Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-862 (授权机制缺失) — Vulnerability Class 5531

5531 vulnerabilities classified as CWE-862 (授权机制缺失). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2024-6869 Falang multilanguage for WordPress <= 1.3.52 - Missing Authorization to Translation Update and Information Exposure — Falang multilanguage for WordPress 5.4 Medium2024-08-08
CVE-2024-6987 Orchid Store <= 1.5.6 - Missing Authorization to Authenticated (Subscriber+) Limited Plugin Activation — Orchid Store 4.3 Medium2024-08-08
CVE-2024-6872 Build Your Dream Website Fast with 400+ Starter Templates and Landing Pages, No Coding Needed, One-Click Import for Elementor & Gutenberg Blocks! – TemplateSpare <= 2.4.2 - Missing Authorization to Authenticated (Subscriber+) Theme Update — TemplateSpare – 1000+ WordPress Starter Templates & Full Site Migration Tool | 1-Click Import/Export & No-Code Builder 4.3 Medium2024-08-03
CVE-2024-6709 Sync Post With Other Site <= 1.6 - Missing Authorization to Authenticated (Subscriber+) Post Creation and Update — Sync Post With Other Site 4.3 Medium2024-08-03
CVE-2024-7031 File Manager Pro – Filester <= 1.8.2 - Authenticated Plugin Settings Update — File Manager Pro – Filester 7.5 High2024-08-03
CVE-2024-6698 FundEngine – Donation and Crowdfunding Platform <= 1.7.0 - Authenticated (Subscriber+) Privilege Escalation — FundEngine – Donation and Crowdfunding Platform 8.8 High2024-08-01
CVE-2024-37898 XWiki Platform vulnerable to document deletion and overwrite from edit — xwiki-platform 4.3 Medium2024-07-31
CVE-2024-7135 Tainacan <= 0.21.7 - Missing Authorization to Authenticated (Subscriber+) Arbitrary File Read — Tainacan 6.5 Medium2024-07-31
CVE-2024-2508 WP Mobile Menu <= 2.8.4.4 - Missing Authorization to _mobmenu_icon Post Meta Modification — WP Mobile Menu – The Mobile-Friendly Responsive Menu 5.3 Medium2024-07-31
CVE-2024-6458 WooCommerce Product Table Lite <= 3.5.1 - Missing Authorization to (Subscriber+) Stored Cross-Site Scripting — Product Table and List Builder for WooCommerce Lite 6.4 Medium2024-07-27
CVE-2024-6591 Ultimate WordPress Auction Plugin <= 4.2.7 - Missing Authorization to Unauthenticated Email Creation — Ultimate WordPress Auction Plugin 5.8 Medium2024-07-27
CVE-2024-1798 Tutor LMS – Migration Tool <= 2.2.0 - Missing Authorization in tutor_lp_export_xml — Tutor LMS – Migration Tool 5.3 Medium2024-07-27
CVE-2024-1804 Tutor LMS – Migration Tool <= 2.2.0 - Missing Authorization in tutor_import_from_xml — Tutor LMS – Migration Tool 4.3 Medium2024-07-27
CVE-2024-4410 IgnitionDeck Crowdfunding Platform <= 1.9.8 - Missing Authorization — IgnitionDeck Crowdfunding Platform 5.4 Medium2024-07-27
CVE-2024-6836 Funnel Builder for WordPress by FunnelKit – Customize WooCommerce Checkout Pages, Create Sales Funnels, Order Bumps & One Click Upsells <= 3.4.6 - Missing Authorization to Authenticated (Contributor+) Settings Update — FunnelKit – Funnel Builder for WooCommerce Checkout 4.3 Medium2024-07-24
CVE-2024-5861 WP Easy Pay (Free) <= 4.2.3 - Missing Authorization to Unauthenticated Service Disconnection — WP Easy Pay – Payment and Donation form Builder for Square 5.3 Medium2024-07-24
CVE-2024-6755 Social Auto Poster <= 5.3.14 - Missing Authorization to Unauthenticated Arbitrary Post Deletion — Social Auto Poster 6.5 Medium2024-07-24
CVE-2024-6754 Social Auto Poster <= 5.3.14 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Meta Update via wpw_auto_poster_update_tweet_template — Social Auto Poster 5.4 Medium2024-07-24
CVE-2024-6750 Social Auto Poster <= 5.3.14 - Missing Authorization via Multiple Functions — Social Auto Poster 7.3 High2024-07-24
CVE-2024-6806 Missing Authorization Checks In NI VeriStand Gateway For Project Resources — VeriStand 9.8 Critical2024-07-22
CVE-2024-6805 Missing Authorization Checks in NI VeriStand Gateway for File Transfer Resources — VeriStand 7.5 High2024-07-22
CVE-2024-6636 WooCommerce - Social Login <= 2.7.3 - Missing Authorization to Unauthenticated Privilege Escalation — WooCommerce - Social Login 9.8 Critical2024-07-20
CVE-2024-6489 Getwid – Gutenberg Blocks <= 2.0.10 - Missing Authorization to Google API key update — Getwid – Gutenberg Blocks 5.3 Medium2024-07-20
CVE-2024-6491 Getwid – Gutenberg Blocks <= 2.0.10 - Missing Authentication to MailChimp API key update — Getwid – Gutenberg Blocks 4.3 Medium2024-07-20
CVE-2024-6799 YITH Essential Kit for WooCommerce #1 <= 2.34.0 - Missing Authorization to Authenticated (Subscriber+) Limited Plugin Install, Activation, and Deactivation — YITH Essential Kit for WooCommerce #1 4.3 Medium2024-07-19
CVE-2024-5997 Duplica <= 0.6 - Authenticated (Subscriber+) Missing Authorization to Users/Posts Duplicates Creation — Duplica – Duplicate Posts, Pages, Custom Posts or Users 4.3 Medium2024-07-18
CVE-2024-6599 Meks Video Importer <= 1.0.12 - Missing Authorization to Authenticated (Subscriber+) API Keys Modification — Meks Video Importer 4.3 Medium2024-07-18
CVE-2024-6175 Booking Ultra Pro <= 1.1.13 - Missing Authorization to Authenticated (Subscriber+) Plugin Settings Updates — Booking Ultra Pro Appointments Booking Calendar Plugin 5.4 Medium2024-07-18
CVE-2024-5703 Icegram Express - Email Subscribers, Newsletters and Marketing Automation Plugin <= 5.7.26 - Missing Authorization — Email Subscribers & Newsletters – Email Marketing, Post Notifications & Newsletter Plugin for WordPress 4.3 Medium2024-07-17
CVE-2024-6033 Event Manager, Events Calendar, Tickets, Registrations – Eventin <= 4.0.4 - Missing Authorization to Authenticated (Contributor+) Event Data Import — Eventin – Event Calendar, Event Registration, Tickets & Booking (AI Powered) 4.3 Medium2024-07-17

Vulnerabilities classified as CWE-862 (授权机制缺失) represent 5531 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.