Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-862 (授权机制缺失) — Vulnerability Class 5527

5527 vulnerabilities classified as CWE-862 (授权机制缺失). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2026-0998 Mattermost Zoom Plugin allows unauthorized meeting creation and post modification via insufficient API access controls — Mattermost 4.3 Medium2026-02-16
CVE-2026-26367 JUNG eNet SMART HOME server 2.2.1/2.3.1 Arbitrary User Deletion via deleteUserAccount — eNet SMART HOME server 8.1 High2026-02-15
CVE-2026-26368 JUNG eNet SMART HOME server 2.2.1/2.3.1 Account Takeover via resetUserPassword — eNet SMART HOME server 8.8 High2026-02-15
CVE-2026-2312 Media Library Folders <= 8.3.6 - Insecure Direct Object Reference to Authenticated (Author+) Arbitrary Attachment Deletion and Rename — Media Library Folders 4.3 Medium2026-02-14
CVE-2026-1254 Modula Image Gallery – Photo Grid & Video Gallery <= 2.13.6 - Missing Authorization to Authenticated (Contributor+) Arbitrary Post/Page Editing — Modula Image Gallery – Photo Grid & Video Gallery 4.3 Medium2026-02-14
CVE-2026-1303 MailChimp Campaigns <= 3.2.4 - Missing Authorization to Authenticated (Subscriber+) MailChimp App Disconnection — MailChimp Campaigns 5.3 Medium2026-02-14
CVE-2026-1944 CallbackKiller service widget <= 1.2 - Missing Authorization to Unauthenticated Arbitrary Plugin Settings Update — CallbackKiller service widget 5.3 Medium2026-02-14
CVE-2026-2022 Smart Forms <= 2.6.99 - Missing Authorization to Authenticated (Subscriber+) Campaign Data Exposure — Smart Forms – when you need more than just a contact form 4.3 Medium2026-02-14
CVE-2026-0727 Accordion and Accordion Slider <= 1.4.5 - Missing Authorization to Authenticated (Contributor+) Attachment Metadata Modification — Accordion and Accordion Slider 5.4 Medium2026-02-14
CVE-2026-1932 Appointment Booking Calendar Plugin <= 1.0.2 - Missing Authorization to Unauthenticated Arbitrary Appointment Status Modification — Appointment Booking Calendar Plugin – Bookr 5.3 Medium2026-02-14
CVE-2026-0692 BlueSnap Payment Gateway for WooCommerce <= 3.4.0 - Missing Authorization to Unauthenticated Arbitrary Order Status Manipulation — BlueSnap Payment Gateway for WooCommerce 7.5 High2026-02-14
CVE-2025-14067 Easy Form Builder <= 3.9.3 - Missing Authorization to Authenticated (Subscriber+) Sensitive Form Response Data Exposure — Easy Form Builder by WhiteStudio — Drag & Drop Form Builder 5.3 Medium2026-02-14
CVE-2025-14608 WP Last Modified Info <= 1.9.5 - Insecure Direct Object Reference to Authenticated (Author+) Post Metadata Modification — WP Last Modified Info 5.3 Medium2026-02-14
CVE-2025-15157 Starfish Review Generation & Marketing for WordPress <= 3.1.19 - Authenticated (Subscriber+) Arbitrary Options Update via srm_restore_options_defaults — Starfish Review Generation & Marketing for WordPress 8.8 High2026-02-13
CVE-2026-26268 Cursor sandbox escape via Git hooks — cursor 8.1 High2026-02-13
CVE-2026-25531 Kanboard TaskCreationController::duplicateProjects() endpoint does not validate user permissions for target projects — kanboard 4.3 Medium2026-02-13
CVE-2026-25768 LavinMQ is missing vhost access control — lavinmq 4.3AIMediumAI2026-02-12
CVE-2026-1104 FastDup – Fastest WordPress Migration & Duplicator <= 2.7.1 - Missing Authorization to Authenticated (Contributor+) Backup Creation and Download — FastDup – Fastest WordPress Migration & Duplicator 8.8 High2026-02-12
CVE-2026-1671 Activity Log for WordPress <= 1.2.8 - Missing Authorization to Sensitive Information Exposure via Log File — Activity Log for WordPress 6.5 Medium2026-02-12
CVE-2026-1537 LatePoint – Calendar Booking Plugin for Appointments and Events <= 5.2.6 - Missing Authorization to Booking Details Exposure — LatePoint – Calendar Booking Plugin for Appointments and Events 5.3 Medium2026-02-12
CVE-2026-25633 Statamic's missing authorization allows access to assets — cms 4.3 Medium2026-02-11
CVE-2025-13391 Product Options and Price Calculation Formulas for WooCommerce – Uni CPO (Premium) <= 4.9.60 - Missing Authorization to Unauthenticated Arbitrary Attachment and Dropbox File Deletion — Product Options and Price Calculation Formulas for WooCommerce – Uni CPO (Premium) 5.8 Medium2026-02-11
CVE-2025-14592 Missing Authorization in GitLab — GitLab 3.7 Low2026-02-11
CVE-2026-1833 WaMate Confirm <= 2.0.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Phone Number Blocking/Unblocking — WaMate Confirm – Order Confirmation 5.3 Medium2026-02-11
CVE-2026-1786 Twitter posts to Blog <= 1.11.25 - Missing Authorization to Unauthenticated Plugin Settings Update — Twitter posts to Blog 6.5 Medium2026-02-11
CVE-2026-1748 Invoct – PDF Invoices & Billing for WooCommerce <= 1.6 - Missing Authorization to Authenticated (Subscriber+) Information Exposure — Invoct – PDF Invoices & Billing for WooCommerce 4.3 Medium2026-02-11
CVE-2025-15524 Gallery by FooGallery <= 3.1.9 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Gallery Metadata Exposure — Gallery by FooGallery 4.3 Medium2026-02-11
CVE-2026-25609 profile command may permit unauthorized configuration — MongoDB Server 5.4 Medium2026-02-10
CVE-2026-21743 Fortinet FortiAuthenticator 安全漏洞 — FortiAuthenticator 6.8 High2026-02-10
CVE-2025-14895 PopupKit <= 2.2.0 - Missing Authorization to Sensitive Information Disclosure and Data Deletion — Popup builder with Gamification, Multi-Step Popups, Page-Level Targeting, and WooCommerce Triggers 5.4 Medium2026-02-10

Vulnerabilities classified as CWE-862 (授权机制缺失) represent 5527 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.