Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-862 (授权机制缺失) — Vulnerability Class 5531

5531 vulnerabilities classified as CWE-862 (授权机制缺失). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2024-8678 Revolut Gateway for WooCommerce <= 4.17.3 - Missing Authorization to Unauthenticated Order Status Update — Revolut Gateway for WooCommerce 5.3 Medium2024-09-25
CVE-2024-8658 myCred – Loyalty Points and Rewards plugin for WordPress and WooCommerce – Give Points, Ranks, Badges, Cashback, WooCommerce rewards, and WooCommerce credits for Gamification <= 2.7.3 - Missing Authorization to Unauthenticated Database Upgrade — Points Management System For Gamification, Ranks, Badges, and Loyalty Rewards Program – myCred 5.3 Medium2024-09-25
CVE-2024-8350 Uncanny Groups for LearnDash <= 6.1.0.1 - Missing Authorization to Authenticated (Group Leader+) User Group Add — Uncanny Groups for LearnDash 2.7 Low2024-09-25
CVE-2024-8349 Uncanny Groups for LearnDash <= 6.1.0.1 - Authenticated (Group Leader+) Privilege Escalation — Uncanny Groups for LearnDash 7.2 High2024-09-25
CVE-2024-7491 HUSKY – Products Filter Professional for WooCommerce <= 1.3.6.1 - Insecure Direct Object Reference to Unsubscribe — HUSKY – Products Filter Professional for WooCommerce 5.3 Medium2024-09-25
CVE-2024-6590 Spreadsheet Integration – Automate Google Sheets With WordPress, WooCommerce & Most Popular Form Plugins. Also, Display Google sheet as a Table. <= 3.8.0 - Missing Authorization to Authenticated (Subscriber+) Settings Update — WPGSI: Spreadsheet Integration 6.3 Medium2024-09-25
CVE-2024-8434 Easy Mega Menu Plugin for WordPress – ThemeHunk <= 1.0.9 - Missing Authorization to Authenticated (Subscriber+) Settings Updates — Easy Mega Menu for WordPress – ThemeHunk 4.3 Medium2024-09-25
CVE-2024-8437 WP Easy Gallery – WordPress Gallery Plugin <= 4.8.5 - Missing Authorization to Authenticated (Subscriber+) Gallery Manipulation — WP Easy Gallery – WordPress Gallery Plugin 4.3 Medium2024-09-24
CVE-2024-8432 Appointment & Event Booking Calendar Plugin – Webba Booking <= 5.0.48 - Missing Authorization to Authenticated (Subscriber+) CSS Settings Update — Easy Appointment Booking & Scheduling System – Webba Booking Calendar 4.3 Medium2024-09-24
CVE-2024-7888 Classified Listing – Classified ads & Business Directory Plugin <= 3.1.7 - Missing Authorization — Classified Listing – AI-Powered Classified ads & Business Directory Plugin 6.3 Medium2024-09-13
CVE-2024-4660 Missing Authorization in GitLab — GitLab 6.5 Medium2024-09-12
CVE-2024-7727 HTML5 Video Player – mp4 Video Player Plugin and Block <= 2.5.32 - Missing Authorization in multiple functions via h5vp_ajax_handler — HTML5 Video Player – Embed and Play Videos in Custom Player 5.3 Medium2024-09-11
CVE-2024-7721 HTML5 Video Player – mp4 Video Player Plugin and Block <= 2.5.34 - Missing Authorization to Authenticated (Subscriber+) Limited Options Update — HTML5 Video Player – Embed and Play Videos in Custom Player 4.3 Medium2024-09-11
CVE-2024-45591 XWiki Platform document history including authors of any page exposed to unauthorized actors — xwiki-platform 5.3 Medium2024-09-10
CVE-2024-45393 Computer Vision Annotation Tool (CVAT) is missing authorization for endpoints related to webhook deliveries — cvat 6.4 Medium2024-09-10
CVE-2024-8369 EventPrime <= 4.0.4.3 - Missing Authorization to Unauthenticated Private or Password-Protected Events Disclosure — EventPrime – Events Calendar, Bookings and Tickets 5.3 Medium2024-09-10
CVE-2024-45285 Multiple vulnerabilities in SAP NetWeaver Application Server for ABAP and ABAP Platform — SAP NetWeaver Application Server for ABAP and ABAP Platform 5.4 Medium2024-09-10
CVE-2024-45284 Missing authorization check in SAP Student Life Cycle Management (SLcM) — SAP Student Life Cycle Management (SLcM) 2.4 Low2024-09-10
CVE-2024-44117 Multiple vulnerabilities in SAP NetWeaver Application Server for ABAP and ABAP Platform — SAP NetWeaver Application Server for ABAP and ABAP Platform 5.4 Medium2024-09-10
CVE-2024-44112 Missing Authorization check in SAP for Oil & Gas (Transportation and Distribution) — SAP for Oil & Gas 4.3 Medium2024-09-10
CVE-2024-41728 Missing Authorization check in SAP NetWeaver Application Server for ABAP and ABAP Platform — SAP NetWeaver Application Server for ABAP and ABAP Platform 2.7 Low2024-09-10
CVE-2024-45286 Missing Authorization check in SAP Production and Revenue Accounting (Tobin interface) — SAP Production and Revenue Accounting (Tobin interface) 6.5 Medium2024-09-10
CVE-2024-44116 Multiple vulnerabilities in SAP NetWeaver Application Server for ABAP and ABAP Platform — SAP NetWeaver Application Server for ABAP and ABAP Platform 4.3 Medium2024-09-10
CVE-2024-44115 Multiple vulnerabilities in SAP NetWeaver Application Server for ABAP and ABAP Platform — SAP NetWeaver Application Server for ABAP and ABAP Platform 4.3 Medium2024-09-10
CVE-2024-42380 Multiple vulnerabilities in SAP NetWeaver Application Server for ABAP and ABAP Platform — SAP NetWeaver Application Server for ABAP and ABAP Platform 4.3 Medium2024-09-10
CVE-2024-42371 Multiple vulnerabilities in SAP NetWeaver Application Server for ABAP and ABAP Platform — SAP NetWeaver Application Server for ABAP and ABAP Platform 5.4 Medium2024-09-10
CVE-2024-8042 Rapid7 Insight Platform Unauthorized Empty Group Creation — Insight Platform 2.4 Low2024-09-09
CVE-2023-39298 QTS, QuTS hero — QTS 7.8 High2024-09-06
CVE-2024-7622 Revision Manager TMC <= 2.8.19 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Email Sending — Revision Manager TMC 4.3 Medium2024-09-06
CVE-2024-8427 Frontend Post Submission Manager Lite – Frontend Posting WordPress Plugin <= 1.2.2 - Missing Authorization to Authenticated (Subscriber+) Settings Update — Frontend Post Submission Manager Lite – Frontend Posting WordPress Plugin 4.3 Medium2024-09-06

Vulnerabilities classified as CWE-862 (授权机制缺失) represent 5531 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.