Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-862 (授权机制缺失) — Vulnerability Class 5531

5531 vulnerabilities classified as CWE-862 (授权机制缺失). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2025-47564 WordPress EventON plugin <= 4.9.8 - Broken Access Control vulnerability — EventON 5.3 Medium2025-05-16
CVE-2025-47563 WordPress CURCY plugin <= 2.3.7 - Arbitrary Shortcode Execution vulnerability — CURCY 5.3 Medium2025-05-16
CVE-2025-48138 WordPress BERTHA AI plugin <= 1.13 - Broken Access Control Vulnerability — BERTHA AI 4.3 Medium2025-05-16
CVE-2025-48128 WordPress Sharespine Woocommerce Connector plugin <= 4.7.55 - Broken Access Control Vulnerability — Sharespine Woocommerce Connector 4.3 Medium2025-05-16
CVE-2025-48127 WordPress Push notification for Mobile and Web app plugin <= 2.0.3 - Broken Access Control vulnerability — Push notification for Mobile and Web app 6.5 Medium2025-05-16
CVE-2025-48116 WordPress EventON plugin <= 2.4.4 - Broken Access Control Vulnerability — EventON 5.3 Medium2025-05-16
CVE-2025-48117 WordPress WooCommerce POS plugin <= 1.7.8 - Broken Access Control Vulnerability — WooCommerce POS 5.3 Medium2025-05-16
CVE-2025-48079 WordPress ProfileGrid plugin <= 5.9.5.1 - Broken Access Control Vulnerability — ProfileGrid 4.3 Medium2025-05-16
CVE-2025-3624 Missing Authorization Vulnerability in Hitachi Ops Center Analyzer — Hitachi Ops Center Analyzer 4.3 Medium2025-05-16
CVE-2024-51666 WordPress Tours plugin <= 1.0.0 - Broken Access Control vulnerability — Tours 4.3 Medium2025-05-15
CVE-2024-56006 WordPress Jetpack Debug Tools plugin < 2.0.1 - Broken Access Control vulnerability — Jetpack Debug Tools 5.3 Medium2025-05-15
CVE-2025-47580 WordPress Front End Users plugin <= 3.2.35 - Broken Access Control vulnerability — Front End Users 5.4 Medium2025-05-15
CVE-2025-47709 Enterprise MFA - TFA for Drupal - Critical - Access bypass - SA-CONTRIB-2025-055 — Enterprise MFA - TFA for Drupal 6.5AIMediumAI2025-05-14
CVE-2025-24021 iTop doesn't have mass assignment of fields in the portal form — iTop 5.0 Medium2025-05-14
CVE-2025-4430 Unauthorized file manipulation in EZD RP — EZD RP 7.5AIHighAI2025-05-14
CVE-2025-4520 Uncanny Automator <= 6.4.0.2 - Missing Authorization to Authenticated (Subscriber+) Plugin Settings Update — Uncanny Automator – Easy Automation, Integration, Webhooks & Workflow Builder Plugin 5.4 Medium2025-05-14
CVE-2025-4339 TheGem <= 5.10.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Theme Options Update — TheGem 4.3 Medium2025-05-13
CVE-2025-43011 Missing Authorization Check in SAP Landscape Transformation (PCL Basis) — SAP Landscape Transformation (PCL Basis) 7.7 High2025-05-13
CVE-2025-43009 Missing Authorization check in SAP Service Parts Management (SPM) — SAP Service Parts Management (SPM) 6.3 Medium2025-05-13
CVE-2025-43008 Missing Authorization check in SAP S/4HANA HCM Portugal and SAP ERP HCM Portugal — SAP S/4HANA HCM Portugal and SAP ERP HCM Portugal 5.8 Medium2025-05-13
CVE-2025-43007 Missing Authorization check in SAP Service Parts Management (SPM) — SAP Service Parts Management (SPM) 6.3 Medium2025-05-13
CVE-2025-43004 Security Misconfiguration Vulnerability in SAP Digital Manufacturing (Production Operator Dashboard) — SAP Digital Manufacturing (Production Operator Dashboard) 5.3 Medium2025-05-13
CVE-2025-43000 Information Disclosure Vulnerability in SAP Business Objects Business Intelligence Platform (PMW) — SAP Business Objects Business Intelligence Platform (PMW) 7.9 High2025-05-13
CVE-2025-46745 Improper Privilege Management — SEL Blueframe OS 6.5 Medium2025-05-12
CVE-2025-3876 SMS Alert Order Notifications – WooCommerce <= 3.8.1 - Authenticated (Subscriber+) Privilege Escalation via handleWpLoginCreateUserAction Function — SMS Alert – SMS & OTP for WooCommerce, Order Notifications & Abandoned Cart Recovery 8.8 High2025-05-10
CVE-2025-3949 Website Builder by SeedProd — Theme Builder, Landing Page Builder, Coming Soon Page, Maintenance Mode <= 6.18.15 - Missing Authorization to Authenticated (Subscriber+) Sensitive Information Exposure — Website Builder by SeedProd — Theme Builder, Landing Page Builder, Coming Soon Page, Maintenance Mode 4.3 Medium2025-05-09
CVE-2025-20164 Cisco IOS 安全漏洞 — IOS 8.3 High2025-05-07
CVE-2025-47692 WordPress ContentStudio plugin <= 1.3.5 - Broken Access Control Vulnerability — Contentstudio 4.3 Medium2025-05-07
CVE-2025-47688 WordPress Advanced File Manager plugin <= 5.3.1 - Broken Access Control to Notice Dismissal vulnerability — Advanced File Manager 5.3 Medium2025-05-07
CVE-2025-47628 WordPress QS Dark Mode plugin <= 3.0 - Broken Access Control Vulnerability — QS Dark Mode 5.4 Medium2025-05-07

Vulnerabilities classified as CWE-862 (授权机制缺失) represent 5531 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.