Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-862 (授权机制缺失) — Vulnerability Class 5530

5530 vulnerabilities classified as CWE-862 (授权机制缺失). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2023-2556 WPCS – WordPress Currency Switcher Professional <= 1.1.9 - Missing Authorization to Arbitrary Custom Drop-Down Currency Switcher Deletion — WPCS – WordPress Currency Switcher Professional 4.3 Medium2023-06-09
CVE-2023-2275 WooCommerce Multivendor Marketplace – REST API <= 1.5.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Order/Order Note Disclosure, Order Note Addition via REST API — WCFM – Multivendor Marketplace REST API for WooCommerce 4.3 Medium2023-06-09
CVE-2023-2085 Essential Blocks <= 4.0.6 - Missing Authorization via templates — Gutenberg Essential Blocks – Page Builder for Gutenberg Blocks & Patterns 4.3 Medium2023-06-09
CVE-2023-1375 WP Fastest Cache <= 1.1.2 - Missing Authorization to Cache Deletion — WP Fastest Cache – WordPress Cache Plugin 4.3 Medium2023-06-09
CVE-2023-2280 WP Directory Kit <= 1.2.2 - Missing Authorization to Plugin Installation, Settings Change/Delete, Demo Import, Directory Kit Deletion via wdk_public_action — WP Directory Kit 6.5 Medium2023-06-09
CVE-2023-2189 Elementor Addons, Widgets and Enhancements – Stax <= 1.4.3 - Missing Authorization in toggle_widget — Stax Addons for Elementor 4.3 Medium2023-06-09
CVE-2023-2086 Essential Blocks <= 4.0.6 - Missing Authorization via template_count — Gutenberg Essential Blocks – Page Builder for Gutenberg Blocks & Patterns 4.3 Medium2023-06-09
CVE-2023-0291 Quiz And Survey Master <= 8.0.8 - Unauthenticated Arbitrary Media Deletion — Quiz and Survey Master (QSM) – Easy Quiz and Survey Maker 7.2 High2023-06-09
CVE-2023-1843 Metform Elementor Contact Form Builder <= 3.3.0 - Missing Authorization — MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor 6.5 Medium2023-06-09
CVE-2023-0993 Shield Security <= 17.0.17 - Missing Authorization — Shield: Blocks Bots, Protects Users, and Prevents Security Breaches 4.3 Medium2023-06-09
CVE-2023-2414 Online Booking & Scheduling Calendar for WordPress by vcita <= 4.4.6 - Missing Authorization to Settings Update and Arbitrary File Upload — Online Booking & Scheduling Calendar for WordPress by vcita 5.4 Medium2023-06-09
CVE-2023-2764 Draw Attention <= 2.0.11 - Missing Authorization to Arbitrary Post Featured Image Modification — Interactive Image Map Plugin – Draw Attention 4.3 Medium2023-06-09
CVE-2023-2084 Essential Blocks <= 4.0.6 - Missing Authorization via get — Gutenberg Essential Blocks – Page Builder for Gutenberg Blocks & Patterns 4.3 Medium2023-06-09
CVE-2023-34234 Governor proposal creation may be blocked by frontrunning in OpenZeppelin — openzeppelin-contracts 5.3 Medium2023-06-07
CVE-2021-4379 WooCommerce Multi Currency <= 2.1.17 - Missing Authorization — CURCY - WooCommerce Multi Currency - Currency Switcher 6.5 Medium2023-06-07
CVE-2021-4337 Multiple XforWooCommerce Add-On Plugins (Various Versions) - Missing Authorization — Package Quantity Discount 8.8 High2023-06-07
CVE-2021-4381 uListing <= 1.6.6 - Unauthenticated Options Changes via wp_route — Directory Listings WordPress plugin – uListing 9.8 Critical2023-06-07
CVE-2022-4950 Cool Plugins (Various Versions) - Arbitrary Plugin Installation and Activation — The Events Calendar Events Notification Bar Addon 8.8 High2023-06-07
CVE-2021-4383 WP Quick FrontEnd Editor <= 5.5 - Authenticated (Subscriber+) Content Injection — WP Quick FrontEnd Editor – WordPress Plugin 8.1 High2023-06-07
CVE-2020-36730 CMP <= 3.8.1 - Missing Authorization — CMP – Coming Soon & Maintenance Plugin by NiteoThemes 8.3 High2023-06-07
CVE-2021-4376 WooCommerce Multi Currency <= 2.1.17 - Missing Authorization — CURCY – Multi Currency for WooCommerce – Smoothly on WooCommerce 9.x 4.3 Medium2023-06-07
CVE-2021-4375 Welcart e-Commerce < 2.2.8 - Missing Capabilities Check to Information Disclosure — Welcart e-Commerce 4.3 Medium2023-06-07
CVE-2023-3126 B2BKing <= 4.6.00 - Missing Authorization to Authenticated(Subscriber+) Information Disclosure — B2BKing — Ultimate WooCommerce B2B and Wholesale Plugin — Wholesale Prices, Bulk Order Form & More 4.3 Medium2023-06-07
CVE-2020-36725 TI WooCommerce Wishlist <= 1.21.11 and TI WooCommerce Wishlist Pro <= 1.21.4 - Arbitrary Options Update — TI WooCommerce Wishlist Pro 8.8 High2023-06-07
CVE-2021-4374 WordPress Automatic Plugin <= 3.53.2 - Unauthenticated Arbitrary Options Update — WordPress Automatic Plugin 9.1 Critical2023-06-07
CVE-2021-4370 uListing <= 1.6.6 - Missing Authorization — Directory Listings WordPress plugin – uListing 9.8 Critical2023-06-07
CVE-2021-4371 WP Quick FrontEnd Editor <= 5.5 - Authenticated Settings Change — WP Quick FrontEnd Editor – WordPress Plugin 4.3 Medium2023-06-07
CVE-2021-4369 Frontend File Manager <= 18.2 - Unauthenticated Content Injection — Frontend File Manager Plugin 5.8 Medium2023-06-07
CVE-2023-3125 B2BKing <= 4.6.00 - Missing Authorization to Authenticated(Subscriber+) Price Modification — B2BKing — Ultimate WooCommerce B2B and Wholesale Plugin — Wholesale Prices, Bulk Order Form & More 6.5 Medium2023-06-07
CVE-2021-4368 Frontend File Manager <= 18.2 - Authenticated Settings Change leading to Arbitrary File Upload — Frontend File Manager Plugin 9.9 Critical2023-06-07

Vulnerabilities classified as CWE-862 (授权机制缺失) represent 5530 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.