Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-862 (授权机制缺失) — Vulnerability Class 5531

5531 vulnerabilities classified as CWE-862 (授权机制缺失). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2025-66534 WordPress The Aisle theme <= 2.9 - Broken Access Control vulnerability — The Aisle 4.3 Medium2025-12-09
CVE-2025-66532 WordPress Powerlift theme < 3.2.1 - Broken Access Control vulnerability — Powerlift 4.3 Medium2025-12-09
CVE-2025-67466 WordPress Trinity Audio plugin <= 5.23.3 - Broken Access Control vulnerability — Trinity Audio 4.3 Medium2025-12-09
CVE-2025-66530 WordPress Webba Booking plugin <= 6.2.1 - Broken Access Control vulnerability — Webba Booking 4.3 Medium2025-12-09
CVE-2025-66528 WordPress Thank You Page Customizer for WooCommerce plugin <= 1.1.8 - Broken Access Control vulnerability — Thank You Page Customizer for WooCommerce 4.3 Medium2025-12-09
CVE-2025-66526 WordPress Tablesome plugin <= 1.1.34 - Broken Access Control vulnerability — Tablesome 4.3 Medium2025-12-09
CVE-2025-66527 WordPress Lobo theme <= 2.8.6 - Broken Access Control vulnerability — Lobo 4.3 Medium2025-12-09
CVE-2025-66525 WordPress Elastic Email Sender plugin <= 1.2.20 - Broken Access Control vulnerability — Elastic Email Sender 4.3 Medium2025-12-09
CVE-2025-64257 WordPress My Tickets plugin <= 2.1.0 - Broken Access Control vulnerability — My Tickets 4.3 Medium2025-12-09
CVE-2025-64255 WordPress Admin and Site Enhancements (ASE) plugin <= 8.0.8 - Broken Access Control vulnerability — Admin and Site Enhancements (ASE) 2.7 Low2025-12-09
CVE-2025-64254 WordPress Photo Block plugin <= 1.5.1 - Broken Access Control vulnerability — Photo Block 2.7 Low2025-12-09
CVE-2025-42891 Missing Authorization check in SAP Enterprise Search for ABAP — SAP Enterprise Search for ABAP 5.5 Medium2025-12-09
CVE-2025-13309 Accessiy By CodeConfig Accessibility – Easy One-Click Accessibility Toolbar That Truly Matters <= 1.0.2 - Authenticated (Subscriber+) Missing Authorization to Modify Accessibility Settings — Accessiy by CodeConfig – Accessibility Widgets for ADA, EAA & WCAG Compliance 4.3 Medium2025-12-06
CVE-2025-13358 Accessiy By CodeConfig Accessibility <= 1.0.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Page Creation — Accessiy by CodeConfig – Accessibility Widgets for ADA, EAA & WCAG Compliance 5.3 Medium2025-12-06
CVE-2025-12091 Search, Filters & Merchandising for WooCommerce <= 3.0.67 - Missing Authorization to Authenticated (Subscriber+) Plugin Deactivation — Search, Filters & Merchandising for WooCommerce 4.3 Medium2025-12-06
CVE-2025-12577 Listar – Directory Listing & Classifieds WordPress Plugin <= 3.0.0 - Missing Authorization to Authenticated (Subscriber+) Listing Update — Listar – Directory Listing & Classifieds WordPress Plugin 4.3 Medium2025-12-06
CVE-2025-13666 Helloprint <= 2.1.2 - Missing Authorization to Unauthenticated Arbitrary Order Status Modification — Plug your WooCommerce into the largest catalog of customized print products from Helloprint 5.3 Medium2025-12-06
CVE-2025-12574 Listar – Directory Listing & Classifieds WordPress Plugin <= 3.0.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Deletion — Listar – Directory Listing & Classifieds WordPress Plugin 4.3 Medium2025-12-06
CVE-2025-12721 g-FFL Cockpit <= 1.7.1 - Missing Authorization to Unauthenticated Information Exposure — g-FFL Cockpit 5.3 Medium2025-12-06
CVE-2025-65036 XWiki Remote Macros vulnerable to remote code execution using the confluence details summary macro — xwiki-pro-macros 8.3 High2025-12-05
CVE-2025-13620 Wp Social Login and Register Social Counter <= 3.1.3 - Missing Authorization in Cache REST Endpoints to Social Counter Tampering — Wp Social Login and Register Social Counter 5.3 Medium2025-12-05
CVE-2025-12876 Projectopia – WordPress Project Management <= 5.1.19 - Missing Authorization to Unauthenticated Arbitrary Attachment Deletion — Projectopia – Project Management Tool 5.3 Medium2025-12-05
CVE-2025-12093 Voidek Employee Portal <= 1.0.7 - Missing Authorization — Voidek Employee Portal 5.3 Medium2025-12-05
CVE-2025-12355 Payaza <= 0.3.8 - Missing Authorization to Unauthenticated Order Status Update — Payaza 5.3 Medium2025-12-05
CVE-2025-12354 Live CSS Preview <= 2.1.4 - Missing Authorization to Authenticated (Subscriber+) Settings Update — Live CSS Preview 4.3 Medium2025-12-05
CVE-2025-13528 Feedback Modal for Website <= 1.0.1 - Missing Authorization to Unauthenticated Arbitrary Feedback Data Exfiltration via 'export_data' Parameter — Feedback Modal for Website 5.3 Medium2025-12-05
CVE-2025-12133 EPROLO Dropshipping <= 2.3.1 - Missing Authorization to Authenticated (Subscriber+) Tracking Data Modification — EPROLO-Dropshipping 4.3 Medium2025-12-05
CVE-2025-12370 Takeads <= 1.0.13 - Missing Authorization to Plugin Settings Deletion — Takeads 4.3 Medium2025-12-05
CVE-2025-12165 Webcake – Landing Page Builder <= 1.1 - Missing Authorization to Authenticated (Subscriber+) Settings Update — Webcake – Landing Page Builder 4.3 Medium2025-12-05
CVE-2025-13312 CRM Memberships <= 2.5 - Missing Authorization to Unauthenticated 'ntzcrm_add_new_tag' AJAX Action — CRM Memberships 5.3 Medium2025-12-05

Vulnerabilities classified as CWE-862 (授权机制缺失) represent 5531 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.