CWE-862 (授权机制缺失) — Vulnerability Class 5531

5531 vulnerabilities classified as CWE-862 (授权机制缺失). AI Chinese analysis included.

CVE ID	Title	CVSS	Severity	Published
CVE-2024-5489	Wbcom Designs - Custom Font Uploader <= 2.3.4 - Missing Authorization to Font Deletion — Wbcom Designs – Custom Font Uploader	4.3	Medium	2024-06-06
CVE-2024-1175	WP-Recall – Registration, Profile, Commerce & More <= 16.26.6 - Unauthenticated Payment Deletion via delete_payment — WP-Recall – Registration, Profile, Commerce & More	5.3	Medium	2024-06-06
CVE-2024-5449	WP Dark Mode – WordPress Dark Mode Plugin for Improved Accessibility, Dark Theme, Night Mode, and Social Sharing <= 5.0.4 - Missing Authorization — WP Dark Mode – Improve Accessibility with AI Powered Dark Theme	4.3	Medium	2024-06-06
CVE-2024-2017	Countdown, Coming Soon, Maintenance – Countdown & Clock <= 2.7.8 - Missing Authorization to Authenticated (Subscriber+) PHP Object Injection — Countdown, Coming Soon, Maintenance – Countdown & Clock	5.4	Medium	2024-06-06
CVE-2024-4788	Boostify Header Footer Builder for Elementor <= 1.3.5 - Missing Authorization to Page/Post Creation — Boostify Header Footer Builder for Elementor	4.3	Medium	2024-06-06
CVE-2024-5324	XootiX Framework <= Various Plugin Versions - Missing Authorization to Arbitrary Options Update — Waitlist Woocommerce ( Back in stock notifier )	8.8	High	2024-06-06
CVE-2024-35674	WordPress Unlimited Elements For Elementor plugin <= 1.5.109 - Broken Access Control vulnerability — Unlimited Elements For Elementor (Free Widgets, Addons, Templates)	4.3	Medium	2024-06-05
CVE-2024-5459	Restaurant Menu and Food Ordering <= 2.4.16 - Missing Authorization to Menu Creation — Five Star Restaurant Menu and Food Ordering	4.3	Medium	2024-06-05
CVE-2024-5453	ProfileGrid <= 5.8.6 - Missing Authorization — ProfileGrid – User Profiles, Groups and Communities	4.3	Medium	2024-06-05
CVE-2024-4088	Gutenberg Blocks and Page Layouts – Attire Blocks <= 1.9.2 - Missing Authorization — Gutenberg Blocks and Page Layouts – Attire Blocks	4.3	Medium	2024-06-05
CVE-2024-4520	Improper Access Control in gaizhenbiao/chuanhuchatgpt — gaizhenbiao/chuanhuchatgpt	8.1^AI	High^AI	2024-06-04
CVE-2024-30525	WordPress Move Addons for Elementor plugin <= 1.2.9 - Broken Access Control vulnerability — Move Addons for Elementor	5.3	Medium	2024-06-04
CVE-2024-30528	WordPress Spiffy Calendar plugin <= 4.9.10 - Broken Access Control vulnerability — Spiffy Calendar	5.4	Medium	2024-06-04
CVE-2024-30484	WordPress RT Easy Builder plugin <= 2.0 - Broken Access Control vulnerability — RT Easy Builder – Advanced addons for Elementor	4.3	Medium	2024-06-04
CVE-2024-35672	WordPress Netgsm plugin <= 2.9.19 - Broken Access Control vulnerability — Netgsm	7.5	High	2024-06-04
CVE-2023-28494	WordPress Contact Form Email plugin <= 1.3.31 - Missing Authorization Leading To Feedback Submission Vulnerability — Contact Form Email	4.3	Medium	2024-06-04
CVE-2024-4997	WPUpper Share Buttons <= 3.43 - Missing Authorization — WPUpper Share Buttons	5.3	Medium	2024-06-04
CVE-2024-3555	Social Link Pages: link-in-bio landing pages for your social media profiles <= 1.6.9 - Missing Authorization to Arbitrary Page Creation and Cross-Site Scripting — Social Link Pages: link-in-bio landing pages for your social media profiles	7.2	High	2024-06-04
CVE-2024-1717	Admin Notices Manager <= 1.4.0 - Missing Authorization to Authenticated (Subscriber+) User Email Retrieval — Admin Notices Manager	4.3	Medium	2024-06-04
CVE-2023-28492	WordPress Calendar Event Multi View plugin <= 1.4.10 - Missing Authorization Leading To Feedback Submission vulnerability — CP Multi View Event Calendar	4.3	Medium	2024-06-03
CVE-2023-27460	WordPress CP Contact Form with PayPal plugin <= 1.3.34 - Missing Authorization Leading To Feedback Submission vulnerability — CP Contact Form with Paypal	4.3	Medium	2024-06-03
CVE-2023-27437	WordPress Event Espresso 4 Decaf plugin <= 4.10.44.decaf - Bypass vulnerability — Event Espresso 4 Decaf	3.7	Low	2024-06-03
CVE-2023-26523	WordPress Calculated Fields Form plugin <= 1.1.120 - Missing Authorization Leading To Feedback Submission Vulnerability — Calculated Fields Form	4.3	Medium	2024-06-03
CVE-2023-26521	WordPress Search in Place plugin <= 1.0.104 - Missing Authorization Leading To Feedback Submission vulnerability — Search in Place	4.3	Medium	2024-06-03
CVE-2024-34803	WordPress Fastly plugin <= 1.2.25 - Broken Access Control vulnerability — Fastly	4.3	Medium	2024-06-03
CVE-2024-3821	wpDataTables - Tables & Table Charts (Premium) <= 6.3.2 - Missing Authorization to DataTable Access & Modification — wpDataTables – WordPress Data Table, Dynamic Tables & Table Charts Plugin	7.3	High	2024-06-01
CVE-2024-4958	User Registration – Custom Registration Form, Login Form, and User Profile WordPress Plugin <= 3.2.0.1 - Missing Authorization to Privilege Escalation — User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder	7.1	High	2024-06-01
CVE-2024-1324	QQWorld Auto Save Images <= 1.9.8 - Missing Authorization to Arbitrary Post Content Retrieval — QQWorld Auto Save Images	5.3	Medium	2024-06-01
CVE-2024-36246	Yokogawa Rental & Lease Unifier 安全漏洞 — Unifier	7.8^AI	High^AI	2024-05-31
CVE-2024-4205	Premium Addons for Elementor <= 4.10.31 - Missing Authorization to Information Disclosure — Premium Addons for Elementor – Powerful Elementor Templates & Widgets	4.3	Medium	2024-05-31

Vulnerabilities classified as CWE-862 (授权机制缺失) represent 5531 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.

Goal Reached Thanks to every supporter — we hit 100%!

CWE-862 (授权机制缺失) — Vulnerability Class 5531