CWE-862 (授权机制缺失) — Vulnerability Class 5532

5532 vulnerabilities classified as CWE-862 (授权机制缺失). AI Chinese analysis included.

CVE ID	Title	CVSS	Severity	Published
CVE-2024-12881	PlugVersions – Easily rollback to previous versions of your plugins <= 0.0.7 - Missing Authorization to Authenticated (Subscriber+) Arbitrary File Creation — PlugVersions – Easily roll back to previous versions of your plugins.	8.8	High	2024-12-24
CVE-2024-12210	Print Invoice & Delivery Notes for WooCommerce <= 5.4.0 - Missing Authorization to Authenticated (Subscriber+) Logo Deletion — Print Invoice & Delivery Notes for WooCommerce	4.3	Medium	2024-12-24
CVE-2024-12594	ALL In One Custom Login Page <= 7.1.1 - Missing Authorization to Authenticated (Subscriber+)Privilege Escalation — Login Page Styler – Custom WordPress Login Page Customizer & Security	8.8	High	2024-12-24
CVE-2024-12617	WC Price History for Omnibus <= 2.1.3 - Missing Authorization — WC Price History	5.4	Medium	2024-12-24
CVE-2024-12266	ELEX WooCommerce Dynamic Pricing and Discounts <= 2.1.7 - Missing Authorization — ELEX WooCommerce Dynamic Pricing and Discounts	6.5	Medium	2024-12-24
CVE-2024-11852	Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) <= 5.10.12 - Missing Authorization — Element Pack – Widgets, Templates & Addons for Elementor	4.3	Medium	2024-12-22
CVE-2024-12558	WP BASE Booking of Appointments, Services and Events <= 4.9.2 - Missing Authorization to Authenticated (Subscriber+) Sensitive Information Exposure via app_export_db — WP BASE Booking of Appointments, Services and Events	6.5	Medium	2024-12-21
CVE-2024-56349	JetBrains TeamCity 安全漏洞 — TeamCity	5.3	Medium	2024-12-20
CVE-2024-12331	File Manager Pro – Filester <= 1.8.6 - Missing Authorization to Authenticated (Subscriber+) Filebird Plugin Installation — File Manager Pro – Filester	4.3	Medium	2024-12-19
CVE-2024-56048	WordPress WPLMS plugin <= 1.9.9 - Arbitrary Option Update to Privilege Escalation vulnerability — WPLMS	8.8	High	2024-12-18
CVE-2024-54381	WordPress Advance Menu Manager plugin <= 3.1.1 - Settings Change vulnerability — Advance Menu Manager	7.1	High	2024-12-18
CVE-2024-55997	WordPress Order Delivery & Pickup Location Date Time plugin <= 1.1.0 - Settings Change vulnerability — Order Delivery & Pickup Location Date Time	6.5	Medium	2024-12-18
CVE-2024-52485	WordPress WP Menu Image plugin <= 2.2 - Broken Access Control vulnerability — WP Menu Image	6.5	Medium	2024-12-18
CVE-2024-56008	WordPress Spreadr Woocommerce plugin <= 1.0.4 - Arbitrary Content Deletion vulnerability — Spreadr Woocommerce	7.5	High	2024-12-18
CVE-2024-11926	Traveler <= 3.1.6 - Missing Authorization in Several AJAX Actions — Travel Booking WordPress Theme	6.5	Medium	2024-12-18
CVE-2024-12596	LifterLMS – WP LMS for eLearning, Online Courses, & Quizzes <= 7.8.5 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Deletion — LifterLMS – WP LMS for eLearning, Online Courses, & Quizzes	4.3	Medium	2024-12-18
CVE-2024-12259	CRM WordPress Plugin – RepairBuddy <= 3.8120 - Missing Authorization to Account Takeover/Privilege Escalation — RepairBuddy – Repair Shop CRM & Booking Plugin for WordPress	8.8	High	2024-12-18
CVE-2024-56003	WordPress Caldera SMTP Mailer plugin <= 1.0.1 - Broken Access Control vulnerability — Caldera SMTP Mailer	4.3	Medium	2024-12-16
CVE-2024-55999	WordPress XML Multilanguage Sitemap Generator plugin <= 2.0.6 - Broken Access Control vulnerability — XML Multilanguage Sitemap Generator	5.3	Medium	2024-12-16
CVE-2024-54354	WordPress Termin-Kalender plugin <= 0.99.47 - Broken Access Control vulnerability — Termin-Kalender	6.5	Medium	2024-12-16
CVE-2024-54359	WordPress Banner System plugin <= 1.0.0 - Broken Access Control vulnerability — Banner System	8.2	High	2024-12-16
CVE-2024-54369	WordPress Zita Site Builder plugin <= 1.0.2 - Arbitrary Plugin Installation and Activation vulnerability — Zita Site Builder	9.1	Critical	2024-12-16
CVE-2024-54379	WordPress Minterpress plugin <= 1.0.5 - Arbitrary Option Update to Privilege Escalation vulnerability — Minterpress	8.8	High	2024-12-16
CVE-2024-54378	WordPress Quietly Insights plugin <= 1.2.2 - Arbitrary Option Update to Privilege Escalation vulnerability — Quietly Insights	8.8	High	2024-12-16
CVE-2024-55996	WordPress Payment gateway per Product for WooCommerce plugin <= 3.5.6 - Broken Access Control vulnerability — Dreamfox Media Payment gateway per Product for Woocommerce	6.1	Medium	2024-12-16
CVE-2024-54384	WordPress Falcon – WordPress Optimizations & Tweaks plugin <= 2.8.3 - Broken Access Control vulnerability — Falcon – WordPress Optimizations & Tweaks	4.3	Medium	2024-12-16
CVE-2024-54417	WordPress PixProof plugin <= 2.0.1 - Broken Access Control vulnerability — PixProof	5.3	Medium	2024-12-16
CVE-2024-55992	WordPress WooCommerce Basic Ordernumbers plugin <= 1.4.4 - Broken Access Control vulnerability — WooCommerce Basic Ordernumbers	5.4	Medium	2024-12-16
CVE-2024-55993	WordPress Job Board Manager plugin <= 2.1.61 - Broken Access Control vulnerability — Job Board Manager	5.3	Medium	2024-12-16
CVE-2024-55994	WordPress 畅言评论系统 plugin <= 2.0.5 - Broken Access Control vulnerability — 畅言评论系统	4.3	Medium	2024-12-16

Vulnerabilities classified as CWE-862 (授权机制缺失) represent 5532 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.

Goal Reached Thanks to every supporter — we hit 100%!

CWE-862 (授权机制缺失) — Vulnerability Class 5532