CWE-862 (授权机制缺失) — Vulnerability Class 5527

5527 vulnerabilities classified as CWE-862 (授权机制缺失). AI Chinese analysis included.

CVE ID	Title	CVSS	Severity	Published
CVE-2025-12845	Tablesome Table – Contact Form DB – WPForms, CF7, Gravity, Forminator, Fluent 0.5.4 - 1.2.1 - Missing Authorization to Authenticated (Subscriber+) Information Exposure and Privilege Escalation — Tablesome Table – Contact Form DB – WPForms, CF7, Gravity, Forminator, Fluent	8.8	High	2026-02-19
CVE-2025-11754	Cookie Banner, Cookie Consent, Consent Log, Cookie Scanner, Script Blocker (for GDPR, CCPA & ePrivacy) : WP Cookie Consent <= 4.1.2 - Missing Authorization to Sensitive Information Exposure — Cookie Banner for GDPR / CCPA – WPLP Cookie Consent	7.5	High	2026-02-19
CVE-2025-11725	Aruba HiSpeed Cache <= 3.0.2 - Missing Authorization to Unauthenticated Plugin's Settings Modification — Aruba HiSpeed Cache	6.5	Medium	2026-02-19
CVE-2025-12027	Mesmerize Companion <= 1.6.158 - Missing Authorization Authenticated (Subscriber+) Settings Update — Mesmerize Companion	4.3	Medium	2026-02-19
CVE-2026-25242	Gogs allows unauthenticated file uploads — gogs	9.8	-	2026-02-19
CVE-2019-25351	Centova Cast 3.2.11 - Arbitrary File Download — Centova Cast	8.8	High	2026-02-18
CVE-2026-27181	MajorDoMo Unauthenticated Module Uninstall via Market Endpoint — MajorDoMo	7.5	High	2026-02-18
CVE-2026-1355	Missing Authorization Check in GitHub Enterprise Server Allows Unauthorized Uploads to Repository Migration Exports — Enterprise Server	7.3	-	2026-02-18
CVE-2026-1942	Blog2Social: Social Media Auto Post & Scheduler <= 8.7.4 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Modification — Blog2Social: Social Media Auto Post & Scheduler	6.5	Medium	2026-02-18
CVE-2026-1656	Business Directory Plugin <= 6.4.20 - Missing Authorization to Unauthenticated Arbitrary Listing Modification — Business Directory Plugin – Easy Listing Directories for WordPress	5.3	Medium	2026-02-18
CVE-2026-2127	SiteOrigin Widgets Bundle <= 1.70.4 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Shortcode Execution — SiteOrigin Widgets Bundle	5.4	Medium	2026-02-18
CVE-2026-1831	YayMail <= 4.3.2 - Missing Authorization to Authenticated (Shop Manager+) Plugin Installation and Activation — YayMail – WooCommerce Email Customizer	2.7	Low	2026-02-18
CVE-2026-1860	Kali Forms <= 2.4.8 - Insecure Direct Object Reference to Authenticated (Contributor+) Sensitive Form Data Exposure — Kali Forms — Contact Form & Drag-and-Drop Builder	4.3	Medium	2026-02-18
CVE-2026-1938	YayMail <= 4.3.2 - Missing Authorization to Authenticated (Shop Manager+) License Key Deletion via '/yaymail-license/v1/license/delete' Endpoint — YayMail – WooCommerce Email Customizer	5.3	Medium	2026-02-18
CVE-2026-1655	EventPrime <= 4.2.8.4 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Event Modification via 'event_id' Parameter — EventPrime – Events Calendar, Bookings and Tickets	4.3	Medium	2026-02-18
CVE-2026-2633	Gutenberg Blocks with AI by Kadence WP <= 3.6.1 - Missing Authorization to Authenticated (Contributor+) Unauthorized Media Upload — Kadence Blocks — Page Builder Toolkit for Gutenberg Editor	4.3	Medium	2026-02-18
CVE-2026-1640	Taskbuilder <= 5.0.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Project/Task Comment Creation — Taskbuilder – Project Management & Task Management Tool With Kanban Board	4.3	Medium	2026-02-18
CVE-2026-1937	YayMail <= 4.3.2 - Missing Authorization to Authenticated (Shop Manager+) Arbitrary Options Update via 'yaymail_import_state' AJAX Action — YayMail – WooCommerce Email Customizer	7.2	High	2026-02-18
CVE-2025-12356	Tickera – WordPress Event Ticketing <= 3.5.6.4 - Missing Authorization to Authenticated (Subscriber+) Event/Post Status Update — Tickera – Sell Tickets & Manage Events	4.3	Medium	2026-02-18
CVE-2026-1906	PDF Invoices & Packing Slips for WooCommerce <= 5.6.0 - Missing Authorization to Authenticated (Subscriber+) Peppol Identifier Modification — PDF Invoices & Packing Slips for WooCommerce	4.3	Medium	2026-02-18
CVE-2026-1925	EmailKit – Email Customizer for WooCommerce & WP <= 1.6.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Title Modification — EmailKit – Email Customizer for WooCommerce & WP	4.3	Medium	2026-02-18
CVE-2025-12075	Order Splitter for WooCommerce <= 5.3.5 - Missing Authorization to Authenticated (Subscriber+) Order Information Exposure — Order Splitter for WooCommerce	4.3	Medium	2026-02-18
CVE-2024-31118	WordPress SP Project & Document Manager plugin <= 4.70 - Broken Access Control to XSS vulnerability — SP Project & Document Manager	6.5	Medium	2026-02-17
CVE-2022-41650	WordPress Custom Content by Country plugin <= 3.1.2 - Broken Access Control vulnerability — Custom Content by Country (by Shield Security)	6.5	Medium	2026-02-17
CVE-2026-2608	Gutenberg Blocks by Kadence Blocks <= 3.5.32 - Missing Authorization — Kadence Blocks — Page Builder Toolkit for Gutenberg Editor	4.3	Medium	2026-02-17
CVE-2026-25903	Apache NiFi: Missing Authorization of Restricted Permissions for Component Updates — Apache NiFi	6.5^AI	Medium^AI	2026-02-17
CVE-2026-1657	EventPrime <= 4.2.8.4 - Missing Authorization to Unauthenticated Image Upload via 'ep_upload_file_media' AJAX Endpoint — EventPrime – Events Calendar, Bookings and Tickets	5.3	Medium	2026-02-17
CVE-2026-2001	WowRevenue <= 2.1.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Installation/Activation — WowRevenue – Product Bundles & Bulk Discounts	8.8	High	2026-02-16
CVE-2025-14573	Team Admin Bypass of Invite Permissions via allow_open_invite Field — Mattermost	3.8	Low	2026-02-16
CVE-2025-14350	Information disclosure via channel mentions in posts — Mattermost	4.3	Medium	2026-02-16

Vulnerabilities classified as CWE-862 (授权机制缺失) represent 5527 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.

Goal Reached Thanks to every supporter — we hit 100%!

CWE-862 (授权机制缺失) — Vulnerability Class 5527