Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-862 (授权机制缺失) — Vulnerability Class 5529

5529 vulnerabilities classified as CWE-862 (授权机制缺失). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2020-36719 ListingPro - WordPress Directory & Listing Theme < 2.6.1 - Arbitrary Plugin Installation, Activation and Deactivation — ListingPro - WordPress Directory & Listing Theme 9.8 Critical2023-06-07
CVE-2020-36720 Kali Forms <= 2.1.1 - Missing Authorization to Settings Update — Kali Forms — Contact Form & Drag-and-Drop Builder 7.1 High2023-06-07
CVE-2020-36716 WP Activity Log <= 4.0.1 - Missing Authorization — WP Activity Log 7.3 High2023-06-07
CVE-2020-36715 Login/Signup Popup < 1.5 - Missing Authorization — Login & Register Customizer – Popup | Slider | Inline | WooCommerce 7.4 High2023-06-07
CVE-2020-36712 Kali Forms <= 2.1.1 - Unauthenticated Arbitrary Post Deletion — Kali Forms — Contact Form & Drag-and-Drop Builder 8.6 High2023-06-07
CVE-2019-25143 GDPR Cookie Compliance <= 4.0.2 - Missing Authorization — GDPR Cookie Compliance – Cookie Banner, Cookie Consent, Cookie Notice for CCPA, EU Cookie Law 5.4 Medium2023-06-07
CVE-2019-25142 Mesmerize <= 1.6.89 & Materialis <= 1.0.172 - Authenticated Arbitrary Options Update — Materialis 8.8 High2023-06-07
CVE-2021-4359 Frontend File Manager Plugin <= 18.2 - Unauthenticated Arbitrary Post Deletion — Frontend File Manager Plugin 6.5 Medium2023-06-07
CVE-2019-25141 Easy WP SMTP <= 1.3.9 - Missing Authorization to Arbitrary Options Update — Easy WP SMTP – WordPress SMTP and Email Logs: Gmail, Office 365, Outlook, Custom SMTP, and more 9.8 Critical2023-06-07
CVE-2021-4356 Frontend File Manager <= 18.2 - Unauthenticated Arbitrary File Download — Frontend File Manager Plugin 9.0 Critical2023-06-07
CVE-2022-4948 FlyingPress <= 3.9.6 - Missing Authorization — FlyingPress 4.3 Medium2023-06-07
CVE-2021-4357 uListing <= 1.6.6 - Unauthenticated Arbitrary Post/Page Deletion — Directory Listings WordPress plugin – uListing 9.1 Critical2023-06-07
CVE-2021-4355 Welcart e-Commerce < 2.2.8 - Missing Capabilities Check to Information Disclosure — Welcart e-Commerce 7.5 High2023-06-07
CVE-2019-25139 Coming Soon Page & Maintenance Mode <= 1.8.1 - Unauthenticated Settings Reset — Coming Soon Page & Maintenance Mode 6.5 Medium2023-06-07
CVE-2023-3124 Elementor Pro <= 3.11.6 - Authenticated(Subscriber+) Privilege Escalation via update_page_option — Elementor Website Builder Pro 8.8 High2023-06-07
CVE-2021-4351 Frontend File Manager <= 18.2 - Unauthenticated Post Meta Change — Frontend File Manager Plugin 5.8 Medium2023-06-07
CVE-2021-4350 Frontend File Manager <= 18.2 - Unauthenticated HTML Injection leading to Spam Emails — Frontend File Manager Plugin 7.2 High2023-06-07
CVE-2021-4345 uListing <= 1.6.6 - Unauthenticated Arbitrary Roles and Capabilities Creation/Deletion — Directory Listings WordPress plugin – uListing 6.5 Medium2023-06-07
CVE-2020-36702 Spectra – WordPress Gutenberg Blocks <= 1.14.7 - Missing Authorization — Spectra Gutenberg Blocks – Website Builder for the Block Editor 5.5 Medium2023-06-07
CVE-2021-4346 uListing <= 1.6.6 - Unauthenticated Arbitrary Account Changes — Directory Listings WordPress plugin – uListing 9.8 Critical2023-06-07
CVE-2021-4348 Ultimate GDPR & CCPA <= 2.4 - Unauthenticated Settings Import & Export — Ultimate GDPR & CCPA Compliance Toolkit for WordPress 7.5 High2023-06-07
CVE-2021-4347 Advanced Shipment Tracking for WooCommerce <= 3.2.6 - Authenticated WordPress Options Change — Advanced Shipment Tracking for WooCommerce 9.9 Critical2023-06-07
CVE-2021-4343 uListing <= 1.6.6 - Unauthenticated Arbitrary Account Creation — Directory Listings WordPress plugin – uListing 9.8 Critical2023-06-07
CVE-2021-4341 uListing <= 1.6.6 - Unauthenticated Wordpress Options Changes via AJAX — Directory Listings WordPress plugin – uListing 9.8 Critical2023-06-07
CVE-2021-4339 uListing <= 1.6.6 - Unauthenticated Information Disclosure — Directory Listings WordPress plugin – uListing 7.5 High2023-06-07
CVE-2020-36697 WP GDPR <= 2.1.1 - Missing Authorization Checks — WP GDPR 7.3 High2023-06-07
CVE-2023-33970 Missing access control in internal task links feature in Kanboard — kanboard 5.4 Medium2023-06-05
CVE-2023-33968 Missing Access Control allows User to move and duplicate tasks in Kanboard — kanboard 5.4 Medium2023-06-05
CVE-2023-2415 Online Booking & Scheduling Calendar for WordPress by vcita <= 4.2.10 - Missing Authorization to Account Logout — Online Booking & Scheduling Calendar for WordPress by vcita 5.4 Medium2023-06-03
CVE-2023-2299 Online Booking & Scheduling Calendar for WordPress by vcita <= 4.4.2 - Missing Authorization on REST-API — Online Booking & Scheduling Calendar for WordPress by vcita 5.3 Medium2023-06-03

Vulnerabilities classified as CWE-862 (授权机制缺失) represent 5529 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.