Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-862 (授权机制缺失) — Vulnerability Class 5531

5531 vulnerabilities classified as CWE-862 (授权机制缺失). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2025-66072 WordPress UsersWP plugin <= 1.2.47 - Broken Access Control vulnerability — UsersWP 5.3 Medium2025-11-21
CVE-2025-66063 WordPress WP Google Review Slider plugin <= 17.4 - Broken Access Control vulnerability — WP Google Review Slider 5.4 Medium2025-11-21
CVE-2025-66060 WordPress Seriously Simple Podcasting plugin <= 3.13.0 - Broken Access Control vulnerability — Seriously Simple Podcasting 5.3 Medium2025-11-21
CVE-2025-10054 ELEX WordPress HelpDesk & Customer Ticketing System <= 3.3.1 - Missing Authorization to Authenticated (Subscriber+) Role Removal — ELEX WordPress HelpDesk & Customer Ticketing System 4.3 Medium2025-11-21
CVE-2025-13149 Schedule Post Changes With PublishPress Future: Unpublish, Delete, Change Status, Trash, Change Categories <= 4.9.1 - Authenticated (Author+) Missing Authorization to Post/Page Status Modification — Schedule Post Changes With PublishPress Future: Unpublish, Delete, Change Status, Trash, Change Categories 4.3 Medium2025-11-21
CVE-2025-11985 Realty Portal <= 0.4.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update — Realty Portal 8.8 High2025-11-21
CVE-2025-11773 Cryptocurrency (Token), Launchpad (Presale), ICO & IDO, Airdrop by TokenICO <= 2.4.7 - Missing Authorization to Authenticated (Subscriber+) Contract Address Update — Cryptocurrency (Token), Launchpad (Presale), ICO & IDO, Airdrop by TokenICO 4.3 Medium2025-11-21
CVE-2025-10938 UiPress lite <= 3.5.08 - Missing Authorization to Authenticated (Subscriber+) Sensitive Information Exposure — UiPress lite | Effortless custom dashboards, admin themes and pages 6.5 Medium2025-11-21
CVE-2025-11003 UiPress lite <= 3.5.08 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting — UiPress lite | Effortless custom dashboards, admin themes and pages 6.4 Medium2025-11-21
CVE-2025-12170 Checkbox <= 2.8.10 - Missing Authorization to Unauthenticated Log Clearing — Checkbox 5.3 Medium2025-11-21
CVE-2025-9825 Missing Authorization in GitLab — GitLab 5.0 Medium2025-11-21
CVE-2025-12169 ELEX WordPress HelpDesk & Customer Ticketing System <= 3.3.0 - Missing Authorization to Authenitcated (Subscriber+) to Scheduled Trigger Deletion — ELEX WordPress HelpDesk & Customer Ticketing System 4.3 Medium2025-11-21
CVE-2025-12085 ELEX WordPress HelpDesk & Customer Ticketing System <= 3.3.1 - Missing Authorization to Authenticated (Subscriber+) Trash Empty — ELEX WordPress HelpDesk & Customer Ticketing System 4.3 Medium2025-11-21
CVE-2025-12023 ELEX WordPress HelpDesk & Customer Ticketing System <= 3.3.1 - Missing Authorization to Authenticated (Subscriber+) Ticket Restore — ELEX WordPress HelpDesk & Customer Ticketing System 4.3 Medium2025-11-21
CVE-2025-12022 ELEX WordPress HelpDesk & Customer Ticketing System <= 3.3.1 - Missing Authorization to Authenticated (Subscriber+) Trash Restore — ELEX WordPress HelpDesk & Customer Ticketing System 4.3 Medium2025-11-21
CVE-2025-62293 Broken Access Control in SOPlanning — SOPlanning 4.3 -2025-11-20
CVE-2025-13468 SourceCodester Alumni Management System Delete admin_class.php delete_event authorization — Alumni Management System 5.4 Medium2025-11-20
CVE-2025-12778 Ultimate Member Widgets for Elementor <= 2.3 - Missing Authorization to Unauthenticated Information Exposure — Ultimate Member Widgets for Elementor – WordPress User Directory 5.3 Medium2025-11-20
CVE-2025-65089 XWiki view file macro: User can view content of office file without view rights on the attachment — xwiki-pro-macros 6.8 Medium2025-11-19
CVE-2025-12822 WP Login and Register using JWT <= 3.0.0 - Missing Authorization to Authenticated (Subscriber+) API Key Exposure — WP Login and Register using JWT 4.3 Medium2025-11-19
CVE-2025-12174 Directorist: AI-Powered Business Directory Plugin with Classified Ads Listings <= 8.5.2 - Missing Authorization to Authenticated (Subscriber+) Data Export and Slug Update — Directorist: AI-Powered Business Directory, Listings & Classified Ads 6.5 Medium2025-11-19
CVE-2025-12751 WSChat – WordPress Live Chat <= 3.1.6 - Missing Authorization to Authenticated (Subscriber+) Settings Reset — WSChat – WordPress Live Chat 4.3 Medium2025-11-19
CVE-2025-12391 Restrictions for BuddyPress <= 1.5.2 - Missing Authorization to Unauthenticated Tracking Status Update — Restrictions for BuddyPress 5.3 Medium2025-11-18
CVE-2025-12639 wModes – Catalog Mode, Product Pricing, Enquiry Forms & Promotions | for WooCommerce <= 1.2.2 - Missing Authorization to Sensitive Information Disclosure — wModes – Catalog Mode, Product Pricing, Enquiry Forms & Promotions | for WooCommerce 4.3 Medium2025-11-18
CVE-2025-12392 Cryptocurrency Payment Gateway for WooCommerce <= 2.0.25 - Missing Authorization to Unauthenticated Tracking Status Update — Cryptocurrency Payment Gateway for WooCommerce 5.3 Medium2025-11-18
CVE-2025-12481 WP Duplicate Page <= 1.7 - Missing Authorization to Authenticated (Contributor+) Sensitive Information Disclosure — WP Duplicate Page 4.3 Medium2025-11-18
CVE-2025-12955 Live sales notification for WooCommerce <= 2.3.39 - Missing Authorization to Unauthenticated Customer Data Exposure — PiWeb Live sales notification for WooCommerce 7.5 High2025-11-18
CVE-2025-11734 Broken Link Checker by AIOSEO – Easily Fix/Monitor Internal and External links <= 1.2.5 - Missing Authorization to Authenticated (Contributor+) Arbitrary Post Trashing — Broken Link Checker by AIOSEO – Easily Fix/Monitor Internal and External links 5.4 Medium2025-11-18
CVE-2025-12961 Download Panel <= 1.3.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Settings Modification — Download Panel (Biggiko Team) 4.3 Medium2025-11-18
CVE-2025-12372 The Permalinks Cascade <= 2.2 - Missing Authorization To Authenticated (Subscriber+) Plugin Settings Update — The Permalinks Cascade 4.3 Medium2025-11-18

Vulnerabilities classified as CWE-862 (授权机制缺失) represent 5531 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.