Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-862 (授权机制缺失) — Vulnerability Class 5530

5530 vulnerabilities classified as CWE-862 (授权机制缺失). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2025-67926 WordPress Fluent Support plugin <= 1.10.4 - Broken Access Control vulnerability — Fluent Support 6.5 Medium2026-01-08
CVE-2025-67917 WordPress Traveler theme <= 3.2.6 - Broken Access Control vulnerability — Traveler 6.5 Medium2026-01-08
CVE-2025-67913 WordPress Aruba HiSpeed Cache plugin < 3.0.3 - Broken Access Control vulnerability — Aruba HiSpeed Cache 6.5 Medium2026-01-08
CVE-2025-22715 WordPress WP Attractive Donations System - Easy Stripe & Paypal donations plugin <= 1.25 - Arbitrary Content Deletion vulnerability — WP Attractive Donations System - Easy Stripe & Paypal donations 7.5 High2026-01-08
CVE-2025-14360 WordPress Blockons plugin <= 1.2.19 - Broken Access Control vulnerability — Blockons 7.5 High2026-01-08
CVE-2025-14358 WordPress REHub Framework plugin <= 19.9.5 - Broken Access Control vulnerability — REHub Framework 7.5 High2026-01-08
CVE-2025-13679 Tutor LMS <= 3.9.3 - Missing Authorization to Authenticated (Subscriber+) Sensitive Information Exposure via tutor_order_details — Tutor LMS – eLearning and online course solution 6.5 Medium2026-01-08
CVE-2025-12640 Folders – Unlimited Folders to Organize Media Library Folder, Pages, Posts, File Manager <= 3.1.5 - Missing Authorization to Authenticated (Author+) Media Replacement — Folders – Unlimited Folders to Organize Media Library Folder, Pages, Posts, File Manager 4.3 Medium2026-01-08
CVE-2025-69221 LibreChat has Insufficient Access Control for Agent Permission Queries — LibreChat 4.3 Medium2026-01-07
CVE-2025-69220 LibreChat has Insufficient Access Control for Agent Files — LibreChat 7.1 High2026-01-07
CVE-2025-46434 WordPress The Plus Addons for Elementor Pro plugin < 6.3.7 - Broken Access Control vulnerability — The Plus Addons for Elementor Pro 6.5 Medium2026-01-07
CVE-2025-69333 WordPress JetEngine plugin <= 3.8.1.1 - Broken Access Control vulnerability — JetEngine 4.3 Medium2026-01-07
CVE-2025-69344 WordPress Oneline Lite theme <= 6.6 - Broken Access Control vulnerability — Oneline Lite 4.3 Medium2026-01-07
CVE-2025-13722 Fluent Forms <= 6.1.7 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Form Creation via AI Builder — Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder 5.3 Medium2026-01-07
CVE-2025-14460 Piraeus Bank WooCommerce Payment Gateway <= 3.1.4 - Missing Authorization to Unauthenticated Arbitrary Order Status Change — Piraeus Bank WooCommerce Payment Gateway 5.3 Medium2026-01-07
CVE-2025-14070 Reviewify <= 1.0.7 - Missing Authorization to Authenticated (Contributor+) Arbitrary WooCommerce Coupon Creation — Reviewify — Review Discounts & Photo/Video Reviews for WooCommerce 7.5 High2026-01-07
CVE-2025-13419 Guest posting / Frontend Posting / Front Editor – WP Front User Submit <= 5.0.0 - Missing Authorization to Unauthenticated Media Deletion — Guest posting / Frontend Posting / Front Editor – WP Front User Submit 5.3 Medium2026-01-07
CVE-2025-13496 Moosend Landing Pages <= 1.1.6 - Missing Authorization to Authenticated (Subscriber+) Option Deletion — Moosend Landing Pages 5.3 Medium2026-01-07
CVE-2025-13493 Latest Registered Users <= 1.4 - Missing Authorization to Unauthenticated Sensitive Information Exposure via User Data Export — Latest Registered Users 7.5 High2026-01-07
CVE-2025-13529 Unify <= 3.4.9 - Missing Authorization to Unauthenticated Option Deletion via 'unify_plugin_downgrade' Parameter — Unify 5.3 Medium2026-01-07
CVE-2025-11877 User Activity Log <= 2.2 - Unauthenticated Limited Options Update via Failed Login — User Activity Log 7.5 High2026-01-07
CVE-2025-12449 aBlocks – WordPress Gutenberg Blocks <= 2.4.0 - Missing Authorization to Authenticated (Subscriber+) Settings Modification — aBlocks – Gutenberg Blocks, User Dashboard Builder, Popup Builder, Form Builder & Animation Builder 5.4 Medium2026-01-07
CVE-2026-0656 iPaymu Payment Gateway for WooCommerce <= 2.0.2 - Missing Authentication to Unauthenticated Payment Bypass and Order Information Disclosure — iPaymu Payment Gateway for WooCommerce 8.2 High2026-01-07
CVE-2025-14370 Quote Comments <= 3.0.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Settings Update — Quote Comments 4.3 Medium2026-01-07
CVE-2025-14901 Bit Form – Contact Form Plugin <= 2.21.6 - Missing Authorization to Unauthenticated Workflow Replay — Bit Form – Custom Contact Form, Multi Step, Conversational Form & Payment Form builder 6.5 Medium2026-01-07
CVE-2025-39477 WordPress InWave Jobs Plugin <= 3.5.8 - Broken Access Control vulnerability — InWave Jobs 9.8 Critical2026-01-06
CVE-2025-69364 WordPress Breeze plugin <= 2.2.21 - Broken Access Control vulnerability — Breeze 5.3 Medium2026-01-06
CVE-2025-69361 WordPress Post Expirator plugin <= 4.9.3 - Broken Access Control vulnerability — Post Expirator 4.3 Medium2026-01-06
CVE-2025-69363 WordPress Responsive Addons for Elementor plugin <= 2.0.8 - Broken Access Control vulnerability — Responsive Addons for Elementor 6.5 Medium2026-01-06
CVE-2025-69359 WordPress Creator LMS plugin <= 1.1.12 - Broken Access Control vulnerability — Creator LMS 5.3 Medium2026-01-06

Vulnerabilities classified as CWE-862 (授权机制缺失) represent 5530 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.