Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-862 (授权机制缺失) — Vulnerability Class 5531

5531 vulnerabilities classified as CWE-862 (授权机制缺失). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2024-8480 Image Optimizer, Resizer and CDN – Sirv <= 7.2.7 - Missing Authorization to Authenticated (Contributor+) Arbitrary File Upload — Image Optimizer, Resizer and CDN – Sirv 8.8 High2024-09-06
CVE-2024-7381 Geo Controller <= 8.6.9 - Missing Authorization to Unauthenticated Shortcode Execution — Geo Controller 5.3 Medium2024-09-05
CVE-2024-7380 Geo Controller <= 8.7.3 - Missing Authorization to Authenticated (Subscriber+) Menu Creation/Deletion — Geo Controller 4.3 Medium2024-09-05
CVE-2024-7605 HelloAsso <= 1.1.10 - Missing Authorization to Authenticated (Contributor+) Limited Options Update — HelloAsso 4.3 Medium2024-09-05
CVE-2024-6332 Booking for Appointments and Events Calendar – Amelia Premium <= 7.7 and Lite <= 1.2.4 - Missing Authorization to Sensitive Information Exposure — Booking for Appointments and Events Calendar – Amelia 6.5 Medium2024-09-05
CVE-2024-5309 Form Vibes – Database Manager for Forms <= 1.4.12 - Missing Authorization in Multiple Functions — Form Vibes – Database Manager for Forms 5.4 Medium2024-09-05
CVE-2024-45050 Ringer Server Does Not Check Members When Loading Messages — New-Ringer-Server 7.1 High2024-09-04
CVE-2024-8289 MultiVendorX – The Ultimate WooCommerce Multivendor Marketplace Solution <= 4.2.0 - Missing Authorization to Limited Vendor Privilege Escalation/Account Takeover — MultiVendorX – WooCommerce Multivendor Marketplace Solutions 9.8 Critical2024-09-04
CVE-2024-8121 The Ultimate WordPress Toolkit – WP Extended <= 3.0.8 - Missing Authorization to Admin Username Change — The Ultimate WordPress Toolkit – WP Extended 5.4 Medium2024-09-04
CVE-2024-8102 The Ultimate WordPress Toolkit – WP Extended <= 3.0.8 - Authenticated (Subscriber+) Arbitrary Options Update — The Ultimate WordPress Toolkit – WP Extended 8.8 High2024-09-04
CVE-2024-4259 Sensetive Data Exposure in SAMPAS's AKOS — AKOS (AkosCepVatandasService) 6.5AIMediumAI2024-09-03
CVE-2024-7858 Media Library Folders <= 8.2.3 - Missing Authorization on Various Functions — Media Library Folders 6.3 Medium2024-08-30
CVE-2024-5784 Tutor LMS Pro <= 2.7.2 - Missing Authorization to Authenticated (Subscriber+) Insecure Direct Object Reference — Tutor LMS Pro 7.1 High2024-08-30
CVE-2024-43940 WordPress Z Y N I T H plugin <= 7.4.9 - Unauthenticated Plugin Settings Change vulnerability — Z Y N I T H 6.5 Medium2024-08-29
CVE-2024-43939 WordPress Z Y N I T H plugin <= 7.4.9 - Unauthenticated Arbitrary Option Deletion vulnerability — Z Y N I T H 6.5 Medium2024-08-29
CVE-2024-5987 WP Accessibility Helper <= 0.6.2.8 - Missing Authorization to Authenticated (Subscriber+) Limited Settings Update — WP Accessibility Helper (WAH) 5.4 Medium2024-08-29
CVE-2024-7856 MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar <= 5.7.0.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary File Deletion — MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar 8.1 High2024-08-29
CVE-2024-5857 Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor – Funnelforms Free <= 3.7.3.2 - Missing Authorization to Unauthenticated Arbitrary Media Deletion — Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor – Funnelforms Free 5.3 Medium2024-08-29
CVE-2024-20413 Cisco NX-OS Bash Privilege Escalation Vulnerability — Cisco NX-OS Software 6.7 Medium2024-08-28
CVE-2024-8195 Permalink Manager Lite <= 2.4.4 - Missing Authorization to Unauthenticated Sensitive Information Exposure — Permalink Manager Lite 5.3 Medium2024-08-28
CVE-2024-7447 Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor – Funnelforms Free <= 3.7.3.2 - Missing Authorization to Unauthenticated Arbitrary Media Upload — Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor – Funnelforms Free 5.3 Medium2024-08-28
CVE-2024-8199 Reviews Feed – Add Testimonials and Customer Reviews From Google Reviews, Yelp, TripAdvisor, and More <= 1.1.2 - Missing Authorization to Authenticated (Subscriber+) Limited Settings Update — Reviews Feed – Add Testimonials and Customer Reviews From Google Reviews, Yelp, TripAdvisor, and More 4.3 Medium2024-08-27
CVE-2024-6688 Oxygen Builder <= 4.8.3 - Missing Authorization to Authenticated (Subscriber+) Stylesheet Update — Oxygen Builder 4.3 Medium2024-08-27
CVE-2024-43214 WordPress myCred plugin <= 2.7.2 - Sensitive Data Exposure vulnerability — myCred 5.3 Medium2024-08-26
CVE-2024-6631 ImageRecycle pdf & image compression <= 3.1.14 - Missing Authorization in Several AJAX Actions — ImageRecycle pdf & image compression 5.0 Medium2024-08-24
CVE-2024-7258 WooCommerce Google Feed Manager <= 2.8.0 - Missing Authorization to Authenticated (Contributor+) Arbitrary File Deletion — WPMR Google Feed Manager for WooCommerce – Sell on Google Merchant Center & Shopping 8.8 High2024-08-23
CVE-2024-43331 WordPress WP SMS plugin <= 6.9.3 - Broken Access Control vulnerability — WP SMS 5.3 Medium2024-08-22
CVE-2024-7030 Smart Online Order for Clover <= 1.5.6 - Missing Authorization to Authenticated (Subscriber+) Plugin Data Update — Smart Online Order for Clover 4.3 Medium2024-08-21
CVE-2024-7032 Smart Online Order for Clover <= 1.5.6 - Missing Authorization to Plugin Deactivation and Data Deletion — Smart Online Order for Clover 6.5 Medium2024-08-21
CVE-2024-7390 WP Testimonial Widget <= 3.1 - Missing Authorization — WP Testimonial Widget 5.3 Medium2024-08-21

Vulnerabilities classified as CWE-862 (授权机制缺失) represent 5531 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.