Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-862 (授权机制缺失) — Vulnerability Class 5531

5531 vulnerabilities classified as CWE-862 (授权机制缺失). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2024-1771 Total <= 2.1.59 - Missing Authorization to Authenticated (Subscriber+) Sections Update — Total 4.3 Medium2024-03-06
CVE-2024-1093 Change Memory Limit <= 1.0 - Missing Authorization via admin_logic() — Change Memory Limit 5.3 Medium2024-03-05
CVE-2024-1381 Page Builder Sandwich – Front End WordPress Page Builder Plugin <= 5.1.0 - Sensitive Information Exposure — Page Builder Sandwich – Front End WordPress Page Builder Plugin 6.5 Medium2024-03-05
CVE-2024-1285 Page Builder Sandwich <= 5.1.0 - Missing Authorization to Authenticated(Subscriber+) Arbitrary Post Editing — Page Builder Sandwich – Front End WordPress Page Builder Plugin 6.5 Medium2024-03-05
CVE-2024-1095 Build & Control Block Patterns – Boost up Gutenberg Editor <= 1.3.5.4 - Missing Authorization — Build & Control Block Patterns – Boost up Gutenberg Editor 5.3 Medium2024-03-05
CVE-2024-1178 SportsPress – Sports Club & League Manager <= 2.7.17 - Missing Authorization to Unauthenticated Event Permalink Update — SportsPress – Sports Club & League Manager 5.3 Medium2024-03-05
CVE-2024-1120 NextMove Lite – Thank You Page for WooCommerce & Finale Lite – Sales Countdown Timer & Discount for WooCommerce <= 2.17.0 - Missing Authorization to Unauthenticated System Information Disclosure — Finale Lite – Sales Countdown Timer & Discount for WooCommerce 5.3 Medium2024-03-01
CVE-2024-27950 WordPress Sirv plugin <= 7.2.0 - Broken Access Control vulnerability — Sirv 5.4 Medium2024-03-01
CVE-2024-27906 Apache Airflow: Dag Code and Import Error Permissions Ignored — Apache Airflow 4.3 -2024-02-29
CVE-2024-1982 WPvivid Backup and Migration <= 0.9.68 - Missing Authorization — WPvivid — Backup, Migration & Staging 6.5 Medium2024-02-29
CVE-2023-47874 WordPress Perfmatters Plugin <= 2.1.6 is vulnerable to Broken Access Control — Perfmatters 5.4 Medium2024-02-29
CVE-2023-51692 WordPress Customer Reviews for WooCommerce Plugin <= 5.38.1 is vulnerable to Broken Access Control — Customer Reviews for WooCommerce 4.3 Medium2024-02-28
CVE-2024-1861 Disable Json API, Login Lockdown, XMLRPC, Pingback, Stop User Enumeration Anti Hacker Scan <= 4.52 - Missing Authorization to Authenticated (Subscriber+) Table Truncation — Disable Json API, Login Lockdown, XMLRPC, Pingback, Stop User Enumeration Anti Hacker Scan 4.3 Medium2024-02-28
CVE-2024-1860 Disable Json API, Login Lockdown, XMLRPC, Pingback, Stop User Enumeration Anti Hacker Scan <= 4.51 - Missing Authorization to Unauthenticated IP Address Whitelist — Disable Json API, Login Lockdown, XMLRPC, Pingback, Stop User Enumeration Anti Hacker Scan 6.5 Medium2024-02-28
CVE-2024-1136 Coming Soon Page & Maintenance Mode <= 2.2.1 - Maintenance Mode Bypass — Coming Soon Page & Maintenance Mode 5.3 Medium2024-02-28
CVE-2024-1368 Page Duplicator <= 0.1.1 - Missing Authorization to Unauthenticated Post/Page Duplication — Page Duplicator 5.3 Medium2024-02-28
CVE-2024-1516 WP eCommerce <= 3.15.1 - Missing Authorization to Unauthenticated Arbitrary Post Creation — WP eCommerce 5.3 Medium2024-02-28
CVE-2024-1566 Redirects <= 1.2.1 - Missing Authorization via save — Redirects 6.5 Medium2024-02-28
CVE-2024-1388 Yuki <= 1.3.13 - Missing Authorization to Authenticated (Subscriber+) Theme Setting Reset — Yuki 4.3 Medium2024-02-28
CVE-2024-1650 Categorify <= 1.0.7.4 - Missing Authorization in categorifyAjaxRenameCategory — Categorify – WordPress Media Library Category & File Manager 4.3 Medium2024-02-27
CVE-2024-1649 Categorify <= 1.0.7.4 - Missing Authorization in categorifyAjaxDeleteCategory — Categorify – WordPress Media Library Category & File Manager 4.3 Medium2024-02-27
CVE-2024-1652 Categorify <= 1.0.7.4 - Missing Authorization in categorifyAjaxClearCategory — Categorify – WordPress Media Library Category & File Manager 4.3 Medium2024-02-27
CVE-2024-1653 Categorify <= 1.0.7.4 - Missing Authorization in categorifyAjaxUpdateFolderPosition — Categorify – WordPress Media Library Category & File Manager 4.3 Medium2024-02-27
CVE-2024-1687 Thank You Page Customizer for WooCommerce – Increase Your Sales <= 1.1.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Shortcode Execution — Thank You Page Customizer for WooCommerce – Increase Your Sales 5.4 Medium2024-02-27
CVE-2024-1686 Thank You Page Customizer for WooCommerce – Increase Your Sales <= 1.1.2 - Missing Authorization to Authenticated (Subscriber+) Data Export — Thank You Page Customizer for WooCommerce – Increase Your Sales 4.3 Medium2024-02-27
CVE-2024-1710 Addon Library <= 1.3.76 - Missing Authorization to Authenticated (Subscriber+) Arbitrary File Upload — Addon Library 8.8 High2024-02-24
CVE-2024-1778 Admin side data storage for Contact Form 7 <= 1.1.1 - Missing Authorization to Unauthenticated Bookmark Status Alteration — Admin side data storage for Contact Form 7 4.3 Medium2024-02-23
CVE-2024-1779 Admin side data storage for Contact Form 7 plugin <= 1.1.1 - Missing Authorization to Unauthenticated Read Status Update — Admin side data storage for Contact Form 7 5.3 Medium2024-02-23
CVE-2023-4895 Missing Authorization in GitLab — GitLab 4.3 Medium2024-02-22
CVE-2024-26138 License information is public, exposing instance id and license holder details — application-licensing 5.3 Medium2024-02-21

Vulnerabilities classified as CWE-862 (授权机制缺失) represent 5531 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.