Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-862 (授权机制缺失) — Vulnerability Class 5531

5531 vulnerabilities classified as CWE-862 (授权机制缺失). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2025-54751 WordPress PostX plugin <= 4.1.36 - Broken Access Control vulnerability — PostX 7.1 High2025-12-18
CVE-2025-54741 WordPress Super Blank Plugin <= 1.2.0 - Arbitrary Content Deletion Vulnerability — Super Blank 6.5 Medium2025-12-18
CVE-2025-49902 WordPress Login Page Customizer – Customizer Login Page, Admin Page, Custom Design plugin <= 2.1.1 - Broken Access Control vulnerability — Login Page Customizer – Customizer Login Page, Admin Page, Custom Design 6.5 Medium2025-12-18
CVE-2025-49041 WordPress Get Cash plugin <= 3.2.3 - Broken Access Control vulnerability — Get Cash 6.5 Medium2025-12-18
CVE-2025-13498 Download Manager <= 3.3.32 - Missing Authorization to Authenticated (Subscriber+) Media Attachment Password Disclosure — Download Manager 4.3 Medium2025-12-18
CVE-2023-53923 UliCMS 2023.1 Privilege Escalation via Unauthenticated Admin Account Creation — Ulicms 9.8 Critical2025-12-17
CVE-2025-13750 Converter for Media <= 6.3.2 - Missing Authorization to Authenticated (Subscriber+) Optimized Image Deletion via regenerate-attachment REST Endpoint — Converter for Media – Optimize images | Convert WebP & AVIF 4.3 Medium2025-12-17
CVE-2025-14061 Cookie Banner, Cookie Consent, Consent Log, Cookie Scanner, Script Blocker (for GDPR, CCPA & ePrivacy) : WP Cookie Consent <= 4.0.7 - Missing Authorization to Unauthenticated Arbitrary Post Deletion — Cookie Banner for GDPR / CCPA – WPLP Cookie Consent 5.3 Medium2025-12-17
CVE-2025-14817 Factory Mode App Exists Privilege Escalation Issue Allowing Third-Party Apps to Open ADB — Tecno Pova6 Pro 5G 9.1AICriticalAI2025-12-17
CVE-2025-13880 WP Social Ninja - Embed Social Feeds, Customer Reviews, Chat Widgets (Google Reviews, YouTube Feed, Photo Feeds, and More) <= 4.0.1 - Missing Authorization to Unauthenticated Plugin's Settings Disclosure And Modification — WP Social Ninja – Embed Social Feeds, User Reviews & Chat Widgets 6.5 Medium2025-12-17
CVE-2025-11369 Essential Blocks <= 5.7.2 - Missing Authorization To Authenticated (Author+) Information Disclosure — Gutenberg Essential Blocks – Page Builder for Gutenberg Blocks & Patterns 4.3 Medium2025-12-17
CVE-2025-64520 GLPI vulnerable to unauthorized access to restricted Knowledge Base items through the API — glpi 6.5 Medium2025-12-16
CVE-2025-68270 CourseLimitedStaff Role Allows Studio Access — edx-platform 9.9 Critical2025-12-16
CVE-2025-13741 Schedule Post Changes With PublishPress Future: Unpublish, Delete, Change Status, Trash, Change Categories <= 4.9.2 - Missing Authorization to Authenticated (Contributor+) Authors' Emails Exposure — Schedule Post Changes With PublishPress Future: Unpublish, Delete, Change Status, Trash, Change Categories 4.3 Medium2025-12-16
CVE-2025-0836 XProtect MIP API Missing Authorization — XProtect VMS 6.3 Medium2025-12-16
CVE-2025-68088 WordPress Huger for Elementor plugin <= 1.1.5 - Broken Access Control vulnerability — Huger for Elementor 5.4 Medium2025-12-16
CVE-2025-68086 WordPress Reformer for Elementor plugin <= 1.0.6 - Broken Access Control vulnerability — Reformer for Elementor 5.4 Medium2025-12-16
CVE-2025-68087 WordPress Modalier for Elementor plugin <= 1.0.6 - Broken Access Control vulnerability — Modalier for Elementor 5.4 Medium2025-12-16
CVE-2025-68085 WordPress Buttoner for Elementor plugin <= 1.0.6 - Settings Change vulnerability — Buttoner for Elementor 5.4 Medium2025-12-16
CVE-2025-68084 WordPress Ultimate Auction plugin <= 4.3.3 - Broken Access Control vulnerability — Ultimate Auction 5.4 Medium2025-12-16
CVE-2025-67965 WordPress Homey Core plugin <= 2.4.3 - Broken Access Control vulnerability — Homey Core 5.3 Medium2025-12-16
CVE-2025-67976 WordPress Watu Quiz plugin <= 3.4.5 - Broken Access Control vulnerability — Watu Quiz 6.5 Medium2025-12-16
CVE-2025-66167 WordPress Lottier plugin <= 1.1.1 - Broken Access Control vulnerability — Lottier 5.4 Medium2025-12-16
CVE-2025-66166 WordPress Lottier for Elementor plugin <= 1.0.9 - Broken Access Control vulnerability — Lottier for Elementor 5.4 Medium2025-12-16
CVE-2025-67929 WordPress TI WooCommerce Wishlist plugin <= 2.10.0 - Broken Access Control vulnerability — TI WooCommerce Wishlist 5.3 Medium2025-12-16
CVE-2025-66165 WordPress Lottier for WPBakery plugin <= 1.1.7 - Broken Access Control vulnerability — Lottier for WPBakery 5.4 Medium2025-12-16
CVE-2025-66162 WordPress Spoter for Elementor plugin <= 1.04 - Broken Access Control vulnerability — Spoter for Elementor 5.4 Medium2025-12-16
CVE-2025-66163 WordPress Masker for Elementor plugin <= 1.1.4 - Broken Access Control vulnerability — Masker for Elementor 5.4 Medium2025-12-16
CVE-2025-66164 WordPress Laser plugin <= 1.1.1 - Broken Access Control vulnerability — Laser 5.4 Medium2025-12-16
CVE-2025-66147 WordPress Coder for Elementor plugin <= 1.0.13 - Broken Access Control vulnerability — Coder for Elementor 5.4 Medium2025-12-16

Vulnerabilities classified as CWE-862 (授权机制缺失) represent 5531 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.