Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-862 (授权机制缺失) — Vulnerability Class 5531

5531 vulnerabilities classified as CWE-862 (授权机制缺失). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2025-3780 WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible <= 6.7.16 - Missing Authorization to Unauthenticated Plugin Settings Modification — WCFM – Frontend Manager for WooCommerce 6.5 Medium2025-07-08
CVE-2025-49723 Windows StateRepository API Server file Tampering Vulnerability — Windows 10 Version 1809 8.8 High2025-07-08
CVE-2025-5957 Guest Support – Complete customer support ticket system for WordPress <= 1.2.2 - Missing Authorization to Unauthenticated Ticket Deletion — Guest Support 5.3 Medium2025-07-08
CVE-2025-42986 Missing Authorization check in SAP NetWeaver and ABAP Platform — SAP NetWeaver and ABAP Platform 4.3 Medium2025-07-08
CVE-2025-42974 Missing Authorization Check in SAP NetWeaver and ABAP Platform (SDCCN) — SAP NetWeaver and ABAP Platform (SDCCN) 4.3 Medium2025-07-08
CVE-2025-42968 Missing Authorization check in SAP NetWeaver (RFC enabled function module) — SAP NetWeaver (RFC enabled function module) 5.0 Medium2025-07-08
CVE-2025-42961 Missing Authorization check in SAP NetWeaver Application Server for ABAP — SAP NetWeaver Application Server for ABAP 4.9 Medium2025-07-08
CVE-2025-42960 Missing Authorization Check in SAP Business Warehouse and SAP BW/4HANA BEx Tools — SAP Business Warehouse and SAP BW/4HANA BEx Tools 4.3 Medium2025-07-08
CVE-2025-42953 Missing Authorization check in SAP NetWeaver Application Server for ABAP — SAP NetWeaver Application Server for ABAP 8.1 High2025-07-08
CVE-2025-42952 Missing Authorization check in SAP Business Warehouse and SAP Plug-In Basis — SAP Business Warehouse and SAP Plug-In Basis 7.7 High2025-07-08
CVE-2025-53499 Unauthorized Inspection of Protected Variables in AbuseFilter — Mediawiki - AbuseFilter Extension 9.8AICriticalAI2025-07-07
CVE-2025-53495 Unauthorized Disclosure of IP Reputation in AbuseFilter — Mediawiki - AbuseFilter Extension 9.8AICriticalAI2025-07-07
CVE-2025-53485 SecurePoll: Unauthorized access to SetTranslationHandler allows arbitrary text changes — Mediawiki - SecurePoll extension 5.3 -2025-07-04
CVE-2025-47565 WordPress EventON plugin <= 4.9.9 - Broken Access Control vulnerability — EventON 6.3 Medium2025-07-04
CVE-2025-47634 WordPress WC Pickup Store plugin <= 1.8.9 - Settings Change Vulnerability — WC Pickup Store 6.5 Medium2025-07-04
CVE-2025-50032 WordPress Paytiko for WooCommerce plugin <= 1.3.21 - Broken Access Control vulnerability — Paytiko for WooCommerce 6.5 Medium2025-07-04
CVE-2025-50039 WordPress VG WORT METIS plugin <= 2.0.1 - Broken Access Control Vulnerability — VG WORT METIS 6.5 Medium2025-07-04
CVE-2025-52813 WordPress MobiLoud <= 4.6.5 - Broken Access Control Vulnerability — MobiLoud 8.1 High2025-07-04
CVE-2025-49431 WordPress MF Plus WPML plugin <= 1.1 - Settings Change Vulnerability — MF Plus WPML 6.5 Medium2025-07-04
CVE-2025-30929 WordPress fluXtore plugin <= 1.6.0 - Broken Access Control vulnerability — fluXtore 5.3 Medium2025-07-04
CVE-2025-29012 WordPress CF7 7 Mailchimp Add-on plugin < 2.4 - Broken Access Control Vulnerability — CF7 7 Mailchimp Add-on 5.3 Medium2025-07-04
CVE-2025-29007 WordPress LMSACE Connect plugin <= 3.4 - Broken Access Control Vulnerability — LMSACE Connect 4.3 Medium2025-07-04
CVE-2025-29001 WordPress WooCommerce Shop Page Builder plugin <= 2.27.7 - Broken Access Control Vulnerability — WooCommerce Shop Page Builder 4.3 Medium2025-07-04
CVE-2025-24757 WordPress uDesign theme <= 4.11.2 - Broken Access Control vulnerability — uDesign 5.3 Medium2025-07-04
CVE-2025-24748 WordPress Avada theme <= 7.11.10 - Broken Access Control vulnerability — Avada 5.3 Medium2025-07-04
CVE-2025-6814 Booking X 1.0 - 1.1.2 - Missing Authorization to Unauthenticated Sensitive Information Disclosure via export_now() Function — Booking X – Appointment and Reservation Availability Calendar 7.5 High2025-07-04
CVE-2025-5953 WP Human Resource Management 2.0.0 - 2.2.17 - Missing Authorization to Authenticated (Employee+) Privilege Escalation via wp_ajax_hrm_insert_employee AJAX Action — WP Human Resource Management 8.8 High2025-07-04
CVE-2025-5956 WP Human Resource Management 2.0.0 - 2.2.17 - Missing Authorization to Authenticated (Employee+) Arbitrary User Deletion via ajax_delete_employee Function — WP Human Resource Management 6.5 Medium2025-07-04
CVE-2025-52554 n8n Improper Authorization in Workflow Execution Stop Endpoint Allows Terminating Other Users’ Workflows — n8n 5.4AIMediumAI2025-07-03
CVE-2025-3702 WordPress Melapress File Monitor plugin < 2.2.0 - Broken Access Control vulnerability — Melapress File Monitor 5.4 Medium2025-07-03

Vulnerabilities classified as CWE-862 (授权机制缺失) represent 5531 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.