Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-862 (授权机制缺失) — Vulnerability Class 5531

5531 vulnerabilities classified as CWE-862 (授权机制缺失). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2025-58672 WordPress WP User Frontend Plugin <= 4.1.12 - Broken Access Control Vulnerability — WP User Frontend 5.4 Medium2025-09-22
CVE-2025-58678 WordPress Accordion Plugin <= 2.3.15 - Broken Access Control Vulnerability — Accordion 6.5 Medium2025-09-22
CVE-2025-58679 WordPress AppMySite plugin <= 3.15.0 - Broken Access Control vulnerability — AppMySite 5.3 Medium2025-09-22
CVE-2025-58681 WordPress Easy Quotes Plugin <= 1.2.4 - Broken Access Control Vulnerability — Easy Quotes 5.3 Medium2025-09-22
CVE-2025-58680 WordPress Gutentor plugin <= 3.5.2 - Broken Access Control vulnerability — Gutentor 6.5 Medium2025-09-22
CVE-2025-58685 WordPress Cecabank WooCommerce plugin plugin <= 0.3.4 - Broken Access Control vulnerability — Cecabank WooCommerce Plugin 5.3 Medium2025-09-22
CVE-2025-59413 CubeCart Unauthorized Newsletter Unsubscription via force_unsubscribe Parameter — v6 6.5 Medium2025-09-22
CVE-2025-10305 Secure Passkeys <= 1.2.1 - Missing Authorization to Authenticated (Subscriber+) Passkey Exposure and Deletion — Secure Passkeys 5.3 Medium2025-09-20
CVE-2025-10489 SureForms – Drag and Drop Form Builder for WordPress <= 1.12.0 - Missing Authorization to Authenticated (Contributor+) Form Creation — SureForms – Contact Form, Payment Form & Other Custom Form Builder 4.3 Medium2025-09-20
CVE-2025-7665 Miniorange OTP Verification with Firebase 3.1.0 - 3.6.2 - Unauthenticated Privilege Escalation — Miniorange OTP Verification with Firebase 8.1 High2025-09-19
CVE-2025-8487 Kubio AI Page Builder <= 2.6.3 - Missing Authorization to Authenticated (Subscriber+) Limited Plugin Installation — Kubio AI Page Builder 5.4 Medium2025-09-19
CVE-2025-10690 Goza - Nonprofit Charity WordPress Theme <= 3.2.2 - Missing Authorization to Unauthenticated Arbitrary File Upload via Plugin Installation — Goza - Nonprofit Charity WordPress Theme 9.8 Critical2025-09-19
CVE-2025-8565 Privacy Policy Generator, Terms & Conditions Generator WordPress Plugin : WP Legal Pages <= 3.4.3 - Missing Authorization to Authenticated (Contributor+) Arbitrary Plugin Installation — Privacy Policy Generator – WPLP Legal Pages 8.1 High2025-09-18
CVE-2025-59416 The Scratch Channel forks can publish articles — tsc-web-client 9.1AICriticalAI2025-09-17
CVE-2025-8999 Sydney <= 2.56 - Missing Authorization to Authenticated (Subscriber+) Limited Theme Options Update — Sydney 5.3 Medium2025-09-17
CVE-2025-43805 Liferay Portal和Liferay DXP 安全漏洞 — Portal 5.3AIMediumAI2025-09-16
CVE-2025-8446 Blaze Demo Importer <= 1.0.12 - Missing Authorization to Authenticated (Subscriber+) Limited Plugin Install — Blaze Demo Importer 4.3 Medium2025-09-16
CVE-2025-9076 Mattermost Server exposes sensitive user credentials during shared channel membership synchronization — Mattermost 6.5 Medium2025-09-15
CVE-2025-43788 Liferay Portal和Liferay DXP 安全漏洞 — Portal 4.3 -2025-09-12
CVE-2025-9018 Time Tracker <= 3.1.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update and Limited Data Deletion — Time Tracker 8.8 High2025-09-11
CVE-2025-8425 My WP Translate <= 1.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update — My WP Translate 8.8 High2025-09-11
CVE-2025-8492 Salon Booking System <= 10.22 - Missing Authorization to Unauthenticated AJAX Actions Execution — Salon Booking System – Free Version 5.3 Medium2025-09-11
CVE-2025-8423 My WP Translate <= 1.1 - Authenticated (Subscriber+) Missing Authorization to Arbitrary Option Read and Deletion — My WP Translate 5.4 Medium2025-09-11
CVE-2025-0763 Ultimate Classified Listings <= 1.7 - Missing Authorization to Authenticated (Subscriber+) Plugin Settings Update — Ultimate Classified Listings 4.3 Medium2025-09-11
CVE-2025-36756 Device Takeover vulnerability in SolaX Cloud — SolaX Cloud 8.8AIHighAI2025-09-10
CVE-2025-10040 WP Import – Ultimate CSV XML Importer for WordPress <= 7.27 - Missing Authorization to Authenticated (Subscriber+) FTP/SFTP Credential Exposure — WP Ultimate CSV Importer – Import CSV, XML & Excel into WordPress 7.7 High2025-09-10
CVE-2025-9979 Maspik <= 2.5.6 - Authenticated (Subscriber+) Missing Authorization to Spam Log Export — Maspik – Ultimate Spam Protection 4.3 Medium2025-09-10
CVE-2025-8778 NitroPack <= 1.18.4 - Missing Authorization to Authenticated (Subscriber+) Limited Settings Update via nitropack_set_compression_ajax Function — NitroPack – Performance, Page Speed & Cache Plugin for Core Web Vitals, CDN & Image Optimization 4.3 Medium2025-09-10
CVE-2025-49459 Zoom Workplace for Windows on ARM - Missing Authorization — Zoom Workplace for Windows on ARM 7.8 High2025-09-09
CVE-2025-58753 copyparty: Sharing a single file does not fully restrict access to other files in source folder — copyparty 5.3AIMediumAI2025-09-09

Vulnerabilities classified as CWE-862 (授权机制缺失) represent 5531 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.