Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-862 (授权机制缺失) — Vulnerability Class 5531

5531 vulnerabilities classified as CWE-862 (授权机制缺失). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2024-9824 ImagePress - Image Gallery <= 1.2.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Deletion and Post Title Update — ImagePress – Image Gallery 4.3 Medium2024-10-12
CVE-2024-9860 Bridge Core <= 3.3 - Missing Authorization to Authenticated (Subscriber+) Demo Import — Bridge Core 5.4 Medium2024-10-12
CVE-2024-9234 GutenKit <= 2.1.0 - Unauthenticated Arbitrary File Upload — GutenKit – Page Builder Blocks, Patterns, and Templates for Gutenberg Block Editor 9.8 Critical2024-10-11
CVE-2024-9707 Hunk Companion <= 1.8.4 - Missing Authorization to Unauthenticated Arbitrary Plugin Installation/Activation — Hunk Companion 9.8 Critical2024-10-11
CVE-2024-9586 Linkz.ai <= 1.1.8 - Missing Authorization to Unauthenticated Plugin Settings Update — Linkz.ai – Automatic link previews on hover 6.5 Medium2024-10-11
CVE-2024-9587 Linkz.ai <= 1.1.8 - Missing Authorization to Authenticated (Subscriber+) Plugin Settings Update via AJAX — Linkz.ai – Automatic link previews on hover 5.4 Medium2024-10-11
CVE-2024-48902 JetBrains YouTrack 安全漏洞 — YouTrack 5.4 Medium2024-10-10
CVE-2024-9067 Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress <= 1.3.0 - Missing Authorization to Arbitrary (Subscriber+) Attachment Deletion — Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress 4.3 Medium2024-10-10
CVE-2024-9520 UserPlus <= 2.0 - Missing Authorization via Multiple Functions — User registration & user profile – UserPlus 6.3 Medium2024-10-10
CVE-2024-9685 Notification for Telegram <= 3.3.1 - Missing Authorization to Authenticated (Subscriber+) Send Telegram Test Message — Notification for Telegram 4.3 Medium2024-10-10
CVE-2024-9065 WP Helper Premium <= 4.6.1 - Missing Authorization in whp_smtp_send_mail_test — WP Helper Premium 5.3 Medium2024-10-10
CVE-2024-8513 QA Analytics <= 4.1.1.1 - Missing Authorization to Unauthenticated Settings Update — QA Assistants – Driven by data 5.3 Medium2024-10-10
CVE-2024-9671 System: pdf invoices of the developer users can be seen if the url is known 5.3 Medium2024-10-09
CVE-2024-38179 Azure Stack Hyperconverged Infrastructure (HCI) Elevation of Privilege Vulnerability — Azure Stack OS HCI 8.8 High2024-10-08
CVE-2024-8431 Photo Gallery, Images, Slider in Rbs Image Gallery <= 3.2.21 - Missing Authorization to Authenticated (Subscriber+) Private Gallery Title Disclosure — Robo Gallery – Photo & Image Slider 4.3 Medium2024-10-08
CVE-2024-9161 Rank Math SEO – AI SEO Tools to Dominate SEO Rankings <= 1.0.228 - Missing Authorization to Unauthenticated User and Term Metadata Insert, Update, and Delete — Rank Math SEO – AI SEO Tools to Dominate SEO Rankings 6.5 Medium2024-10-05
CVE-2024-47790 Missing Authorization Vulnerability — IP Camera D8801 7.5 -2024-10-04
CVE-2024-20477 Cisco Nexus Dashboard Fabric Controller Unauthorized REST API Endpoint Vulnerability — Cisco Data Center Network Manager 5.4 Medium2024-10-02
CVE-2024-20442 Cisco Nexus Dashboard Unauthorized API Endpoints Vulnerability — Cisco Nexus Dashboard 5.4 Medium2024-10-02
CVE-2024-8430 Spice Starter Sites <= 1.2.5 - Missing Authorization to Unauthenticated Demo Content Import — Spice Starter Sites 5.3 Medium2024-10-01
CVE-2024-8675 Soumettre.fr <= 2.1.3 - Missing Authorization — Soumettre.fr 4.3 Medium2024-10-01
CVE-2024-8632 KB Support – WordPress Help Desk and Knowledge Base <= 1.6.6 - Missing Authorization to Unauthenticated Ticket Reply Exposure — KB Support – Customer Support Ticket & Helpdesk Plugin, Knowledge Base Plugin 6.5 Medium2024-10-01
CVE-2024-8548 KB Support – WordPress Help Desk and Knowledge Base <= 1.6.6 - Missing Authorization to Authenticated (Subscriber+) Multiple Administrator Actions — KB Support – Customer Support Ticket & Helpdesk Plugin, Knowledge Base Plugin 8.1 High2024-10-01
CVE-2024-9189 EU/UK VAT Manager for WooCommerce <= 2.12.12 - Missing Authorization — EU/UK VAT Validation Manager for WooCommerce 5.3 Medium2024-09-28
CVE-2024-9202 EDC DataSetResolver policy filtering missing — Eclipse Dataspace Components 4.3AIMediumAI2024-09-27
CVE-2024-8771 Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce <= 5.7.34 - Missing Authorization to Authenticated (Subscriber+) Sensitive Information Exposure — Email Subscribers & Newsletters – Email Marketing, Post Notifications & Newsletter Plugin for WordPress 4.3 Medium2024-09-26
CVE-2024-47337 WordPress Joy Of Text Lite plugin <= 2.3.1 - Broken Access Control vulnerability — Joy Of Text Lite 4.3 Medium2024-09-26
CVE-2024-9025 Sight – Professional Image Gallery and Portfolio <= 1.1.2 - Missing Authorization to Sensitive Information Exposure in handler_post_title — Sight – Professional Image Gallery and Portfolio 5.3 Medium2024-09-26
CVE-2024-47330 Broken Access Control vulnerability on multiple WordPress plugins by Supsystic — Slider by Supsystic 4.3 Medium2024-09-26
CVE-2024-8552 Download Monitor <= 5.0.9 - Missing Authorization to Authenticated (Subscriber+) Shop Enable — Download Monitor 4.3 Medium2024-09-26

Vulnerabilities classified as CWE-862 (授权机制缺失) represent 5531 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.