Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-862 (授权机制缺失) — Vulnerability Class 5531

5531 vulnerabilities classified as CWE-862 (授权机制缺失). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2025-26975 WordPress Strong Testimonials plugin <= 3.2.3 - Broken Access Control vulnerability — Strong Testimonials 5.3 Medium2025-02-25
CVE-2025-26960 WordPress Small Package Quotes – Unishippers Edition plugin <= 2.4.9 - Broken Access Control vulnerability — Small Package Quotes – Unishippers Edition 6.5 Medium2025-02-25
CVE-2025-26948 WordPress Pie Register Premium plugin <= 3.8.3.2 - Broken Access Control vulnerability — Pie Register Premium 4.3 Medium2025-02-25
CVE-2025-26928 WordPress Order Limit for WooCommerce plugin <= 3.0.2 - Broken Access Control vulnerability — Order Limit for WooCommerce 4.3 Medium2025-02-25
CVE-2025-26871 WordPress Essential Blocks plugin <= 4.8.3 - Broken Access Control vulnerability — Essential Blocks for Gutenberg 4.3 Medium2025-02-25
CVE-2025-27000 WordPress Simple Photo Feed Plugin <= 1.4.0 - Broken Access Control vulnerability — Simple Photo Feed 5.4 Medium2025-02-25
CVE-2025-27356 WordPress Sticky Header On Scroll plugin <= 1.0 - Broken Access Control vulnerability — Sticky Header On Scroll 5.4 Medium2025-02-24
CVE-2025-26883 WordPress Animated Text Block plugin <= 1.0.7 - Broken Access Control vulnerability — Animated Text Block 6.5 Medium2025-02-24
CVE-2025-27296 WordPress Auto Ad Inserter – Increase Google Adsense and Ad Manager Revenue Plugin <= 1.5 - Settings Change vulnerability — Auto Ad Inserter – Increase Google Adsense and Ad Manager Revenue 7.2 High2025-02-24
CVE-2025-27294 WordPress WP-Asambleas plugin <= 2.85.0 - Arbitrary Shortcode Execution vulnerability — WP-Asambleas 4.8 Medium2025-02-24
CVE-2025-26764 WordPress Distance Based Shipping Calculator plugin <= 2.0.22 - Settings Change vulnerability — Distance Based Shipping Calculator 6.5 Medium2025-02-22
CVE-2025-26750 WordPress Vitepos Plugin <= 3.1.3 - Broken Access Control vulnerability — Vitepos 6.5 Medium2025-02-22
CVE-2025-1402 Event Tickets and Registration <= 5.19.1.1 - Missing Authorization to Ticket Deletion — Event Tickets and Registration 5.3 Medium2025-02-21
CVE-2025-1483 LTL Freight Quotes – GlobalTranz Edition <= 2.3.12 - Missing Authorization to Unauthenticated Settings Update — LTL Freight Quotes – GlobalTranz Edition 5.3 Medium2025-02-20
CVE-2024-13520 Gift Cards (Gift Vouchers and Packages) (WooCommerce Supported) <= 4.4.9 - Missing Authorization to Unauthenticated Price, Date, and Note Updates — Gift Cards (Gift Vouchers and Packages) (WooCommerce Supported) 5.3 Medium2025-02-20
CVE-2024-37363 Hitachi Vantara Pentaho Business Analytics Server - Incorrect Authorization — Pentaho Data Integration & Analytics 6.5 Medium2025-02-19
CVE-2024-13364 Raptive Ads <= 3.6.3 - Missing Authorization to Unauthenticated Data/Settings Reset — Raptive Ads 5.3 Medium2025-02-19
CVE-2024-13231 WordPress Portfolio Builder – Portfolio Gallery <= 1.1.7 - Missing Authorization to Unauthenticated Portfolio Update — WordPress Portfolio Builder – Portfolio Gallery 5.3 Medium2025-02-19
CVE-2024-13468 Trash Duplicate and 301 Redirect <= 1.9 - Missing Authorization to Unauthenticated Arbitrary Post Deletion — Trash Duplicate and 301 Redirect 7.5 High2025-02-19
CVE-2024-13719 PeproDev Ultimate Invoice <= 2.0.9 - Insecure Direct Object Reference to Unauthenticated Order Information Exposure — PeproDev Ultimate Invoice 5.3 Medium2025-02-19
CVE-2025-22657 WordPress Atarim plugin <= 4.0.9 - Arbitrary Content Deletion vulnerability — Atarim 7.5 High2025-02-18
CVE-2025-27013 WordPress MediCenter theme < 14.7 - Sensitive Data Exposure vulnerability — MediCenter - Health Medical Clinic 5.3 Medium2025-02-18
CVE-2024-13783 FormCraft <= 3.9.11 - Missing Authorization to Plugin Data Export in formcraft-main.php — FormCraft 4.3 Medium2025-02-18
CVE-2024-13316 Scratch & Win – Giveaways and Contests <= 2.8.0 - Missing Authorization to Unauthenticated Coupon Creation — Scratch & Win – Giveaways and Contests. Boost subscribers, traffic, repeat visits, referrals, sales and more 5.3 Medium2025-02-18
CVE-2024-13556 Affiliate Links: WordPress Plugin for Link Cloaking and Link Management <= 3.0.1 - Missing Authorization to Unauthenticated Import/Export and PHP Object Injection — Affiliate Links – Link Cloaking and Management 8.1 High2025-02-18
CVE-2024-13677 GetBookingsWp - Appointments & Bookings Plugin Basic Version <= 1.1.27 - Authenticated (Subscriber+) Privilege Escalation via Account Takeover — GetBookingsWP – Appointments Booking Calendar Plugin For WordPress 8.8 High2025-02-18
CVE-2024-13687 Team Builder – Meet the Team <= 1.3 - Missing Authorization to Authenticated (Subscriber+) Settings Update — Team Builder – Meet the Team 4.3 Medium2025-02-18
CVE-2025-26773 WordPress Analytify plugin <= 5.5.0 - Broken Access Control vulnerability — Analytify 4.3 Medium2025-02-17
CVE-2025-26765 WordPress Distance Based Shipping Calculator plugin <= 2.0.22 - Broken Access Control vulnerability — Distance Based Shipping Calculator 5.4 Medium2025-02-16
CVE-2025-22289 WordPress LTL Freight Quotes – Unishippers Edition plugin <= 2.5.8 - Broken Access Control vulnerability — LTL Freight Quotes – Unishippers Edition 6.5 Medium2025-02-16

Vulnerabilities classified as CWE-862 (授权机制缺失) represent 5531 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.