Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-862 (授权机制缺失) — Vulnerability Class 5531

5531 vulnerabilities classified as CWE-862 (授权机制缺失). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2025-1285 Resido - Real Estate WordPress Theme <= 3.6 - Missing Authorization to Unauthenticated Server-Side Request Forgery and API Key Settings Update — Resido - Real Estate WordPress Theme 5.3 Medium2025-03-14
CVE-2025-24974 DataEase Mysql JDBC Connection Parameters Not Being Verified Leads to Arbitrary File Read Vulnerability — dataease 8.8 -2025-03-13
CVE-2025-2104 Page Builder: Pagelayer – Drag and Drop website builder <= 1.9.9 - Missing Authorization to Authenticated (Contributor+) Post Publication — Page Builder: Pagelayer – Drag and Drop website builder 4.3 Medium2025-03-13
CVE-2024-13703 CRM and Lead Management by vcita <= 2.7.5 - Missing Authorization to Authenticated (Susbcriber+) Widget Toggle — CRM and Lead Management by vcita 4.3 Medium2025-03-13
CVE-2025-1508 WP Crowdfunding <= 2.1.14 - Missing Authorization to Authenticated (Subscriber+) Post Content Download — WP Crowdfunding 5.3 Medium2025-03-12
CVE-2025-28938 WordPress WP Performance Pack plugin <= 2.5.3 - Broken Access Control vulnerability — WP Performance Pack 4.3 Medium2025-03-11
CVE-2025-28920 WordPress Responsive Google Map plugin <= 3.1.5 - Broken Access Control vulnerability — Responsive Google Map 5.3 Medium2025-03-11
CVE-2025-28872 WordPress Block Spam By Math Reloaded plugin <= 2.2.4 - Broken Access Control vulnerability — Block Spam By Math Reloaded 5.3 Medium2025-03-11
CVE-2025-27432 Missing Authorization check in SAP Electronic Invoicing for Brazil (eDocument Cockpit) — SAP Electronic Invoicing for Brazil (eDocument Cockpit) 2.4 Low2025-03-11
CVE-2025-26661 Missing Authorization check in SAP NetWeaver (ABAP Class Builder) — SAP NetWeaver (ABAP Class Builder) 8.8 High2025-03-11
CVE-2025-26656 Missing Authorization check in S/4HANA (Manage Purchasing Info Records) — S/4HANA (Manage Purchasing Info Records) 4.3 Medium2025-03-11
CVE-2025-26655 Missing Authorization check in SAP JIT(Outbound) — SAP Just In Time 3.1 Low2025-03-11
CVE-2025-25244 Missing Authorization Check in SAP Business Warehouse (Process Chains) — SAP Business Warehouse (Process Chains) 5.7 Medium2025-03-11
CVE-2025-23188 Missing Authorization check in SAP S/4HANA (RBD) — SAP S/4HANA (RBD) 4.3 Medium2025-03-11
CVE-2024-10326 RomethemeKit For Elementor <= 1.5.3 - Missing Authorization in save_options and reset_widgets — RTMKit 4.3 Medium2025-03-08
CVE-2025-1325 WP-Recall – Registration, Profile, Commerce & More <= 16.26.10 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Shortcode Exeuction — WP-Recall – Registration, Profile, Commerce & More 6.3 Medium2025-03-08
CVE-2024-13816 Aiomatic - AI Content Writer, Editor, ChatBot & AI Toolkit <= 2.3.6 - Missing Authorization to Authenticated (Subscriber+) Multiple Administrator Actions — Aiomatic - Automatic AI Content Writer & Editor, GPT-3 & GPT-4, ChatGPT ChatBot & AI Toolkit 5.4 Medium2025-03-08
CVE-2025-1504 Post Lockdown <= 4.0.2 - Missing Authorization to Authenticated (Subscriber+) Post Disclosure — Post Lockdown 4.3 Medium2025-03-08
CVE-2025-1481 Shortcode Cleaner Lite <= 1.0.9 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Export — Shortcode Cleaner Lite 6.5 Medium2025-03-08
CVE-2024-12876 Golo - Directory & Listing, Travel WordPress Theme <= 1.6.10 - Missing Authorization to Privilege Escalation via Unauthenticated Arbitrary User Password Change — Golo - City Travel Guide WordPress Theme 9.8 Critical2025-03-07
CVE-2024-12610 School Management System for Wordpress <= 93.0.0 - Missing Authorization to Unauthenticated Arbitrary Post Deletion — School Management System for Wordpress 5.3 Medium2025-03-07
CVE-2024-12611 School Management System for Wordpress <= 93.0.0 - Reflected Cross-Site Scripting — School Management System for Wordpress 5.3 Medium2025-03-07
CVE-2025-1309 UiPress lite | Effortless custom dashboards, admin themes and pages <= 3.5.04 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update — UiPress lite | Effortless custom dashboards, admin themes and pages 8.8 High2025-03-07
CVE-2024-13655 Flex Mag - Responsive WordPress News Theme <= 3.5.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Option Deletion — Flex Mag - Responsive WordPress News Theme 8.1 High2025-03-07
CVE-2024-13526 EventPrime – Events Calendar, Bookings and Tickets <= 4.0.7.3 - Missing Authorization to Authenticated (Subscriber+) Event Attendees Export — EventPrime – Events Calendar, Bookings and Tickets 4.3 Medium2025-03-07
CVE-2025-1666 Cookie banner plugin for WordPress – Cookiebot CMP by Usercentrics <= 4.4.1 - Missing Authorization to Authenticated (Subscriber+) Survey Submission — Cookiebot by Usercentrics – Automatic Cookie Banner for GDPR/CCPA & Google Consent Mode 4.3 Medium2025-03-06
CVE-2024-13423 Sparkling <= 2.4.9 - Missing Authorization to Unauthenticated Arbitrary Plugin Activation/Deactivation — Sparkling 5.3 Medium2025-03-05
CVE-2024-13232 WordPress Awesome Import & Export Plugin - Import & Export WordPress Data <= 4.1.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary SQL Execution/Privilege Escalation — WordPress Awesome Import & Export Plugin - Import & Export WordPress Data 8.8 High2025-03-05
CVE-2024-13747 WooMail - WooCommerce Email Customizer <= 3.0.34 - Authenticated (Subscriber+) Missing Authorization to SQL Injection — WooMail - WooCommerce Email Customizer 4.3 Medium2025-03-05
CVE-2024-13810 Zass - WooCommerce Theme for Handmade Artists and Artisans <= 3.9.9.10 - Missing Authorization to Authenticated (Subscriber+) Demo Import — Zass - WooCommerce Theme for Handmade Artists and Artisans 4.3 Medium2025-03-05

Vulnerabilities classified as CWE-862 (授权机制缺失) represent 5531 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.