Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-862 (授权机制缺失) — Vulnerability Class 5527

5527 vulnerabilities classified as CWE-862 (授权机制缺失). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2025-66142 WordPress Comparimager for Elementor plugin <= 1.0.1 - Broken Access Control vulnerability — Comparimager for Elementor 5.4 Medium2026-01-22
CVE-2025-66143 WordPress Crumber plugin <= 1.0.10 - Broken Access Control vulnerability — Crumber 5.4 Medium2026-01-22
CVE-2025-66137 WordPress Searcher for Elementor plugin <= 1.0.3 - Broken Access Control vulnerability — Searcher for Elementor 5.4 Medium2026-01-22
CVE-2025-66139 WordPress Audier For Elementor plugin <= 1.0.9 - Broken Access Control vulnerability — Audier For Elementor 5.4 Medium2026-01-22
CVE-2025-66136 WordPress Carter for Elementor plugin <= 1.0.2 - Broken Access Control vulnerability — Carter for Elementor 5.4 Medium2026-01-22
CVE-2025-66138 WordPress Motionger for Elementor plugin <= 2.0.4 - Broken Access Control vulnerability — Motionger for Elementor 5.4 Medium2026-01-22
CVE-2025-66140 WordPress Uper for Elementor plugin <= 1.0.5 - Broken Access Control vulnerability — Uper for Elementor 5.4 Medium2026-01-22
CVE-2025-66135 WordPress Imager for Elementor plugin <= 2.0.4 - Broken Access Control vulnerability — Imager for Elementor 5.4 Medium2026-01-22
CVE-2025-62754 WordPress Payment Gateway bKash for WC plugin <= 3.1.0 - Broken Access Control vulnerability — Payment Gateway bKash for WC 5.3 Medium2026-01-22
CVE-2025-63018 WordPress Bard theme <= 2.229 - Broken Access Control vulnerability — Bard 4.3 Medium2026-01-22
CVE-2025-62106 WordPress WP-CRM System plugin <= 3.4.5 - Broken Access Control vulnerability — WP-CRM System 5.4 Medium2026-01-22
CVE-2025-54002 WordPress xSmart theme <= 1.2.9.4 - Broken Access Control vulnerability — xSmart 6.5 Medium2026-01-22
CVE-2025-5805 WordPress Electron theme <= 1.8.2 - Broken Access Control vulnerability — Electron 6.5 Medium2026-01-22
CVE-2025-49375 WordPress HomeLancer theme <= 1.0.1 - Broken Access Control vulnerability — HomeLancer 5.4 Medium2026-01-22
CVE-2026-24042 Appsmith public apps can execute unpublished actions (viewMode confusion) — appsmith 9.4 Critical2026-01-22
CVE-2026-1036 Photo Gallery by 10Web – Mobile-Friendly Image Gallery <= 1.8.36 - Missing Authorization to Unauthenticated Arbitrary Comment Deletion — Photo Gallery by 10Web – Mobile-Friendly Image Gallery 5.3 Medium2026-01-21
CVE-2026-23517 Fleet has an Access Control vulnerability in debug/pprof endpoints — fleet 6.5AIMediumAI2026-01-21
CVE-2026-0554 NotificationX <= 3.1.11 - Missing Authorization to Authenticated (Contributor+) Analytics Reset — NotificationX – FOMO, Live Sales Notification, WooCommerce Sales Popup, GDPR, Social Proof, Announcement Banner & Floating Notification Bar 4.3 Medium2026-01-20
CVE-2025-15347 Creator LMS – The LMS for Creators, Coaches, and Trainers <= 1.1.12 - Missing Authorization to Authenticated (Contributor+) Arbitrary Options Update — Creator LMS – Online Courses and eLearning Plugin 8.8 High2026-01-20
CVE-2025-15043 The Events Calendar <= 6.15.13 - Missing Authorization to Authenticated (Subscriber+) Data Migration Control — The Events Calendar 5.4 Medium2026-01-20
CVE-2026-0548 Tutor LMS – eLearning and online course solution <= 3.9.4 - Missing Authorization to Authenticated (Subscriber+) Limited Attachment Deletion — Tutor LMS – eLearning and online course solution 5.4 Medium2026-01-20
CVE-2025-14798 LearnPress – WordPress LMS Plugin <= 4.3.2.4 - Missing Authorization to Unauthenticated Sensitive User Information Disclosure via REST API — LearnPress – WordPress LMS Plugin for Create and Sell Online Courses 5.3 Medium2026-01-20
CVE-2025-14351 Custom Fonts – Host Your Fonts Locally <= 2.1.16 - Missing Authorization to Unauthenticated Font Deletion — Custom Fonts – Host Your Fonts Locally 5.3 Medium2026-01-20
CVE-2025-14978 PeachPay — Payments & Express Checkout for WooCommerce (supports Stripe, PayPal, Square, Authorize.net) <= 1.119.8 - Missing Authorization to Unauthenticated Order Status Modification — PeachPay — Payments & Express Checkout for WooCommerce (supports Stripe, PayPal, Square, Authorize.net, NMI) 5.3 Medium2026-01-20
CVE-2025-15466 Image Photo Gallery Final Tiles Grid <= 3.6.9 - Missing Authorization to Authenticated (Contributor+) Arbitrary Gallery Management — Image Photo Gallery Final Tiles Grid 5.4 Medium2026-01-19
CVE-2026-23875 CrawlChat's Discord Bot has a Knowledge Permission vulnerability — crawlchat 3.5AILowAI2026-01-19
CVE-2026-23721 OpenProject users with "View Members" permission in any project can view all Group memberships — openproject 4.3 Medium2026-01-19
CVE-2025-14078 PAYGENT for WooCommerce <= 2.4.6 - Missing Authorization to Unauthenticated Payment Callback Manipulation — PAYGENT for WooCommerce 5.3 Medium2026-01-17
CVE-2025-12825 User Registration Using Contact Form 7 <= 2.5 - Authenticated (Subscriber+) Information Exposure — User Registration Using Contact Form 7 5.3 Medium2026-01-17
CVE-2025-14029 Community Events <= 1.5.6 - Missing Authorization to Unauthenticated Arbitrary Event Approval via 'eventlist' Parameter — Community Events 5.3 Medium2026-01-17

Vulnerabilities classified as CWE-862 (授权机制缺失) represent 5527 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.