Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-862 (授权机制缺失) — Vulnerability Class 5531

5531 vulnerabilities classified as CWE-862 (授权机制缺失). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2024-1380 Relevanssi – A Better Search <= 4.22.0 (Free) and <= 2.25.0 (Premium) - Missing Authorization to Unauthenticated Query Log Export — Relevanssi Premium 5.3 Medium2024-03-13
CVE-2024-0828 Play.ht – Make Your Blog Posts Accessible With Text to Speech Audio <= 3.6.4 - Missing Authorization — Play.ht – Make Your Blog Posts Accessible With Text to Speech Audio 5.4 Medium2024-03-13
CVE-2024-1763 Wp Social Login and Register Social Counter <= 3.0.0 - Missing Authorization to Unauthenticated Social Login/Share Status Update — Wp Social Login and Register Social Counter 6.5 Medium2024-03-13
CVE-2024-1127 EventPrime – Events Calendar, Bookings and Tickets <= 3.4.1 - Missing Authorization to Authenticated (Subscriber+) Event Export — EventPrime – Events Calendar, Bookings and Tickets 4.3 Medium2024-03-13
CVE-2024-1862 WooCommerce Add to Cart Custom Redirect <= 1.2.13 - Authenticated(Contributor+) Missing Authorization to Limited Arbitrary Options Update — Add to Cart Custom Redirect for WooCommerce 8.1 High2024-03-13
CVE-2024-0385 Categorify <= 1.0.7.4 - Missing Authorization in categorifyAjaxAddCategory — Categorify – WordPress Media Library Category & File Manager 4.3 Medium2024-03-13
CVE-2024-1158 Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC) <= 2.8.7 - Missing Authorization — Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC) 4.3 Medium2024-03-13
CVE-2024-1690 TeraWallet – Best WooCommerce Wallet System With Cashback Rewards, Partial Payment, Wallet Refunds <= 1.4.10 - Missing Authorization to Authenticated (Subscriber+) User Email Export — Wallet for WooCommerce 4.3 Medium2024-03-13
CVE-2024-1176 HT Easy GA4 – Google Analytics WordPress Plugin <= 1.1.5 - Missing Authorization to Unauthenticated GA4 Email Update — HT Easy GA4 – Google Analytics WordPress Plugin 5.3 Medium2024-03-13
CVE-2024-1843 Auto Affiliate Links <= 6.4.3 - Missing Authorization via aalAddLink — Auto Affiliate Links 4.3 Medium2024-03-13
CVE-2024-1502 Tutor LMS – eLearning and online course solution <= 2.6.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Deletion — Tutor LMS – eLearning and online course solution 5.4 Medium2024-03-12
CVE-2024-2107 Blossom Spa <= 1.3.3 - Sensitive Information Exposure — Blossom Spa 5.8 Medium2024-03-12
CVE-2024-2395 Bulgarisation for WooCommerce <= 3.0.14 - Cross-Site Request Forgery — Bulgarisation for WooCommerce 7.3 High2024-03-12
CVE-2023-4627 LadiApp <= 4.4 - Missing Authorization via save_config() — LadiApp: Landing Page, PopupX, Marketing Automation, Affiliate Marketing… 4.3 Medium2024-03-12
CVE-2023-4728 LadiApp: Landing Page, PopupX, Marketing Automation, Affiliate Marketing… <= 4.4 - Missing Authorization on publish_lp() — LadiApp: Landing Page, PopupX, Marketing Automation, Affiliate Marketing… 4.3 Medium2024-03-12
CVE-2024-1328 Newsletter2Go <= 4.0.14 - Authenticated(Subscriber+) Stored Cross-Site Scripting via style — Newsletter2Go 6.4 Medium2024-03-12
CVE-2024-27900 Missing Authorization check in SAP ABAP Platform — SAP ABAP Platform 4.3 Medium2024-03-12
CVE-2024-1400 Mollie Forms <= 2.6.3 - Missing Authorization to Arbitrary Post Duplication — Mollie Forms 4.3 Medium2024-03-11
CVE-2024-1645 Mollie Forms <= 2.6.3 - Missing Authorization — Mollie Forms 4.3 Medium2024-03-11
CVE-2024-1870 Colibri Page Builder <= 1.0.260 - Missing Authorization — Colibri Page Builder 4.3 Medium2024-03-09
CVE-2024-1125 EventPrime – Events Calendar, Bookings and Tickets <= 3.4.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Deletion — EventPrime – Events Calendar, Bookings and Tickets 5.4 Medium2024-03-09
CVE-2024-1123 EventPrime – Events Calendar, Bookings and Tickets <= 3.4.2 - Missing Authorization to Arbitrary Post Overwrite — EventPrime – Events Calendar, Bookings and Tickets 6.5 Medium2024-03-09
CVE-2024-1124 EventPrime – Events Calendar, Bookings and Tickets <= 3.4.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Email Sending — EventPrime – Events Calendar, Bookings and Tickets 4.3 Medium2024-03-09
CVE-2024-1851 affiliate-toolkit – WordPress Affiliate Plugin <= 3.5.4 - Missing Authorization via atkp_create_list — affiliate-toolkit – Multi-Network Affiliate & Amazon Product Display 6.3 Medium2024-03-08
CVE-2024-2298 affiliate-toolkit – WordPress Affiliate Plugin <= 3.5.4 - Missing Authorization via atkp_import_product — affiliate-toolkit – Multi-Network Affiliate & Amazon Product Display 4.3 Medium2024-03-08
CVE-2024-28230 JetBrains YouTrack 安全漏洞 — YouTrack 6.5 Medium2024-03-07
CVE-2024-1169 Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC) <= 2.8.7 - Missing Authorization to Unauthenticated Media Upload — Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC) 7.5 High2024-03-07
CVE-2024-1170 Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC) <= 2.8.7 - Missing Authorization to Unauthenticated Media Deletion — Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC) 8.2 High2024-03-07
CVE-2024-28216 nGrinder 安全漏洞 — nGrinder 7.5AIHighAI2024-03-07
CVE-2024-28215 nGrinder 安全漏洞 — nGrinder 6.5AIMediumAI2024-03-07

Vulnerabilities classified as CWE-862 (授权机制缺失) represent 5531 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.