CWE-862 (授权机制缺失) — Vulnerability Class 5531

5531 vulnerabilities classified as CWE-862 (授权机制缺失). AI Chinese analysis included.

CVE ID	Title	CVSS	Severity	Published
CVE-2024-24835	WordPress BEAR plugin <= 1.1.4 - Broken Access Control vulnerability — BEAR	4.3	Medium	2024-03-23
CVE-2024-24840	WordPress Element Pack Elementor Addons plugin <= 5.4.11 - Broken Access Control on Duplicate Post vulnerability — Element Pack Elementor Addons	4.3	Medium	2024-03-23
CVE-2024-24883	WordPress Prime Slider plugin <= 3.11.10 - Broken Access Control on Duplicate Post vulnerability — Prime Slider – Addons For Elementor	4.3	Medium	2024-03-21
CVE-2024-25907	WordPress WP Media folder plugin <= 5.7.2 - Plugin Settings Change vulnerability — WP Media folder	5.4	Medium	2024-03-21
CVE-2024-24850	WordPress Quicksand Post Filter jQuery plugin <= 3.1.1 - Broken Access Control vulnerability — Quicksand Post Filter jQuery Plugin	5.3	Medium	2024-03-21
CVE-2022-44633	WordPress YITH WooCommerce Gift Cards Premium plugin <= 3.23.1 - Unauth. Gift Card Creation Leading to Stored XSS vulnerability — YITH WooCommerce Gift Cards Premium	6.5	Medium	2024-03-21
CVE-2022-47604	WordPress AJAX Thumbnail Rebuild plugin <= 1.13 - Broken Access Control vulnerability — AJAX Thumbnail Rebuild	4.3	Medium	2024-03-21
CVE-2024-25908	WordPress WP Media folder plugin <= 5.7.2 - Subscriber+ Arbitrary Post/Page Modification vulnerability — WP Media folder	4.3	Medium	2024-03-21
CVE-2024-25912	WordPress MoveTo plugin <= 6.2 - Unauthenticated Arbitrary WordPress Settings Change vulnerability — MoveTo	9.8	Critical	2024-03-21
CVE-2024-25922	WordPress Peach Payments Gateway plugin <= 3.1.9 - Broken Access Control vulnerability — Peach Payments Gateway	5.4	Medium	2024-03-21
CVE-2024-25935	WordPress RegistrationMagic plugin <= 5.2.5.9 - Broken Access Control vulnerability — RegistrationMagic	4.3	Medium	2024-03-21
CVE-2023-51672	WordPress FunnelKit Checkout plugin <= 3.10.3 - Unauthenticated Arbitrary Post/Page Deletion vulnerability — FunnelKit Checkout	7.5	High	2024-03-21
CVE-2023-27607	WordPress Points and Rewards for WooCommerce plugin <= 1.5.0 - Settings Change vulnerability — Points and Rewards for WooCommerce	5.4	Medium	2024-03-21
CVE-2024-27190	WordPress Download Media plugin <= 1.4.2 - Broken Access Control vulnerability — Download Media	4.3	Medium	2024-03-21
CVE-2024-27970	WordPress WP SendFox plugin <= 1.3.0 - Broken Access Control vulnerability — WP SendFox	5.4	Medium	2024-03-21
CVE-2023-52229	WordPress Word Replacer Pro plugin <= 1.0 - Broken Access Control vulnerability — Word Replacer Pro	6.5	Medium	2024-03-20
CVE-2024-2702	WordPress Olive One Click Demo Import plugin <= 1.1.1 - Broken Access Control vulnerability — Olive One Click Demo Import	8.2	High	2024-03-20
CVE-2024-1119	Order Tip for WooCommerce <= 1.3.1 - Missing Authorization to Unauthenticated Data Export — Order Tip for WooCommerce	5.3	Medium	2024-03-20
CVE-2024-1181	Coming Soon, Under Construction & Maintenance Mode By Dazzler <= 2.1.2 - Maintenance Mode Bypass — Coming Soon, Under Construction & Maintenance Mode By Dazzler	5.3	Medium	2024-03-20
CVE-2024-1844	RevivePress – Keep your Old Content Evergreen <= 1.5.6 - Missing Authorization — RevivePress – Keep your Old Content Evergreen	4.3	Medium	2024-03-20
CVE-2024-1995	Smart Custom Fields <= 4.2.2 - Missing Authorization to Authenticated (Subscriber+) Post Content Disclosure — Smart Custom Fields	4.3	Medium	2024-03-20
CVE-2024-1857	Ultimate Gift Cards for WooCommerce – Create, Redeem & Manage Digital Gift Certificates with Personalized Templates <= 2.6.6 - Missing Authorization to Unauthenticated Information Exposure — Ultimate Gift Cards for WooCommerce	5.3	Medium	2024-03-16
CVE-2024-1733	Word Replacer Pro <= 1.0 - Missing Authorization to Unauthenticated Arbitrary Content Update — Word Replacer Pro	5.3	Medium	2024-03-16
CVE-2023-50898	WordPress Image Optimizer, Resizer and CDN – Sirv plugin <= 7.1.2 - Broken Access Control vulnerability — Sirv	5.4	Medium	2024-03-15
CVE-2024-23944	Apache ZooKeeper: Information disclosure in persistent watcher handling — Apache ZooKeeper	5.3	-	2024-03-15
CVE-2024-27953	WordPress Cryptocurrency Widgets – Price Ticker & Coins List Plugin <= 2.6.8 is vulnerable to Broken Access Control — Cryptocurrency Widgets – Price Ticker & Coins List	4.7	Medium	2024-03-13
CVE-2024-1126	EventPrime – Events Calendar, Bookings and Tickets <= 3.4.2 - Missing Authorization to Authenticated (Subscriber+) Attendee List Retrieval — EventPrime – Events Calendar, Bookings and Tickets	4.3	Medium	2024-03-13
CVE-2024-0829	Comments Extra Fields For Post,Pages and CPT <= 5.0 - Missing Authorization — Comments Extra Fields For Post,Pages and CPT	4.3	Medium	2024-03-13
CVE-2024-0683	Bulgarisation for WooCommerce <= 3.0.14 - Missing Authorization — Bulgarisation for WooCommerce	7.3	High	2024-03-13
CVE-2024-0447	ArtiBot Free Chat Bot for WordPress WebSites <= 1.1.6 - Missing Authorization to Settings Update — ArtiBot Free Chat Bot for WebSites	5.0	Medium	2024-03-13

Vulnerabilities classified as CWE-862 (授权机制缺失) represent 5531 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.

Goal Reached Thanks to every supporter — we hit 100%!

CWE-862 (授权机制缺失) — Vulnerability Class 5531