Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-862 (授权机制缺失) — Vulnerability Class 5531

5531 vulnerabilities classified as CWE-862 (授权机制缺失). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2024-5641 One Click Order Re-Order <= 1.1.9 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting — One Click Order Re-Order 6.4 Medium2024-07-04
CVE-2024-36113 Discourse missing authorization checks for suspending admins/moderators — discourse 4.9 Medium2024-07-03
CVE-2024-6088 LearnPress – WordPress LMS Plugin <= 4.2.6.8.1 - Missing Authorization to Unauthenticated User Registration Bypass — LearnPress – WordPress LMS Plugin for Create and Sell Online Courses 5.3 Medium2024-07-02
CVE-2024-6012 Cost Calculator Builder <= 3.2.12 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Content Creation — Cost Calculator Builder 4.3 Medium2024-07-02
CVE-2024-5545 Motors – Car Dealer, Classifieds & Listing <= 1.4.9 - Missing Authorization — Motors – Car Dealership & Classified Listings Plugin 5.3 Medium2024-07-02
CVE-2024-36995 Low-privileged user could create experimental items — Splunk Enterprise 4.3 Medium2024-07-01
CVE-2024-5864 Easy Affiliate Links <= 3.7.3 - Missing Authorization to Authenticated (Subscriber+) Settings Reset — Easy Affiliate Links 4.3 Medium2024-06-28
CVE-2024-5863 Easy Image Collage <= 1.13.5 - Missing Authorization to Authenticated (Contributor+) Data Clearance — Easy Image Collage 5.4 Medium2024-06-28
CVE-2024-6071 PTC Creo Elements/Direct License Server Missing Authorization — Creo Elements/Direct License 10.0 Critical2024-06-27
CVE-2024-2882 Missing Authorization in SDG Technologies PnPSCADA — PnPSCADA 9.8AICriticalAI2024-06-27
CVE-2024-5710 Improper Access Control in Team Management in berriai/litellm — berriai/litellm 9.1AICriticalAI2024-06-27
CVE-2024-5820 Unprotected WebSocket in stitionai/devika — stitionai/devika 9.8AICriticalAI2024-06-27
CVE-2024-3115 Exposure of Sensitive Information to an Unauthorized Actor in GitLab — GitLab 4.3 Medium2024-06-26
CVE-2024-6303 Missing Authorization in Conduit — Conduit 9.9 Critical2024-06-25
CVE-2024-3249 Zita Elementor Site Library <= 1.6.2 - Missing Authorization to Page Creation and Options Modification — Zita Site Library for Elementor 4.3 Medium2024-06-25
CVE-2024-37111 WordPress WishList Member X plugin < 3.26.7 - Unauthenticated Denial of Service Attack vulnerability — WishList Member X 7.5 High2024-06-24
CVE-2024-6120 Sparkle Demo Importer <= 1.4.7 - Missing Authorization to Authorized(Subscriber+) Post/Pages/Attachements Deletion and Demo Data Import — Sparkle Demo Importer 6.5 Medium2024-06-21
CVE-2023-51375 WordPress EmbedPress plugin <= 3.8.3 - Broken Access Control vulnerability — EmbedPress 4.3 Medium2024-06-21
CVE-2022-45803 WordPress Gutenberg Forms plugin <= 2.2.8.3 - Auth. Broken Access Control vulnerability — WordPress Form Builder Plugin – Gutenberg Forms 6.5 Medium2024-06-21
CVE-2022-43453 WordPress WP Tools plugin <= 3.41 - Auth. Broken Access Control vulnerability — WP Tools 8.8 High2024-06-21
CVE-2024-3961 ConvertKit <= 2.4.9 - Missing Authorization — Kit (formerly ConvertKit) – Email Newsletter, Email Marketing, Membership, Subscribers and Landing Pages 5.3 Medium2024-06-21
CVE-2023-3352 Smush – Lazy Load Images, Optimize & Compress Images <= 3.16.4 - Missing Authorization to Resmush List Deletion — Smush – Image Optimization, Compression, Lazy Load, WebP & CDN 4.3 Medium2024-06-21
CVE-2024-1639 License Manager for WooCommerce <= 3.0.6 - Improper Authorization to Authenticated(Contributor+) Sensitive Information Exposure — License Manager for WooCommerce 6.5 Medium2024-06-21
CVE-2024-1955 Hide Dashboard Notifications <= 1.3 - Missing Authorization to Authenticated(Contributor+) Plugin Settings Modification — Hide Dashboard Notifications 4.3 Medium2024-06-21
CVE-2024-3610 WP Child Theme Generator <= 1.1.1 - Missing Authorization to Unauthenticated Child Theme Creation/Activation — WP Child Theme Generator 5.3 Medium2024-06-21
CVE-2023-3204 Materialis <= 1.1.24 - Missing Authorization to Limited Arbitrary Options Update — Materialis 6.5 Medium2024-06-20
CVE-2024-3627 Wheel of Life: Coaching and Assessment Tool for Life Coach <= 1.1.7 - Missing Authorization on Several AJAX Endpoints — Wheel of Life: Coaching and Assessment Tool for Life Coach 5.4 Medium2024-06-20
CVE-2024-3602 Pop ups, Exit intent popups, email popups, banners, bars, countdowns and cart savers – Promolayer <= 1.1.0 - Missing Authorization — Promolayer – Popup Builder & Abandonment Preventer 4.3 Medium2024-06-20
CVE-2024-34444 WordPress Slider Revolution plugin < 6.7.0 - Unauthenticated Broken Access Control vulnerability — Slider Revolution 7.1 High2024-06-19
CVE-2022-45832 WordPress Attorney theme <= 3 - Unauth. Arbitrary Content Deletion vulnerability — Attorney 6.5 Medium2024-06-19

Vulnerabilities classified as CWE-862 (授权机制缺失) represent 5531 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.