Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-862 (授权机制缺失) — Vulnerability Class 5532

5532 vulnerabilities classified as CWE-862 (授权机制缺失). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2024-10486 Google for WooCommerce <= 2.8.6 - Information Disclosure via Publicly Accessible PHP Info File — Google for WooCommerce 5.3 Medium2024-11-18
CVE-2024-10390 Elfsight Telegram Chat CC <= 1.1.0 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting — Elfsight Telegram Chat CC 6.4 Medium2024-11-18
CVE-2024-48898 Moodle: some users can delete audiences of other reports 4.3AIMediumAI2024-11-18
CVE-2024-52416 WordPress Debug Tool plugin <= 2.2 - Remote Code Execution vulnerability — Debug Tool 10.0 Critical2024-11-16
CVE-2024-10614 Customer Reviews for WooCommerce <= 5.61.0 - Missing Authorization to Authenticated (Subscriber+) Import Cancellation — Customer Reviews for WooCommerce 4.3 Medium2024-11-16
CVE-2024-10728 PostX <= 4.1.16 - Missing Authorization to Arbitrary Plugin Installation/Activation — Post Grid Gutenberg Blocks for News, Magazines, Blog Websites – PostX 8.8 High2024-11-16
CVE-2024-10533 WP Chat App <= 3.6.8 - Missing Authorization to Authenticated (Subscriber+) Filebird Plugin Installation — WP Chat App 4.3 Medium2024-11-16
CVE-2024-11085 WP Log Viewer <= 1.2.1 - Missing Authorization — WP Log Viewer 5.4 Medium2024-11-16
CVE-2024-10786 Simple Local Avatars <= 2.7.11 - Missing Authorization to Authenticated (Subscriber+) User Cache Clearing — Simple Local Avatars 4.3 Medium2024-11-16
CVE-2024-10861 Popup Box – Create Countdown, Coupon, Video, Contact Form Popups <= 4.9.7 - Missing Authorization to Unauthenticated Limited Options Update — Popup Box – Create Countdown, Coupon, Video, Contact Form Popups 5.3 Medium2024-11-16
CVE-2024-10582 Music Player for Elementor – Audio Player & Podcast Player <= 2.4.1 - Missing Authorization to Authenticated (Subscriber+) Template Import — Music Player for Elementor – Audio Player & Podcast Player 4.3 Medium2024-11-15
CVE-2024-10897 Tutor LMS Elementor Addons <= 2.1.5 - Missing Authorization to Authenticated (Subscriber+) Limited Plugin Installation — Tutor LMS Elementor Addons 4.3 Medium2024-11-15
CVE-2024-52382 WordPress Matix Popup Builder plugin <= 1.0.0 - Arbitrary Option Update to Privilege Escalation vulnerability — Matix Popup Builder 9.8 Critical2024-11-14
CVE-2024-52383 WordPress Ai Auto Tool Content Writing Assistant plugin <= 2.1.2 - Broken Access Control vulnerability — Ai Auto Tool Content Writing Assistant (Gemini Writer, ChatGPT ) All in One 7.5 High2024-11-14
CVE-2024-8001 VIWIS LMS Print authorization — LMS 5.3 Medium2024-11-13
CVE-2024-10575 Schneider Electric EcoStruxure IT Gateway 安全漏洞 — EcoStruxure IT Gateway 9.8 Critical2024-11-13
CVE-2024-10800 WordPress User Extra Fields <= 16.6 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation — WordPress User Extra Fields 8.8 High2024-11-13
CVE-2024-10802 Hash Elements <= 1.4.7 - Missing Authorization to Unauthenticated Draft Post Title Exposure — Hash Elements 5.3 Medium2024-11-13
CVE-2024-10529 Kognetiks Chatbot for WordPress <= 2.1.7 - Missing Authorization to Authenticated (Subscriber+) Assistant Deletion — Kognetiks Chatbot for WordPress 5.3 Medium2024-11-13
CVE-2024-10531 Kognetiks Chatbot for WordPress <= 2.1.7 - Missing Authorization to Authenticated (Subscriber+) Assistant Update — Kognetiks Chatbot for WordPress 5.3 Medium2024-11-13
CVE-2024-10530 Kognetiks Chatbot for WordPress <= 2.1.7 - Missing Authorization to Authenticated (Subscriber+) Assistant Addition — Kognetiks Chatbot for WordPress 4.3 Medium2024-11-13
CVE-2024-10629 GPX Viewer <= 2.2.9 - Authenticated (Subscriber+) Arbitrary File Creation — GPX Viewer 8.8 High2024-11-13
CVE-2024-10854 Buy one click WooCommerce <= 2.2.9 - Missing Authorization to Authenticated (Subscriber+) Settings Import — Buy one click WooCommerce 4.3 Medium2024-11-13
CVE-2024-10853 Buy one click WooCommerce <= 2.2.9 - Missing Authorization to Authenticated (Subscriber+) Order Deletion — Buy one click WooCommerce 4.3 Medium2024-11-13
CVE-2024-10717 Styler for Ninja Forms <= 3.3.4 - Authenticated (Subscriber+) Arbitrary Option Deletion via deactivate_license — Styler for Ninja Forms 6.5 Medium2024-11-13
CVE-2024-9578 Hide Links <= 1.4.2 - Unauthenticated Shortcode Execution — Hide Links 5.3 Medium2024-11-13
CVE-2024-10852 Buy one click WooCommerce <= 2.2.9 - Missing Authorization to Authenticated (Subscriber+) Settings Export — Buy one click WooCommerce 4.3 Medium2024-11-13
CVE-2024-47587 Missing authorization check in SAP Cash Management (Cash Operations) — SAP Cash Management (Cash Operations) 3.5 Low2024-11-12
CVE-2024-42372 Missing Authorization check in SAP NetWeaver AS Java (System Landscape Directory) — SAP NetWeaver AS Java (System Landscape Directory) 6.5 Medium2024-11-12
CVE-2024-10589 Leopard <= 3.1.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update — Leopard - WordPress Offload Media 9.8 Critical2024-11-09

Vulnerabilities classified as CWE-862 (授权机制缺失) represent 5532 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.