CWE-862 (授权机制缺失) — Vulnerability Class 5525

5525 vulnerabilities classified as CWE-862 (授权机制缺失). AI Chinese analysis included.

CVE ID	Title	CVSS	Severity	Published
CVE-2026-25083	Weseek Growi 安全漏洞 — GROWI	5.4^AI	Medium^AI	2026-03-16
CVE-2026-2233	User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registration <= 4.2.8 - Missing Authorization to Unauthenticated Arbitrary Post Modification via 'post_id' Parameter — User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registration	5.3	Medium	2026-03-15
CVE-2026-1870	Thim Kit for Elementor <= 1.3.7 - Missing Authorization to Unauthenticated Private Course Disclosure — Thim Kit for Elementor – Pre-built Templates & Widgets for Elementor	5.3	Medium	2026-03-14
CVE-2026-1948	NEX-Forms – Ultimate Forms Plugin for WordPress <= 9.1.9 - Missing Authorization to Authenticated (Subscriber+) License Deactivation via deactivate_license — NEX-Forms – Ultimate Forms Plugin for WordPress	4.3	Medium	2026-03-14
CVE-2026-32487	WordPress Lawyer Landing Page theme <= 1.2.7 - Broken Access Control vulnerability — Lawyer Landing Page	9.1	-	2026-03-13
CVE-2026-32486	WordPress Travel Booking theme <= 1.3.9 - Broken Access Control vulnerability — Travel Booking	8.2	-	2026-03-13
CVE-2026-32543	WordPress Responsive Blocks plugin <= 2.2.0 - Broken Access Control vulnerability — Responsive Blocks	9.1	-	2026-03-13
CVE-2026-32461	WordPress Really Simple SSL plugin <= 9.5.7 - Broken Access Control vulnerability — Really Simple SSL	8.2	-	2026-03-13
CVE-2026-32457	WordPress Advanced Product Fields (Product Addons) for WooCommerce plugin <= 1.6.18 - Broken Access Control vulnerability — Advanced Product Fields (Product Addons) for WooCommerce	9.1	-	2026-03-13
CVE-2026-32452	WordPress Fusion Builder plugin < 3.15.0 - Broken Access Control vulnerability — Fusion Builder	9.1	-	2026-03-13
CVE-2026-32453	WordPress Avada Core plugin < 5.15.0 - Broken Access Control vulnerability — Avada Core	9.1	-	2026-03-13
CVE-2026-32451	WordPress Fusion Builder plugin < 3.15.0 - Broken Access Control vulnerability — Fusion Builder	9.1	-	2026-03-13
CVE-2026-32446	WordPress Contact Form by WPForms plugin <= 1.9.9.3 - Broken Access Control vulnerability — Contact Form by WPForms	9.1	-	2026-03-13
CVE-2026-32447	WordPress Atarim plugin <= 4.3.2 - Broken Access Control vulnerability — Atarim	7.1	-	2026-03-13
CVE-2026-32439	WordPress BigHearts theme <= 3.1.14 - Broken Access Control vulnerability — BigHearts	8.1	-	2026-03-13
CVE-2026-32445	WordPress Elementor Website Builder plugin <= 3.35.5 - Broken Access Control vulnerability — Elementor Website Builder	8.2	-	2026-03-13
CVE-2026-32442	WordPress e2pdf plugin <= 1.28.15 - Broken Access Control vulnerability — e2pdf	6.1	-	2026-03-13
CVE-2026-32440	WordPress WP Food plugin < 2.7.1 - Broken Access Control vulnerability — WP Food	7.1	-	2026-03-13
CVE-2026-32438	WordPress VW School Education theme <= 1.4.6 - Broken Access Control vulnerability — VW School Education	8.2	-	2026-03-13
CVE-2026-32435	WordPress VW Pet Shop theme <= 1.4.7 - Broken Access Control vulnerability — VW Pet Shop	9.1	-	2026-03-13
CVE-2026-32436	WordPress VW Photography theme <= 1.3.8 - Broken Access Control vulnerability — VW Photography	8.2	-	2026-03-13
CVE-2026-32434	WordPress VW Fitness theme <= 4.3.4 - Broken Access Control vulnerability — VW Fitness	9.1	-	2026-03-13
CVE-2026-32437	WordPress VW Portfolio theme <= 1.3.3 - Broken Access Control vulnerability — VW Portfolio	7.1	-	2026-03-13
CVE-2026-32432	WordPress WP Time Slots Booking Form plugin <= 1.2.42 - Broken Access Control vulnerability — WP Time Slots Booking Form	9.1	-	2026-03-13
CVE-2026-32428	WordPress Popup Like box plugin <= 3.7.7 - Broken Access Control vulnerability — Popup Like box	9.1	-	2026-03-13
CVE-2026-32423	WordPress Admin and Site Enhancements (ASE) plugin <= 8.4.0 - Broken Access Control vulnerability — Admin and Site Enhancements (ASE)	9.1	-	2026-03-13
CVE-2026-32425	WordPress Payment Gateway Pix For GiveWP plugin <= 2.2.3 - Broken Access Control vulnerability — Payment Gateway Pix For GiveWP	9.1	-	2026-03-13
CVE-2026-32427	WordPress VW Education Lite plugin <= 2.2.0 - Broken Access Control vulnerability — VW Education Lite	7.5	-	2026-03-13
CVE-2026-32417	WordPress Pochipp plugin < 1.18.9 - Broken Access Control vulnerability — Pochipp	9.1	-	2026-03-13
CVE-2026-32421	WordPress Post Timeline plugin <= 2.4.1 - Broken Access Control vulnerability — Post Timeline	7.1	-	2026-03-13

Vulnerabilities classified as CWE-862 (授权机制缺失) represent 5525 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.

Goal Reached Thanks to every supporter — we hit 100%!

CWE-862 (授权机制缺失) — Vulnerability Class 5525