Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-862 (授权机制缺失) — Vulnerability Class 5531

5531 vulnerabilities classified as CWE-862 (授权机制缺失). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2025-0954 WP Online Contract <= 5.1.4 - Missing Authorization to Unauthenticated Settings Import — WP Online Contract 6.5 Medium2025-03-05
CVE-2024-13811 Lafka - Multi Store Burger - Pizza & Food Delivery WooCommerce Theme <= 4.5.7 - Missing Authorization to Authenticated (Subscriber+) Demo Import — Lafka - Multi Store Burger - Pizza & Food Delivery WooCommerce Theme 4.3 Medium2025-03-05
CVE-2024-13780 Hero Mega Menu - Responsive WordPress Menu Plugin <= 1.16.5 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Directory Deletion — Hero Mega Menu - Responsive WordPress Menu Plugin 6.5 Medium2025-03-05
CVE-2024-8682 JNews - WordPress Newspaper Magazine Blog AMP Theme <= 11.6.6 - Unauthorized User Registration — JNews - WordPress Newspaper Magazine Blog AMP Theme 5.3 Medium2025-03-05
CVE-2025-1307 Newscrunch <= 1.8.4 - Authenticated (Subscriber+) Arbitrary File Upload — Newscrunch 9.8 Critical2025-03-04
CVE-2025-1639 Animation Addons for Elementor Pro <= 1.6 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Installation/Activation — Animation Addons for Elementor Pro 8.8 High2025-03-04
CVE-2024-13686 VW Storefront <= 0.9.9 - Missing Authorization to Authenticated (Subscriber+) Settings Reset — VW Storefront 4.3 Medium2025-03-04
CVE-2025-27270 WordPress Residential Address Detection Plugin <= 2.5.4 - Arbitrary Option Update to Privilege Escalation vulnerability — Residential Address Detection 9.8 Critical2025-03-03
CVE-2025-23763 WordPress WAH Forms plugin <= 1.0 - Sensitive Data Exposure vulnerability — WAH Forms 6.5 Medium2025-03-03
CVE-2025-23613 WordPress WP Journal plugin <= 1.1 - Broken Access Control vulnerability — WP Journal 6.5 Medium2025-03-03
CVE-2025-23615 WordPress Interactive Page Hierarchy plugin <= 1.0.1 - Broken Access Control vulnerability — Interactive Page Hierarchy 6.5 Medium2025-03-03
CVE-2025-23515 WordPress ts-tree plugin <= 0.1.1 - Arbitrary Content Deletion vulnerability — ts-tree 6.5 Medium2025-03-03
CVE-2025-23440 WordPress radSLIDE plugin <= 2.1 - Broken Access Control to Stored Cross-Site Scripting vulnerability — radSLIDE 6.3 Medium2025-03-03
CVE-2025-24654 WordPress Squirrly SEO plugin <= 12.4.07 - Broken Access Control vulnerability — SEO Plugin by Squirrly SEO 7.1 High2025-03-03
CVE-2025-1404 Secure Copy Content Protection and Content Locking <= 4.4.7 - Missing Authorization to Unauthenticated User Email Retrieval via ays_sccp_reports_user_search Function — Secure Copy Content Protection and Content Locking 5.3 Medium2025-03-01
CVE-2024-12544 SurveyJS: Drag & Drop WordPress Form Builder to create, style and embed multiple forms of any complexity <= 1.12.17 - Missing Authorization to Authenticated (Subscriber+) Arbitrary File Deletion via SurveyJS_DeleteFile — SurveyJS: Drag & Drop Form Builder 8.8 High2025-03-01
CVE-2025-1502 IP2Location Redirection <= 1.33.3 - Missing Authorization to Unauthenticated Settings Export — IP2Location Redirection 5.3 Medium2025-03-01
CVE-2024-13746 Booking Calendar and Notification <= 4.0.3 - Missing Authorization via wpcb_all_bookings, wpcb_update_booking_post, and wpcb_delete_posts Functions — Booking Calendar and Notification 6.5 Medium2025-03-01
CVE-2025-1780 BuddyPress WooCommerce My Account Integration. Create WooCommerce Member Pages <= 3.4.25 - Cross-Site Request Forgery to Limited Settings Update — BuddyPress WooCommerce My Account Integration. Create WooCommerce Member Pages 4.3 Medium2025-03-01
CVE-2024-13358 BuddyPress WooCommerce My Account Integration. Create WooCommerce Member Pages <= 3.4.24 - Missing Authorization to Authenticated (Subscriber+) Limited Settings Update — BuddyPress WooCommerce My Account Integration. Create WooCommerce Member Pages 4.3 Medium2025-03-01
CVE-2024-10860 NextMove Lite – Thank You Page for WooCommerce <= 2.19.0 - Missing Authorization to Authenticated (Subscriber+) Deactivation Reason Submission — NextMove Lite – Thank You Page for WooCommerce 4.3 Medium2025-02-28
CVE-2024-9195 WHMPress - WHMCS Client Area <= 4.3-revision-3- Authenticated (Subscriber+) Arbitrary Options Update — WHMCS Client Area for WordPress by WHMpress 8.8 High2025-02-28
CVE-2024-13716 Forex Calculators <= 1.3.7 - Missing Authorization to Authenticated (Subscriber+) Settings Update — Forex Calculators 4.3 Medium2025-02-28
CVE-2025-1681 Cardealer <= 1.6.4 - Missing Authorization to Authenticated (Subscriber+) Change and Delete JS and CSS Files — Car Dealer Automotive WordPress Theme – Responsive 5.4 Medium2025-02-27
CVE-2025-1682 Cardealer <= 1.6.4 - Arbitrary Theme Option Update to Authenticated (Subscriber+) Privilege Escalation — Car Dealer Automotive WordPress Theme – Responsive 8.8 High2025-02-27
CVE-2025-22280 WordPress DefendWP Firewall Plugin <= 1.1.0 - Broken Access Control vulnerability — DefendWP Firewall 7.6 High2025-02-27
CVE-2025-1249 WordPress Events Manager plugin <= 6.6.4.1 - Broken Access Control vulnerability — Events Manager 5.3 Medium2025-02-26
CVE-2025-1091 Broken Authorization Schema — Tenable Identity Exposure 4.3 Medium2025-02-25
CVE-2025-26995 WordPress Market Exporter plugin <= 2.0.21 - Broken Access Control vulnerability — Market Exporter 5.4 Medium2025-02-25
CVE-2025-26983 WordPress Recipe Card Blocks for Gutenberg & Elementor plugin <= 3.4.3 - Broken Access Control vulnerability — Recipe Card Blocks for Gutenberg & Elementor 4.3 Medium2025-02-25

Vulnerabilities classified as CWE-862 (授权机制缺失) represent 5531 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.