Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-862 (授权机制缺失) — Vulnerability Class 5531

5531 vulnerabilities classified as CWE-862 (授权机制缺失). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2025-64352 WordPress Essential Addons for Elementor plugin <= 6.2.4 - Broken Access Control vulnerability — Essential Addons for Elementor 2.7 Low2025-10-31
CVE-2025-64350 WordPress Rank Math SEO plugin <= 1.0.252.1 - Broken Access Control vulnerability — Rank Math SEO 3.8 Low2025-10-31
CVE-2025-12041 ERI File Library <= 1.1.0 - Missing Authorization to Unauthenticated Protected File Download — ERI File Library 5.3 Medium2025-10-31
CVE-2025-12175 The Events Calendar <= 6.15.9 - Missing Authorization to Authenticated (Subscriber+) Draft Event Title/QR Code Exposure — The Events Calendar 4.3 Medium2025-10-31
CVE-2025-11975 FuseWP – WordPress User Sync to Email List & Marketing Automation (Mailchimp, Constant Contact, ActiveCampaign etc.) <= 1.1.23.0 - Missing Authorization to Authenticated (Subscriber+) Sync Rule Creation — FuseWP – WordPress User Sync to Email List & Marketing Automation (Mailchimp, Constant Contact, ActiveCampaign etc.) 4.3 Medium2025-10-31
CVE-2023-7317 Nagios XI < 2024R1 Web SSH Terminal Missing Access Control — XI 8.8AIHighAI2025-10-30
CVE-2013-10072 Nagios XI < 2012R1.6 Auto-Discovery Missing Authorization — XI 7.1AIHighAI2025-10-30
CVE-2024-13994 Nagios XI < 2024R1.1.2 Allow Insecure Logins Missing Authorization — XI 8.8AIHighAI2025-10-30
CVE-2025-62712 JumpServer Connection Token Leak Vulnerability — jumpserver 9.6 Critical2025-10-30
CVE-2025-11881 AppPresser – Mobile App Framework <= 4.5.0 - Missing Authorization to Unauthenticated Limited Sensitive Information Exposure — AppPresser – Mobile App Framework 5.3 Medium2025-10-30
CVE-2025-10008 Translate WordPress and go Multilingual – Weglot <= 5.1 - Missing Authorization to Unauthenticated Limited Transient Deletion — Translate WordPress with Weglot – Multilingual AI Translation 5.3 Medium2025-10-30
CVE-2025-9954 Acquia DAM - Moderately critical - Access bypass, Information Disclosure - SA-CONTRIB-2025-105 — Acquia DAM 7.5AIHighAI2025-10-29
CVE-2025-11587 Call Now Button <= 1.5.3 - Missing Authorization to Authenticated (Subscriber+) Limited Plugin Settings Update — Call Now Button – The #1 Click to Call Button for WordPress 4.3 Medium2025-10-29
CVE-2025-11632 Call Now Button <= 1.5.4 - Authenticated (Subscriber+) Missing Authorization to Multiple Functions — Call Now Button – The #1 Click to Call Button for WordPress 4.3 Medium2025-10-29
CVE-2025-64285 WordPress Premmerce Wholesale Pricing for WooCommerce plugin <= 1.1.10 - Broken Access Control vulnerability — Premmerce Wholesale Pricing for WooCommerce 5.4 Medium2025-10-29
CVE-2025-64234 WordPress Evergreen Content Poster plugin <= 1.4.5 - Broken Access Control vulnerability — Evergreen Content Poster 4.3 Medium2025-10-29
CVE-2025-64229 WordPress Client Invoicing by Sprout Invoices plugin <= 20.8.7 - Broken Access Control vulnerability — Client Invoicing by Sprout Invoices 4.3 Medium2025-10-29
CVE-2025-64219 WordPress Business Directory plugin <= 6.4.18 - Broken Access Control vulnerability — Business Directory 4.3 Medium2025-10-29
CVE-2025-64212 WordPress MasterStudy LMS Pro plugin < 4.7.16 - Broken Access Control vulnerability — MasterStudy LMS Pro 5.4 Medium2025-10-29
CVE-2025-64211 WordPress Masterstudy Elementor Widgets plugin <= 1.2.4 - Broken Access Control vulnerability — Masterstudy Elementor Widgets 5.3 Medium2025-10-29
CVE-2025-64210 WordPress Masterstudy Elementor Widgets plugin <= 1.2.4 - Broken Access Control vulnerability — Masterstudy Elementor Widgets 5.4 Medium2025-10-29
CVE-2025-64199 WordPress wpresidence theme <= 5.3.2 - Broken Access Control vulnerability — wpresidence 5.3 Medium2025-10-29
CVE-2025-58711 WordPress Blog Designer PRO plugin <= 3.4.8 - Broken Access Control vulnerability — Blog Designer PRO 5.3 Medium2025-10-29
CVE-2025-11702 Missing Authorization in GitLab — GitLab 8.5 High2025-10-29
CVE-2025-11705 Anti-Malware Security and Brute-Force Firewall <= 4.23.81 - Missing Authorization to Authenticated (Subscriber+) Arbitrary File Read — Anti-Malware Security and Brute-Force Firewall 6.5 Medium2025-10-29
CVE-2025-64296 WordPress Facebook for WooCommerce plugin <= 3.5.7 - Broken Access Control to Notice Dismissal vulnerability — Facebook for WooCommerce 5.3 Medium2025-10-29
CVE-2025-59461 API does not require authentication — TLOC100-100 all Firmware versions 7.6 High2025-10-27
CVE-2025-62980 WordPress Persian Admnin Fonts plugin <= 4.1.03 - Broken Access Control vulnerability — Persian Admnin Fonts 5.4 Medium2025-10-27
CVE-2025-62977 WordPress 百度站长SEO合集(支持百度/神马/Bing/头条推送) plugin <= 2.1.4 - Broken Access Control vulnerability — 百度站长SEO合集(支持百度/神马/Bing/头条推送) 5.3 Medium2025-10-27
CVE-2025-62976 WordPress Sendle Shipping plugin <= 6.02 - Broken Access Control vulnerability — Sendle Shipping 5.3 Medium2025-10-27

Vulnerabilities classified as CWE-862 (授权机制缺失) represent 5531 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.