Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-862 (授权机制缺失) — Vulnerability Class 5531

5531 vulnerabilities classified as CWE-862 (授权机制缺失). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2025-13313 CRM Memberships <= 2.6 - Missing Authorization to Privilege Escalation via Unauthenticated Password Reset in 'ntzcrm_changepassword' AJAX Endpoint — CRM Memberships 9.8 Critical2025-12-05
CVE-2025-54159 Synology BeeDrive 安全漏洞 — BeeDrive for desktop 7.5 High2025-12-04
CVE-2025-2848 Synology Mail Server 安全漏洞 — Synology Mail Server 6.3 Medium2025-12-04
CVE-2025-12826 Custom Post Type UI <= 1.18.0 - Missing Authorization to Unauthenticated (Previously Administrator+) Custom Post Type Modification — Custom Post Type UI 4.8 Medium2025-12-04
CVE-2025-12782 Beaver Builder – WordPress Page Builder <= 2.9.4 - Missing Authorization to Authenticated (Contributor+) Builder Status Tampering — Beaver Builder Page Builder – Drag and Drop Website Builder 4.3 Medium2025-12-04
CVE-2025-13756 Fluent Booking – The Ultimate Appointments Scheduling, Events Booking, Events Calendar Solution <= 1.9.11 - Authenticated (Subscriber+) Missing Authorization to Calendar Import and Management — Fluent Booking – The Ultimate Appointments Scheduling, Events Booking, Events Calendar Solution 4.3 Medium2025-12-03
CVE-2025-13354 Tag, Category, and Taxonomy Manager – AI Autotagger with OpenAI <= 3.40.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Taxonomy Term Manipulation — Tag, Category, and Taxonomy Manager – AI Autotagger with OpenAI 4.3 Medium2025-12-03
CVE-2025-13342 Frontend Admin by DynamiApps <= 3.28.20 - Unauthenticated Arbitrary Options Update — Frontend Admin by DynamiApps 9.8 Critical2025-12-03
CVE-2025-12887 Post SMTP – Complete SMTP Solution with Logs, Alerts, Backup SMTP & Mobile App <= 3.6.1 - Missing Authorization to Authenticated (Subscriber+) OAuth Token Update — Post SMTP – Complete Email Deliverability and SMTP Solution with Email Logs, Alerts, Backup SMTP & Mobile App 5.4 Medium2025-12-03
CVE-2025-13472 Missing authorization in BlazeMeter Jenkins Plugin — BlazeMeter 4.3AIMediumAI2025-12-03
CVE-2025-10304 Everest Backup – WordPress Cloud Backup, Migration, Restore & Cloning Plugin <= 2.3.8 - Missing Authorization to Unauthenticated Backup Failure — Everest Backup – WordPress Cloud Backup, Migration, Restore & Cloning Plugin 5.3 Medium2025-12-03
CVE-2025-13828 Mautic user without privileged access to the Marketplace can install and uninstall composer packages — Mautic 7.8AIHighAI2025-12-02
CVE-2025-41012 Unauthorized access vulnerability in TCMAN GIM — GIM 7.5AIHighAI2025-12-02
CVE-2025-11726 Beaver Builder – WordPress Page Builder <= 2.9.4 - Missing Authorization to Authenticated (Contributor+) Global Preset Modification — Beaver Builder Page Builder – Drag and Drop Website Builder 4.3 Medium2025-12-02
CVE-2025-13813 moxi159753 Mogu Blog v2 Storage Management Endpoint storage authorization — Mogu Blog v2 5.6 Medium2025-12-01
CVE-2025-65112 PubNet Critical Authentication Bypass Allows Unauthenticated Package Upload and Identity Spoofing — PubNet 9.4 Critical2025-11-29
CVE-2025-10476 WP Fastest Cache <= 1.4.0 - Missing Authorization to Authenticated (Subscriber+) DB Cleanup Actions — WP Fastest Cache – WordPress Cache Plugin 4.3 Medium2025-11-27
CVE-2025-13381 AI ChatBot with ChatGPT and Content Generator by AYS <= 2.7.0 - Missing Authorization to Unauthenticated Media File Uploads — AI ChatBot with ChatGPT and Content Generator by AYS 5.3 Medium2025-11-27
CVE-2025-13441 Hide Category by User Role for WooCommerce <= 2.3.1 - Missing Authorization to Unauthenticated Cache Flushing — Hide Category by User Role for WooCommerce 5.3 Medium2025-11-27
CVE-2025-12579 Reuters Direct <= 3.0.0 - Missing Authorization to Unauthenticated Settings Reset — Reuters Direct 5.3 Medium2025-11-27
CVE-2025-12634 Refund Request for WooCommerce <= 1.0 - Missing Authorization to Authenticated (Subscriber+) Refund Status Update — Refund Request for WooCommerce 4.3 Medium2025-11-25
CVE-2025-13405 Ace Post Type Builder <= 1.9 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Custom Taxonomy Deletion via 'taxonomy' Parameter — Ace Post Type Builder 5.3 Medium2025-11-25
CVE-2025-13404 atec Duplicate Page & Post <= 1.2.20 - Missing Authorization to Authenticated (Contributor+) Arbitrary Post Duplication and Data Exposure — atec Duplicate Page & Post 5.3 Medium2025-11-25
CVE-2025-13386 Social Images Widget <= 2.1 - Missing Authorization to Unauthenticated Arbitrary Plugin Settings Deletion — Social Images Widget 5.3 Medium2025-11-25
CVE-2025-13414 Chamber Dashboard Business Directory <= 3.3.11 - Missing Authorization to Unauthenticated Business Information Export — Chamber Dashboard Business Directory 5.3 Medium2025-11-25
CVE-2025-12043 Autochat Automatic Conversation <= 1.1.9 - Missing Authorization to Unauthenticated Settings Update — Autochat Automatic Conversation 5.3 Medium2025-11-25
CVE-2025-13643 MongoDB Server may allow queries to be terminated by unauthorized users — MongoDB Server 3.1 Low2025-11-25
CVE-2025-13558 Blog2Social <= 8.7.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Trashing — Blog2Social: Social Media Auto Post & Scheduler 5.4 Medium2025-11-25
CVE-2025-10646 Search Exclude <= 2.5.7 – Missing Authorization to Authenticated (Contributor+) Search Settings Modification via REST API — Search Exclude 4.3 Medium2025-11-25
CVE-2025-41017 Multiple vulnerabilities in DFUSION by Davantis — DFUSION 5.3AIMediumAI2025-11-24

Vulnerabilities classified as CWE-862 (授权机制缺失) represent 5531 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.