Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-862 (授权机制缺失) — Vulnerability Class 5525

5525 vulnerabilities classified as CWE-862 (授权机制缺失). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2026-23806 WordPress Jobs for WordPress plugin <= 2.8 - Broken Access Control vulnerability — Jobs for WordPress 7.5 High2026-03-25
CVE-2026-22485 WordPress My Album Gallery plugin <= 1.0.4 - Arbitrary File Deletion vulnerability — My Album Gallery 6.5 Medium2026-03-25
CVE-2025-69358 WordPress EventPrime plugin <= 4.2.6.0 - Broken Access Control vulnerability — EventPrime 7.5 High2026-03-25
CVE-2026-4283 WP DSGVO Tools (GDPR) <= 3.1.38 - Missing Authorization to Unauthenticated Account Destruction of Non-Admin Users — WP DSGVO Tools (GDPR) 9.1 Critical2026-03-24
CVE-2026-3138 Product Filter for WooCommerce by WBW <= 3.1.2 - Missing Authorization to Unauthenticated Filter Data Deletion via TRUNCATE TABLE — Product Filter for WooCommerce by WBW 6.5 Medium2026-03-24
CVE-2026-33290 WPGraphQL Repo's updateComment allows low-privileged authenticated users to change comment moderation status (comment_approved) without moderate_comments permission — wp-graphql 4.3 Medium2026-03-23
CVE-2026-4056 User Registration & Membership <= 5.1.4 - Missing Authorization to Authenticated (Contributor+) Content Access Rule Manipulation — User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder 5.4 Medium2026-03-23
CVE-2026-3225 LearnPress <= 4.3.2.8 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Quiz Answer Deletion — LearnPress – WordPress LMS Plugin for Create and Sell Online Courses 4.3 Medium2026-03-23
CVE-2026-4066 Smart Custom Fields <= 5.0.6 - Missing Authorization to Authenticated (Contributor+) Sensitive Information Exposure via Relational Post Search — Smart Custom Fields 4.3 Medium2026-03-23
CVE-2026-33685 AVideo Allows Unauthenticated Access to AD_Server reports.json.php that Exposes Ad Campaign Analytics and User Data — AVideo 5.3 Medium2026-03-23
CVE-2026-33501 AVideo has Unauthenticated Information Disclosure of User Group Permission Mappings via Permissions Plugin — AVideo 5.3 Medium2026-03-23
CVE-2026-4261 Expire Users <= 1.2.2 - Authenticated (Subscriber+) Privilege Escalation to Administrator via save_extra_user_profile_fields — Expire Users 8.8 High2026-03-21
CVE-2026-2720 Hr Press Lite <= 1.0.2 - Missing Authorization to Authenticated (Subscriber+) Sensitive Employee Information Exposure — Hr Press Lite 6.5 Medium2026-03-21
CVE-2026-3645 Punnel <= 1.3.1 - Missing Authorization to Authenticated (Subscriber+) Settings Update via 'punnel_save_config' AJAX Action — Punnel – Landing Page Builder 5.3 Medium2026-03-21
CVE-2026-1253 Group Chat & Video Chat by AtomChat <= 1.1.7 - Missing Authorization to Authenticated (Subscriber+) Plugin Options Update — Group Chat & Video Chat by AtomChat 4.3 Medium2026-03-21
CVE-2026-3651 Build App Online <= 1.0.23 - Missing Authorization to Arbitrary Post Author Modification via 'build-app-online-update-vendor-product' AJAX Action — Build App Online 5.3 Medium2026-03-21
CVE-2026-1935 Company Posts for LinkedIn <= 1.0.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary LinkedIn Post Data Deletion — Company Posts for LinkedIn 4.3 Medium2026-03-21
CVE-2026-4127 Speedup Optimization <= 1.5.9 - Missing Authorization to Authenticated (Subscriber+) Plugin Settings Update via 'speedup01_enabled' AJAX Action — Speedup Optimization 4.3 Medium2026-03-21
CVE-2026-3506 WP-Chatbot for Messenger <= 4.9 - Missing Authorization to Unauthenticated Chatbot Configuration Takeover — WP-Chatbot for Messenger 5.3 Medium2026-03-21
CVE-2026-2941 Linksy Search and Replace <= 1.0.4 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Database Update via linksy_search_and_replace_item_details — Linksy Search and Replace 8.8 High2026-03-21
CVE-2026-3335 Canto <= 3.1.1 - Missing Authorization to Unauthenticated File Upload — Canto 5.3 Medium2026-03-21
CVE-2026-3570 Smarter Analytics <= 2.0 - Missing Authorization to Unauthenticated Plugin Settings Reset via 'reset' Parameter — Smarter Analytics 5.3 Medium2026-03-21
CVE-2026-3567 RepairBuddy <= 4.1132 - Missing Authorization to Authenticated (Subscriber+) Plugin Settings Modification via wc_rep_shop_settings_submission AJAX Action — RepairBuddy – Repair Shop CRM & Booking Plugin for WordPress 5.3 Medium2026-03-20
CVE-2026-33427 Discourse Authorization Page Displays Unvalidated Redirect Domain — discourse 4.3 -2026-03-20
CVE-2026-33426 Discourse users can edit or synonymize hidden tags they can't see — discourse 3.5 Low2026-03-20
CVE-2026-33423 Discourse staff can modify any user's group notification level — discourse 4.3 -2026-03-20
CVE-2026-33177 Statamic is missing authorization check on taxonomy term creation via fieldtype — cms 4.3 Medium2026-03-20
CVE-2026-22172 OpenClaw < 2026.3.12 - Scope Elevation in WebSocket Shared-Auth Connections — OpenClaw 9.9 Critical2026-03-20
CVE-2026-3550 RockPress <= 1.0.17 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Modification via AJAX Actions — RockPress 5.3 Medium2026-03-20
CVE-2026-4038 Aimogen Pro <= 2.7.5 - Unauthenticated Privilege Escalation via Arbitrary Function Call — Aimogen Pro - All-in-One AI Content Writer, Editor, ChatBot & Automation Toolkit 9.8 Critical2026-03-20

Vulnerabilities classified as CWE-862 (授权机制缺失) represent 5525 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.