Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-862 (授权机制缺失) — Vulnerability Class 5531

5531 vulnerabilities classified as CWE-862 (授权机制缺失). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2025-14065 Simple Bike Rental <= 1.0.6 - Missing Authorization to Authenticated (Subscriber+) Sensitive Booking Data Exposure — Simple Bike Rental 4.3 Medium2025-12-12
CVE-2025-14074 PDF for Contact Form 7 + Drag and Drop Template Builder <= 6.3.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Duplication — PDF for Contact Form 7 + Drag and Drop Template Builder 4.3 Medium2025-12-12
CVE-2025-10583 WP Fastest Cache Premium <= 1.7.4 - Missing Authorization to Authenticated (Subscriber+) Blind Server-Side Request Forgery — WP Fastest Cache Premium 3.5 Low2025-12-12
CVE-2025-67737 AzuraCast Vulnerable to Pre-Auth File Deletion & Admin RCE — AzuraCast 3.1 Low2025-12-12
CVE-2025-12655 Hippoo Mobile App for WooCommerce <= 1.7.1 - Missing Authorization to Unauthenticated Limited File Write — Hippoo Mobile App for WooCommerce 5.3 Medium2025-12-12
CVE-2025-13334 Blaze Demo Importer 1.0.0 - 1.0.13 - Missing Authorization to Authenticated (Subscriber+) Database Reset and File Deletion — Blaze Demo Importer 8.1 High2025-12-12
CVE-2025-13314 Product Filtering by Categories, Tags, Price Range for WooCommerce <= 1.1.6 - Missing Authorization to Unauthenticated Plugin Settings Modification — Filter Plus – Product Filter & WordPress Filter 5.3 Medium2025-12-12
CVE-2025-12963 LazyTasks – Project & Task Management with Collaboration, Kanban and Gantt Chart <= 1.2.29 - Missing Authorization to Uanuthenticated Privilege Escalation — LazyTasks – Project & Task Management with Collaboration, Kanban and Gantt Chart 9.8 Critical2025-12-12
CVE-2025-13440 Premmerce Wishlist for WooCommerce <= 1.1.10 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Wishlist Deletion — Premmerce Wishlist for WooCommerce 5.3 Medium2025-12-12
CVE-2025-14392 Simple Theme Changer <= 1.0. - Missing Authorization to Plugin Settings Update via AJAX Actions — Simple Theme Changer 4.3 Medium2025-12-12
CVE-2025-12783 Premmerce Brands for WooCommerce <= 1.2.13 - Missing Authorization To Authenticated (Subscriber+) Brand Permalink Settings Update — Premmerce Brands for WooCommerce 4.3 Medium2025-12-12
CVE-2025-14045 URL Media Uploader <= 1.0.1 - Missing Authorization to Authenticated (Contributor+) Safe File Upload — URL Media Uploader 4.3 Medium2025-12-12
CVE-2025-14064 BuddyTask <= 1.3.0 - Missing Authorization to Authenticated (Subscriber+) Cross-Group Task Board Access and Manipulation — BuddyTask 5.4 Medium2025-12-12
CVE-2025-14170 Vimeo SimpleGallery <= 0.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Settings Modification — Vimeo SimpleGallery 4.3 Medium2025-12-12
CVE-2025-13866 Flow-Flow Social Feed Stream 3.0.0 - 4.7.5 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting via flow_flow_social_auth AJAX action — Flow-Flow Social Feed Stream 6.4 Medium2025-12-12
CVE-2023-53740 Screen SFT DAB 1.9.3 Authentication Bypass via Admin Password Change — Screen SFT DAB Series - Compact Radio DAB Transmitter 9.8AICriticalAI2025-12-10
CVE-2020-36902 UBICOD Medivision Digital Signage 1.5.1 Authorization Bypass via User Privileges — UBICOD Medivision Digital Signage 9.8AICriticalAI2025-12-10
CVE-2021-47701 OpenBMCS User Management Privilege Escalation — OpenBMCS 8.8AIHighAI2025-12-09
CVE-2022-46845 WordPress Slider a SlidersPack plugin <= 2.0.2 - Broken Access Control vulnerability — Slider a SlidersPack 5.3 Medium2025-12-09
CVE-2022-47425 WordPress ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup plugin <= 3.4.10 - Broken Access Control — ARMember 4.3 Medium2025-12-09
CVE-2023-23729 WordPress Spectra – WordPress Gutenberg Blocks plugin <= 2.3.0 - Contributor+ reCAPTCHA Settings Change Vulnerability — Spectra 5.4 Medium2025-12-09
CVE-2025-63077 WordPress Happy Addons for Elementor plugin <= 3.20.3 - Broken Access Control vulnerability — Happy Addons for Elementor 4.3 Medium2025-12-09
CVE-2025-63067 WordPress Porto Theme - Functionality plugin < 3.7.3 - Broken Access Control vulnerability — Porto Theme - Functionality 4.3 Medium2025-12-09
CVE-2025-63069 WordPress Ivory Search plugin <= 5.5.12 - Broken Access Control vulnerability — Ivory Search 5.3 Medium2025-12-09
CVE-2025-63063 WordPress Yandex.Metrica plugin <= 1.2.2 - Broken Access Control vulnerability — Yandex.Metrica 5.3 Medium2025-12-09
CVE-2025-63056 WordPress Contact Form by BestWebSoft plugin <= 4.3.6 - Broken Access Control vulnerability — Contact Form by BestWebSoft 4.3 Medium2025-12-09
CVE-2025-63054 WordPress Quiz And Survey Master plugin <= 10.3.2 - Broken Access Control vulnerability — Quiz And Survey Master 5.3 Medium2025-12-09
CVE-2025-63049 WordPress ListingPro Lead Form plugin <= 1.0.7 - Broken Access Control vulnerability — ListingPro Lead Form 5.3 Medium2025-12-09
CVE-2025-63047 WordPress ListingPro theme <= 2.9.9 - Broken Access Control vulnerability — ListingPro 5.3 Medium2025-12-09
CVE-2025-63034 WordPress Page View Count plugin <= 2.9.0 - Settings Change vulnerability — Page View Count 5.4 Medium2025-12-09

Vulnerabilities classified as CWE-862 (授权机制缺失) represent 5531 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.