Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-862 (授权机制缺失) — Vulnerability Class 5531

5531 vulnerabilities classified as CWE-862 (授权机制缺失). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2025-30861 WordPress Five Star Restaurant Reservations plugin <= 2.6.29 - Broken Access Control vulnerability — Five Star Restaurant Reservations 4.9 Medium2025-03-27
CVE-2025-30851 WordPress Tickera plugin <= 3.5.5.2 - Broken Access Control vulnerability — Tickera 4.3 Medium2025-03-27
CVE-2025-30839 WordPress Taxi Booking Manager for WooCommerce plugin <= 1.2.1 - Broken Access Control vulnerability — Taxi Booking Manager for WooCommerce 5.3 Medium2025-03-27
CVE-2025-30830 WordPress Cool Author Box plugin <= 2.9.9 - Broken Access Control vulnerability — Cool Author Box 5.3 Medium2025-03-27
CVE-2025-30828 WordPress Timetics plugin <= 1.0.29 - Broken Access Control vulnerability — Timetics 5.3 Medium2025-03-27
CVE-2025-30824 WordPress Textmetrics plugin <= 3.6.1 - Broken Access Control vulnerability — Textmetrics 5.4 Medium2025-03-27
CVE-2025-30821 WordPress SNORDIAN's H5PxAPIkatchu plugin <= 0.4.14 - Broken Access Control vulnerability — SNORDIAN's H5PxAPIkatchu 5.3 Medium2025-03-27
CVE-2025-30817 WordPress Z Companion plugin <= 1.0.13 - Broken Access Control vulnerability — Z Companion 5.4 Medium2025-03-27
CVE-2025-30809 WordPress WordPress Contact Form, Drag and Drop Form Builder Plugin – Live Forms plugin <= 4.8.4 - Settings Change vulnerability — Live Forms 5.4 Medium2025-03-27
CVE-2025-30803 WordPress Just Writing Statistics plugin <= 5.3 - Broken Access Control vulnerability — Just Writing Statistics 4.3 Medium2025-03-27
CVE-2025-30790 WordPress Chatbox Manager plugin <= 1.2.2 - Broken Access Control Vulnerability — Chatbox Manager 5.3 Medium2025-03-27
CVE-2025-30772 WordPress WPC Smart Upsell Funnel for WooCommerce plugin <= 3.0.4 - Arbitrary Option Update to Privilege Escalation vulnerability — WPC Smart Upsell Funnel for WooCommerce 8.8 High2025-03-27
CVE-2025-30767 WordPress PDF for WPForms plugin <= 5.3.0 - Arbitrary Shortcode Execution vulnerability — PDF for WPForms 5.4 Medium2025-03-27
CVE-2025-24972 Discourse may bypass user preference when adding users to chat groups — discourse 4.3 Medium2025-03-26
CVE-2025-2110 WP Compress <= 6.30.15 - Authenticated (Subscriber+) Missing Authorization via Multiple Functions — WP Compress – Instant Performance & Speed Optimization 8.8 High2025-03-26
CVE-2024-13801 BWL Advanced FAQ Manager <= 2.1.4 - Missing Authorization to Authenticated (Subscriber+) Limited Arbitrary Options Update — BWL Advanced FAQ Manager 8.1 High2025-03-26
CVE-2025-2276 Ultimate Dashboard <= 3.8.7 - Missing Authorization to Authenticated (Subscriber+) Plugin Modules Activation/Deactivation — Ultimate Dashboard – Custom WordPress Dashboard 4.3 Medium2025-03-25
CVE-2025-2224 Directorist <= 8.2 - Missing Authorization to Unauthenticated Arbitrary Post Publishing — Directorist: AI-Powered Business Directory, Listings & Classified Ads 5.3 Medium2025-03-25
CVE-2025-30605 WordPress sourceplay-navermap plugin <= 0.0.2 - Broken Access Control vulnerability — sourceplay-navermap 4.3 Medium2025-03-24
CVE-2025-30592 WordPress Advanced Dewplayer - plugin <= 1.6 Broken Access Control Vulnerability — Advanced Dewplayer 5.3 Medium2025-03-24
CVE-2025-30591 WordPress Music Press Pro plugin <= 1.4.6 Broken Access Control Vulnerability — Music Press Pro 5.3 Medium2025-03-24
CVE-2025-30581 WordPress Top Bar plugin <= 3.3 - Broken Access Control Vulnerability — Top Bar 5.3 Medium2025-03-24
CVE-2025-30543 WordPress Menu Duplicator plugin <= 1.0 - Broken Access Control vulnerability — Menu Duplicator 4.3 Medium2025-03-24
CVE-2025-1408 ProfileGrid – User Profiles, Groups and Communities <= 5.9.4.4 - Missing Authorinzation to Authenticated (Subscriber+) Join Group Requests Management — ProfileGrid – User Profiles, Groups and Communities 4.3 Medium2025-03-22
CVE-2024-13737 Motors – Car Dealer, Classifieds & Listing <= 1.4.57 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Deletion and Listing Template Creation — Motors – Car Dealership & Classified Listings Plugin 4.3 Medium2025-03-22
CVE-2024-7767 Improper Access Control in danswer-ai/danswer — danswer-ai/danswer 8.3 -2025-03-20
CVE-2024-10272 Broken Access Control in lunary-ai/lunary — lunary-ai/lunary 7.5 -2025-03-20
CVE-2024-7043 Improper Access Control in open-webui/open-webui — open-webui/open-webui 9.8 -2025-03-20
CVE-2024-10330 Improper Access Control in lunary-ai/lunary — lunary-ai/lunary 4.3 -2025-03-20
CVE-2024-10363 Improper Access Control in danny-avila/LibreChat — danny-avila/librechat 7.5 -2025-03-20

Vulnerabilities classified as CWE-862 (授权机制缺失) represent 5531 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.