Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-862 (授权机制缺失) — Vulnerability Class 5527

5527 vulnerabilities classified as CWE-862 (授权机制缺失). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2025-14629 Alchemist Ajax Upload <= 1.1 - Missing Authorization to Unauthenticated Arbitrary Media File Deletion — Alchemist Ajax Upload 5.3 Medium2026-01-24
CVE-2026-24421 phpMyFAQ missing authorization exposes /api/setup/backup to any authenticated user — phpMyFAQ 6.5 Medium2026-01-24
CVE-2026-24139 MyTube Allows Unauthorized Database Export by Guest Users — MyTube 6.5 -2026-01-23
CVE-2025-14947 All-in-One Video Gallery <= 4.6.4 - Missing Authorization to Unauthenticated Bunny Stream Video Creation/Deletion — All-in-One Video Gallery 6.5 Medium2026-01-23
CVE-2026-24636 WordPress Sugar Calendar (Lite) plugin <= 3.9.1 - Broken Access Control vulnerability — Sugar Calendar (Lite) 4.3 Medium2026-01-23
CVE-2026-24633 WordPress Add Expires Headers & Optimized Minify plugin <= 3.2.0 - Broken Access Control vulnerability — Add Expires Headers & Optimized Minify 5.3 Medium2026-01-23
CVE-2026-24627 WordPress Trusona for WordPress plugin <= 2.0.0 - Broken Access Control vulnerability — Trusona for WordPress 4.3 Medium2026-01-23
CVE-2026-24622 WordPress Suggestion Toolkit plugin <= 5.0 - Broken Access Control vulnerability — Suggestion Toolkit 5.4 Medium2026-01-23
CVE-2026-24625 WordPress File Uploads Addon for WooCommerce plugin <= 1.7.3 - Broken Access Control vulnerability — File Uploads Addon for WooCommerce 5.3 Medium2026-01-23
CVE-2026-24619 WordPress PopCash.Net Code Integration Tool plugin <= 1.8 - Broken Access Control vulnerability — PopCash.Net Code Integration Tool 5.3 Medium2026-01-23
CVE-2026-24612 WordPress Orchid Store theme <= 1.5.15 - Broken Access Control vulnerability — Orchid Store 5.3 Medium2026-01-23
CVE-2026-24616 WordPress WP Popups plugin <= 2.2.0.5 - Broken Access Control vulnerability — WP Popups 6.5 Medium2026-01-23
CVE-2026-24613 WordPress Ecwid Shopping Cart plugin <= 7.0.6 - Broken Access Control vulnerability — Ecwid Shopping Cart 5.3 Medium2026-01-23
CVE-2026-24615 WordPress Cream Magazine theme <= 2.1.10 - Broken Access Control vulnerability — Cream Magazine 5.3 Medium2026-01-23
CVE-2026-24607 WordPress Travel Monster theme <= 1.3.3 - Broken Access Control vulnerability — Travel Monster 5.3 Medium2026-01-23
CVE-2026-24606 WordPress Bayarcash WooCommerce plugin <= 4.3.13 - Broken Access Control vulnerability — Bayarcash WooCommerce 5.3 Medium2026-01-23
CVE-2026-24603 WordPress Universal Google Adsense and Ads manager plugin <= 1.1.8 - Broken Access Control vulnerability — Universal Google Adsense and Ads manager 5.3 Medium2026-01-23
CVE-2026-24605 WordPress X Addons for Elementor plugin <= 1.0.23 - Broken Access Control vulnerability — X Addons for Elementor 4.3 Medium2026-01-23
CVE-2026-24604 WordPress Simple GDPR Cookie Compliance plugin <= 2.0.0 - Broken Access Control vulnerability — Simple GDPR Cookie Compliance 5.3 Medium2026-01-23
CVE-2026-24598 WordPress Multilanguage by BestWebSoft plugin <= 1.5.2 - Broken Access Control vulnerability — Multilanguage by BestWebSoft 4.3 Medium2026-01-23
CVE-2026-24595 WordPress Zoho CRM Lead Magnet plugin <= 1.8.1.9 - Broken Access Control vulnerability — Zoho CRM Lead Magnet 5.4 Medium2026-01-23
CVE-2026-24588 WordPress Smart Product Viewer plugin <= 1.5.4 - Broken Access Control vulnerability — Smart Product Viewer 4.3 Medium2026-01-23
CVE-2026-24585 WordPress Hyyan WooCommerce Polylang Integration plugin <= 1.5.0 - Broken Access Control vulnerability — Hyyan WooCommerce Polylang Integration 6.5 Medium2026-01-23
CVE-2026-24587 WordPress AJAX Hits Counter + Popular Posts Widget plugin <= 0.10.210305 - Broken Access Control vulnerability — AJAX Hits Counter + Popular Posts Widget 5.4 Medium2026-01-23
CVE-2026-24579 WordPress Ai Image Alt Text Generator for WP plugin <= 1.1.9 - Broken Access Control vulnerability — Ai Image Alt Text Generator for WP 4.3 Medium2026-01-23
CVE-2026-24580 WordPress Ecwid Shopping Cart plugin <= 7.0.5 - Broken Access Control vulnerability — Ecwid Shopping Cart 4.3 Medium2026-01-23
CVE-2026-24578 WordPress Admin login URL Change plugin <= 1.1.5 - Broken Access Control vulnerability — Admin login URL Change 4.3 Medium2026-01-23
CVE-2026-24581 WordPress Points and Rewards for WooCommerce plugin <= 2.9.5 - Broken Access Control vulnerability — Points and Rewards for WooCommerce 5.4 Medium2026-01-23
CVE-2026-24583 WordPress SumUp Payment Gateway For WooCommerce plugin <= 2.7.9 - Broken Access Control vulnerability — SumUp Payment Gateway For WooCommerce 5.3 Medium2026-01-23
CVE-2026-24571 WordPress BOX NOW Delivery plugin <= 3.0.2 - Broken Access Control vulnerability — BOX NOW Delivery 4.3 Medium2026-01-23

Vulnerabilities classified as CWE-862 (授权机制缺失) represent 5527 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.