Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-862 (授权机制缺失) — Vulnerability Class 5530

5530 vulnerabilities classified as CWE-862 (授权机制缺失). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2023-2562 Gallery Metabox <= 1.5 - Missing Authorization via refresh_metabox — Gallery Metabox 4.3 Medium2023-07-12
CVE-2023-33992 Missing Authorization Check in SAP Business Warehouse and SAP BW/4HANA — SAP Business Warehouse and SAP BW/4HANA 4.5 Medium2023-07-11
CVE-2023-2078 Buy Me a Coffee – Button and Widget Plugin <= 3.7 - Missing Authorization — Buy Me a Coffee – Button and Widget Plugin 7.3 High2023-07-11
CVE-2023-35937 Metersphere missing permission check — metersphere 6.0 Medium2023-07-06
CVE-2023-36815 Sealos billing system permission control defect — sealos 7.3 High2023-07-03
CVE-2021-4388 Opal Estate <= 1.6.11 - Missing Authorization — Opal Estate 4.3 Medium2023-07-01
CVE-2023-36607 CVE-2023-36607 — TBox RM2 6.5 -2023-06-29
CVE-2023-1844 Subscribe2 <= 10.40 - Missing Authorization — Subscribe2 – Form, Email Subscribers & Newsletters 4.3 Medium2023-06-28
CVE-2023-36002 ITM Server Missing Authorization for URL validation — Insider Threat Management 4.3 Medium2023-06-27
CVE-2023-36000 ITM Server Missing Authorization for Agent Config — Insider Threat Management 6.5 Medium2023-06-27
CVE-2023-35998 ITM Server Missing Authorization in SOAP Endpoints — Insider Threat Management 4.6 Medium2023-06-27
CVE-2023-35164 Unauthorized users can manipulate a dashboard created by an administrator in DataEase — dataease 6.3 Medium2023-06-26
CVE-2023-34463 Unauthorized users can delete applications in DataEase — dataease 8.1 High2023-06-26
CVE-2023-35093 WordPress MasterStudy LMS Plugin <= 3.0.8 is vulnerable to Broken Access Control — MasterStudy LMS WordPress Plugin – for Online Courses and Education 6.5 Medium2023-06-22
CVE-2022-46850 WordPress Easy Media Replace Plugin <= 0.1.3 is vulnerable to Arbitrary File Deletion — Easy Media Replace 8.7 High2023-06-19
CVE-2023-2791 Playbooks lets you edit arbitrary posts — Mattermost 4.3 Medium2023-06-16
CVE-2023-2788 Deactivated user can retain access using oauth2 api — Mattermost 6.2 Medium2023-06-16
CVE-2023-2787 Collapsed Reply Threads APIs leak message contents from private channels — Mattermost 6.5 Medium2023-06-16
CVE-2023-2786 Channel commands execution doesn't properly verify permissions — Mattermost 4.3 Medium2023-06-16
CVE-2023-2784 Apps Framework allows install requests from regular members via an internal path — Mattermost App Framework 4.2 Medium2023-06-16
CVE-2023-2783 App Framework does not checks for the secret provided in the incoming webhook request — Mattermost App Framework 4.3 Medium2023-06-16
CVE-2023-3230 Missing Authorization in fossbilling/fossbilling — fossbilling/fossbilling 7.5 -2023-06-14
CVE-2023-2351 WP Directory Kit <= 1.2.3 - Missing Authorization to Plugin Settings Change/Delete, Demo Import, Directory Kit Deletion via wdk_admin_action — WP Directory Kit 6.5 Medium2023-06-13
CVE-2023-2261 WP Activity Log <= 4.5.0 - Missing Capabilities Check to User Enumeration — WP Activity Log 4.3 Medium2023-06-09
CVE-2023-2284 WP Activity Log Premium <= 4.5.0 - Missing Authorization via ajax_switch_db — WP Activity Log Premium 4.3 Medium2023-06-09
CVE-2023-2083 Essential Blocks <= 4.0.6 - Missing Authorization via save — Gutenberg Essential Blocks – Page Builder for Gutenberg Blocks & Patterns 4.3 Medium2023-06-09
CVE-2023-2555 WPCS – WordPress Currency Switcher Professional <= 1.1.9 - Missing Authorization to Custom Drop-Down Currency Switcher Creation — WPCS – WordPress Currency Switcher Professional 4.3 Medium2023-06-09
CVE-2023-2557 WPCS – WordPress Currency Switcher Professional <= 1.1.9 - Missing Authorization to Arbitrary Custom Drop-Down Currency Switcher Editing — WPCS – WordPress Currency Switcher Professional 4.3 Medium2023-06-09
CVE-2023-2066 Announcement & Notification Banner – Bulletin <= 3.6.0 - Missing Authorization Checks — Announcement & Notification Banner – Bulletin 6.3 Medium2023-06-09
CVE-2023-1169 OoohBoi Steroids for Elementor <= 2.1.4 - Missing Authorization leading to Authenticated (Subscriber+) Image Upload — OoohBoi Steroids for Elementor 4.3 Medium2023-06-09

Vulnerabilities classified as CWE-862 (授权机制缺失) represent 5530 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.