Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-862 (授权机制缺失) — Vulnerability Class 5531

5531 vulnerabilities classified as CWE-862 (授权机制缺失). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2025-11742 WPC Smart Wishlist for WooCommerce <= 5.0.4 - Missing Authorization to Authenticated (Subscriber+) Information Exposure — WPC Smart Wishlist for WooCommerce 4.3 Medium2025-10-18
CVE-2025-11378 ShortPixel Image Optimizer <= 6.3.4 - Authenticated (Contributor+) Settings Import/Export — ShortPixel Image Optimizer – Optimize Images, Convert WebP & AVIF 5.4 Medium2025-10-18
CVE-2025-62642 Restaurant Brands International assistant platform 安全漏洞 — assistant platform 5.8 Medium2025-10-17
CVE-2025-58073 Arbitrary Mattermost Team can be joined by manipulating the OAuth state — Mattermost 8.1 High2025-10-16
CVE-2025-41410 Slack import bypasses email verification for team access controls — Mattermost 5.4 Medium2025-10-16
CVE-2025-58075 Arbitrary Mattermost Team can be joined by manipulating the SAML RelayState — Mattermost 8.1 High2025-10-16
CVE-2025-41443 Guest user can discover active public channels — Mattermost 4.3 Medium2025-10-16
CVE-2025-10849 Felan Framework <= 1.1.4 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Activation/Deactivation via process_plugin_actions — Felan Framework 5.3 Medium2025-10-16
CVE-2025-10706 Classified Pro <= 1.0.14 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Installation — ClassifiedPro - reCommerce WordPress Theme 8.8 High2025-10-16
CVE-2025-11701 Zip Attachments <= 1.6 - Missing Authorization to Unauthenticated Private And Password-Protected Posts Attachment Disclosure — Zip Attachments 5.3 Medium2025-10-15
CVE-2025-10313 Find And Replace content for WordPress <= 1.1 - Missing Authorization to Unauthenticated Stored Cross-Site Scripting — Find And Replace content for WordPress 7.2 High2025-10-15
CVE-2025-10303 Library Management System <= 3.1 - Missing Authorization to Authenticated (Subscriber+) Settings Manipulation — Library Management System 4.3 Medium2025-10-15
CVE-2025-11692 Zip Attachments <= 1.6 - Missing Authorization to Limited File Deletion — Zip Attachments 5.3 Medium2025-10-15
CVE-2025-10299 WPBifröst – Instant Passwordless Temporary Login Links <= 1.0.7 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation — Bifröst – Instant Passwordless Temporary Login Links 8.8 High2025-10-15
CVE-2025-10186 WhyDonate – FREE Donate button – Crowdfunding – Fundraising <= 4.0.15 - Missing Authorization to Unauthenticated wp_wdplugin_style Rww Deletion — WhyDonate – FREE Donate button – Crowdfunding – Fundraising 5.3 Medium2025-10-15
CVE-2025-10648 Login with YourMembership - YM SSO Login <= 1.1.7 - Missing Authorization to Unauthenticated Sensitive Information Exposure via 'moym_display_test_attributes' — Login with YourMembership – YM SSO Login 5.3 Medium2025-10-15
CVE-2025-33182 NVIDIA Jetson Linux 安全漏洞 — Jetson Orin Series 7.6 High2025-10-14
CVE-2025-10732 SureForms – Drag and Drop Form Builder for WordPress <= 1.12.1 - Missing Authorization to Authenticated (Contributor+) Information Disclosure — SureForms – Contact Form, Payment Form & Other Custom Form Builder 4.3 Medium2025-10-14
CVE-2025-8593 GSheetConnector For Gravity Forms <= 1.3.27 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Installation — GSheetConnector for Gravity Forms – Send Gravity Forms Entries to Google Sheets in Real-Time 8.8 High2025-10-11
CVE-2025-8682 Newsup <= 5.0.10 - Missing Authorization to Authenticated (Subscriber+) Plugin Installation — Newsup 4.3 Medium2025-10-11
CVE-2025-11380 Everest Backup <= 2.3.5 - Missing Authorization to Unauthenticated Information Exposure — Everest Backup – WordPress Cloud Backup, Migration, Restore & Cloning Plugin 5.9 Medium2025-10-11
CVE-2025-9549 Facets - Moderately critical - Information Disclosure - SA-CONTRIB-2025-099 — Facets 7.5AIHighAI2025-10-10
CVE-2025-11581 PowerJob OpenAPIController runJob authorization — PowerJob 5.3 Medium2025-10-10
CVE-2025-11580 PowerJob list authorization — PowerJob 5.3 Medium2025-10-10
CVE-2025-10352 Missing Authorization vulnerability in Melis Platform — Melis Platform 9.8AICriticalAI2025-10-08
CVE-2025-11439 JhumanJ OpnForm integrations authorization — OpnForm 4.3 Medium2025-10-08
CVE-2025-11438 JhumanJ OpnForm API Endpoint custom-domains authorization — OpnForm 6.3 Medium2025-10-08
CVE-2025-9029 WDesignKit – Elementor & Gutenberg Starter Templates, Patterns, Cloud Workspace & Widget Builder <= 1.2.16 - Missing Authentication via wdkit_handle_review_submission Function — WDesignKit – Elementor & Gutenberg Starter Templates, Patterns, Cloud Workspace & Widget Builder 4.3 Medium2025-10-04
CVE-2025-11228 GiveWP – Donation Plugin and Fundraising Platform <= 4.10.0 - Missing Authorization to Unauthenticated Forms-Campaign Association — GiveWP – Donation Plugin and Fundraising Platform 5.3 Medium2025-10-04
CVE-2025-9243 Cost Calculator Builder <= 3.5.32 - Authenticated (Subscriber+) Missing Authorization via get_cc_orders/update_order_status Functions — Cost Calculator Builder 8.1 High2025-10-04

Vulnerabilities classified as CWE-862 (授权机制缺失) represent 5531 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.