Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-862 (授权机制缺失) — Vulnerability Class 5527

5527 vulnerabilities classified as CWE-862 (授权机制缺失). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2026-25315 WordPress hCaptcha for WP plugin <= 4.21.1 - Broken Access Control vulnerability — hCaptcha for WP 5.3 Medium2026-02-19
CVE-2026-25311 WordPress Autoshare for Twitter plugin <= 2.3.1 - Broken Access Control vulnerability — Autoshare for Twitter 5.4 Medium2026-02-19
CVE-2026-25313 WordPress FluentForm plugin <= 6.1.14 - Broken Access Control vulnerability — FluentForm 4.3 Medium2026-02-19
CVE-2026-25314 WordPress TOP Table Of Contents plugin <= 1.3.31 - Broken Access Control vulnerability — TOP Table Of Contents 4.3 Medium2026-02-19
CVE-2026-25308 WordPress Simple Membership plugin <= 4.6.9 - Broken Access Control vulnerability — Simple Membership 4.3 Medium2026-02-19
CVE-2026-25003 WordPress Client Portal plugin <= 1.2.1 - Broken Access Control vulnerability — Client Portal 4.3 Medium2026-02-19
CVE-2026-24375 WordPress Ultimate Gift Cards For WooCommerce plugin <= 3.2.4 - Broken Access Control vulnerability — Ultimate Gift Cards For WooCommerce 5.3 Medium2026-02-19
CVE-2026-24999 WordPress Alma plugin <= 5.16.1 - Broken Access Control vulnerability — Alma 5.3 Medium2026-02-19
CVE-2026-25000 WordPress Wheel of Life plugin <= 1.2.0 - Broken Access Control vulnerability — Wheel of Life 5.3 Medium2026-02-19
CVE-2026-23548 WordPress DirectoryPress plugin <= 3.6.25 - Broken Access Control vulnerability — DirectoryPress 5.3 Medium2026-02-19
CVE-2026-23804 WordPress Better Business Reviews plugin <= 0.1.1 - Broken Access Control vulnerability — Better Business Reviews 5.4 Medium2026-02-19
CVE-2026-23545 WordPress Aruba HiSpeed Cache plugin <= 3.0.4 - Broken Access Control vulnerability — Aruba HiSpeed Cache 6.5 Medium2026-02-19
CVE-2026-23547 WordPress CMSMasters Content Composer plugin <= 2.5.8 - Broken Access Control vulnerability — CMSMasters Content Composer 7.1 High2026-02-19
CVE-2026-23543 WordPress Essential Addons for Elementor plugin <= 6.5.5 - Broken Access Control vulnerability — Essential Addons for Elementor 5.3 Medium2026-02-19
CVE-2026-23541 WordPress Mail Mint plugin <= 1.19.4 - Broken Access Control vulnerability — Mail Mint 7.5 High2026-02-19
CVE-2026-27056 WordPress iThemes Sync plugin <= 3.2.8 - Broken Access Control vulnerability — iThemes Sync 4.3 Medium2026-02-19
CVE-2026-2284 News Element Elementor Blog Magazine <= 1.0.8 - Missing Authorization to Authenticated (Subscriber+) Data Loss — News Element Elementor Blog Magazine 5.4 Medium2026-02-19
CVE-2025-14357 Mega Store Woocommerce <= 5.9 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Page Creation and Settings Change — Mega Store Woocommerce 5.3 Medium2026-02-19
CVE-2026-2504 Dealia – Request a quote <= 1.0.7 - Missing Authorization to Authenticated (Contributor+) Plugin Configuration Reset — Dealia – Request a quote 4.3 Medium2026-02-19
CVE-2026-0974 Orderable <= 1.20.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Installation — Orderable – WordPress Restaurant Online Ordering System and Food Ordering Plugin 8.8 High2026-02-19
CVE-2025-14270 OneClick Chat to Order <= 1.0.9 - Missing Authorization to Authenticated (Editor+) Plugin Settings Update — OneClick Chat to Order 2.7 Low2026-02-19
CVE-2025-14427 Shield Security: Blocks Bots, Protects Users, and Prevents Security Breaches <= 21.0.9 - Missing Authorization to Authenticated (Subscriber+) Email MFA Update — Shield: Blocks Bots, Protects Users, and Prevents Security Breaches 4.3 Medium2026-02-19
CVE-2025-14864 Virusdie <= 1.1.7 - Missing Authorization to Authenticated (Subscriber+) API Key Disclosure — Virusdie – One-click website security 4.3 Medium2026-02-19
CVE-2025-13603 WP AUDIO GALLERY <= 2.0 - Authenticated (Subscriber+) Arbitrary File Read via .htaccess Manipulation — WP AUDIO GALLERY 8.8 High2026-02-19
CVE-2025-14342 SEO Plugin by Squirrly SEO <= 12.4.14 - Missing Authorization to Authenticated (Subscriber+) Cloud Service Disconnection — SEO Plugin by Squirrly SEO 4.3 Medium2026-02-19
CVE-2025-13864 Breeze – WordPress Cache Plugin <= 2.2.21 - Missing Authorization to Cache Deletion — Breeze Cache 5.3 Medium2026-02-19
CVE-2025-12975 CTX Feed – WooCommerce Product Feed Manager <= 6.6.11 - Missing Authorization to Authenticated (Shop Manager+) Arbitrary Plugin Installation — Product Feed Manager for WooCommerce – CTX Feed – Support 220+ Shopping & Social Channels 7.2 High2026-02-19
CVE-2025-13930 Checkout Field Manager (Checkout Manager) for WooCommerce <= 7.8.5 - Missing Authorization to Unauthenticated Arbitrary Attachment Deletion — Checkout Field Manager (Checkout Manager) for WooCommerce 5.3 Medium2026-02-19
CVE-2025-15041 BackWPup <= 5.6.2 - Authenticated (BackWPup Helper+) Privilege Escalation via Arbitrary Options Update — BackWPup – WordPress Backup & Restore Plugin 7.2 High2026-02-19
CVE-2025-12081 ACF Photo Gallery Field <= 3.0 - Missing Authorization to Authenticated (Subscriber+) Attachment Metadata Modification — ACF Photo Gallery Field 4.3 Medium2026-02-19

Vulnerabilities classified as CWE-862 (授权机制缺失) represent 5527 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.