Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-862 (授权机制缺失) — Vulnerability Class 5522

5522 vulnerabilities classified as CWE-862 (授权机制缺失). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2026-5427 Kubio AI Page Builder <= 2.7.2 - Missing Authorization to Authenticated (Contributor+) Limited File Upload via Kubio Block Attributes — Kubio AI Page Builder 5.3 Medium2026-04-17
CVE-2026-5502 Tutor LMS <= 3.9.8 - Authenticated (Subscriber+) Arbitrary Course Content Manipulation via tutor_update_course_content_order — Tutor LMS – eLearning and online course solution 5.3 Medium2026-04-17
CVE-2026-4666 wpForo Forum <= 2.4.16 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Forum Post Modification via 'guestposting' Parameter — wpForo Forum 6.5 Medium2026-04-17
CVE-2026-3488 WP Statistics <= 14.16.4 - Missing Authorization to Authenticated (Subscriber+) Sensitive Information Exposure and Privacy Audit Manipulation — WP Statistics – Simple, privacy-friendly Google Analytics alternative 6.5 Medium2026-04-17
CVE-2026-40265 Note Mark has Broken Access Control on Asset Download — note-mark 5.9 Medium2026-04-16
CVE-2026-3155 OneSignal – Web Push Notifications <= 3.8.0 - Missing Authorization to Authenticated (Subscriber+) Post Meta Deletion via 'post_id' — OneSignal – Web Push Notifications 3.1 Low2026-04-16
CVE-2026-0718 Post Grid Gutenberg Blocks for News, Magazines, Blog Websites – PostX <= 5.0.5 - Missing Authorization to Limited Post Meta Modification — Post Grid Gutenberg Blocks for News, Magazines, Blog Websites – PostX 5.3 Medium2026-04-16
CVE-2026-3581 Basic Google Maps Placemarks <= 1.10.7 - Missing Authorization to Unauthenticated Default Map Coordinate Update — Basic Google Maps Placemarks 5.3 Medium2026-04-16
CVE-2026-3614 AcyMailing 9.11.0 - 10.8.1 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation — AcyMailing – An Ultimate Newsletter Plugin and Marketing Automation Solution for WordPress 8.8 High2026-04-16
CVE-2026-3595 Riaxe Product Customizer <= 2.1.2 - Unauthenticated Arbitrary User Deletion via 'user_id' Parameter — Riaxe Product Customizer 5.3 Medium2026-04-16
CVE-2026-3596 Riaxe Product Customizer <= 2.1.2 - Missing Authorization to Unauthenticated Arbitrary Options Update to Privilege Escalation via 'install-imprint' AJAX Action — Riaxe Product Customizer 9.8 Critical2026-04-16
CVE-2026-40502 OpenHarness Remote Administrative Command Injection via Gateway Handler — OpenHarness 8.8 High2026-04-16
CVE-2026-4949 ProfilePress <= 4.16.12 - Missing Authorization to Authenticated (Subscriber+) Inactive Membership Plan Subscription — Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress 4.3 Medium2026-04-15
CVE-2026-33214 Weblate has improper access control for the translation memory API — weblate 4.3 Medium2026-04-15
CVE-2026-6372 WordPress Accept Cryptocurrencies with Plisio plugin <= 2.0.5 - Payment Bypass vulnerability — Accept Cryptocurrencies with Plisio 7.5 High2026-04-15
CVE-2026-5387 AVEVA Pipeline Simulation Missing Authorization — Pipeline Simulation 2025 9.8 -2026-04-15
CVE-2026-40786 WordPress MyRewards plugin <= 5.7.3 - Broken Access Control vulnerability — MyRewards 9.1 -2026-04-15
CVE-2026-40778 WordPress Majestic Support plugin <= 1.1.2 - Broken Access Control vulnerability — Majestic Support 8.1 -2026-04-15
CVE-2026-40763 WordPress Royal Elementor Addons plugin <= 1.7.1056 - Broken Access Control vulnerability — Royal Elementor Addons 8.1 -2026-04-15
CVE-2026-40742 WordPress Nelio AB Testing plugin <= 8.2.8 - Sensitive Data Exposure vulnerability — Nelio AB Testing 8.1 -2026-04-15
CVE-2026-40740 WordPress Tutor LMS plugin <= 3.9.7 - Broken Access Control vulnerability — Tutor LMS 8.1 -2026-04-15
CVE-2026-40729 WordPress 3D viewer – Embed 3D Models plugin <= 1.8.5 - Broken Access Control vulnerability — 3D viewer – Embed 3D Models 9.1 -2026-04-15
CVE-2026-40730 WordPress ThemeGrill Demo Importer plugin <= 2.0.0.6 - Broken Access Control vulnerability — ThemeGrill Demo Importer 9.1 -2026-04-15
CVE-2026-40728 WordPress Magazine Blocks plugin <= 1.8.3 - Broken Access Control vulnerability — Magazine Blocks 9.1 -2026-04-15
CVE-2026-27769 Connected Workspaces: Malicious remote server can manipulate arbitrary user's status — Mattermost 2.7 Low2026-04-15
CVE-2026-3649 Katalogportal-pdf-sync Widget <= 1.0.0 - Missing Authorization to Authenticated (Subscriber+) Information Disclosure via 'katalogportal_shortcodePrinter' AJAX Action — Katalogportal-pdf-sync Widget 5.3 Medium2026-04-15
CVE-2026-3642 e-shot <= 1.0.2 - Missing Authorization to Authenticated (Subscriber+) Form Settings Modification via AJAX — e-shot 5.3 Medium2026-04-15
CVE-2026-4812 Advanced Custom Fields (ACF®) <= 6.7.0 - Unauthenticated Missing Authorization to Arbitrary Post/Page Disclosure via AJAX Field Query Parameters — Advanced Custom Fields (ACF®) 5.3 Medium2026-04-15
CVE-2026-1314 3D FlipBook – PDF Embedder, PDF Flipbook Viewer, Flipbook Image Gallery <= 1.16.17 - Missing Authorization to Unauthenticated Private/Draft Flipbook Data Exposure — 3D FlipBook – PDF Embedder, PDF Flipbook Viewer, Flipbook Image Gallery 5.3 Medium2026-04-14
CVE-2025-15565 Nexi XPay <= 8.3.0 - Missing Authorization to Unauthenticated Order Status Modification — Nexi XPay 5.3 Medium2026-04-14

Vulnerabilities classified as CWE-862 (授权机制缺失) represent 5522 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.