (Subscriber+) Server-Side Request Forgery and Stored Cross-Site Scripting — Greenshift – animation and page builder blocks	6.4	Medium	2025-01-09
CVE-2024-12542	linkID <= 0.1.2 - Missing Authorization to Unauthenticated Sensitive Information Exposure — linkID	8.6	High	2025-01-09
CVE-2024-12616	Bitly's WordPress Plugin <= 2.7.3 - Missing Authorization to Authenticated (Subscriber+) Settings Update — Bitly's WordPress Plugin	4.3	Medium	2025-01-09
CVE-2024-12848	SKT Page Builder <= 4.6 - Authenticated (Subscriber+) Arbitrary File Upload — SKT Page Builder	8.8	High	2025-01-09
CVE-2024-11929	Responsive FlipBook Plugin Wordpress <= 2.5.0 - Authenticated (Subscriber+) Stored Cross-Site Scripting — Responsive FlipBook Plugin Wordpress	6.4	Medium	2025-01-09
CVE-2024-5769	MIMO Woocommerce Order Tracking <= 1.0.2 - Missing Authorization to Limited Settings Update — MIMO Woocommerce Order Tracking	4.3	Medium	2025-01-09
CVE-2024-12249	GS Insever Portfolio <= 1.4.5 - Missing Authorization to Authenticated (Subscriber+) CSS Injection — GS Insever Portfolio	4.3	Medium	2025-01-09
CVE-2024-12618	Newsletter2Go <= 4.0.14 - Missing Authorization to Authenticated (Subscriber+) Style Reset — Newsletter2Go	4.3	Medium	2025-01-09
CVE-2024-12431	Missing Authorization in GitLab — GitLab	4.3	Medium	2025-01-08
CVE-2024-11423	Ultimate Gift Cards for WooCommerce <= 3.0.6 - Missing Authorization to Infinite Money Glitch — Gift Cards for WooCommerce Pro	7.5	High	2025-01-08
CVE-2024-12712	Shopping Cart & eCommerce Store <= 5.7.8 - Missing Authorization to Order Updates — Shopping Cart & eCommerce Store	5.3	Medium	2025-01-08
CVE-2024-12855	AdForest - Classified Ads WordPress Theme <= 5.1.7 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post/Attachment Deletion — AdForest	4.3	Medium	2025-01-08
CVE-2024-11270	WordPress Webinar Plugin – WebinarPress <= 1.33.24 - Missing Authorization to Authenticated (Subscriber+) Arbitrary File Creation — WebinarPress – Webinar System for WordPress	8.8	High	2025-01-08
CVE-2024-11271	WordPress Webinar Plugin – WebinarPress <= 1.33.24 - Missing Authorization to Authenticated (Subscriber+) Webinar Updates — WebinarPress – Webinar System for WordPress	8.8	High	2025-01-08
CVE-2024-11916	The Ultimate WordPress Toolkit – WP Extended <= 3.0.11 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting — The Ultimate WordPress Toolkit – WP Extended	7.4	High	2025-01-08

Vulnerabilities classified as CWE-862 (授权机制缺失) represent 5531 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.

Goal Reached Thanks to every supporter — we hit 100%!

CWE-862 (授权机制缺失) — Vulnerability Class 5531