Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-862 (授权机制缺失) — Vulnerability Class 5531

5531 vulnerabilities classified as CWE-862 (授权机制缺失). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2025-64238 WordPress WPS Bidouille plugin <= 1.33.1 - Broken Access Control vulnerability — WPS Bidouille 4.3 Medium2025-12-16
CVE-2025-54045 WordPress CM On Demand Search And Replace plugin <= 1.5.5 - Broken Access Control vulnerability — CM On Demand Search And Replace 4.3 Medium2025-12-16
CVE-2025-54005 WordPress SKT Page Builder plugin <= 4.9 - Broken Access Control vulnerability — SKT Page Builder 4.3 Medium2025-12-16
CVE-2025-54004 WordPress WCFM – Frontend Manager for WooCommerce plugin <= 6.7.24 - Broken Access Control vulnerability — WCFM – Frontend Manager for WooCommerce 2.7 Low2025-12-16
CVE-2025-11991 JetFormBuilder <= 3.5.3 - Missing Authorization to Unauthenticated Form Generation — JetFormBuilder — Dynamic Blocks Form Builder 5.3 Medium2025-12-16
CVE-2025-12809 dokan pro <= 4.1.3 - Missing Authorization to Unauthenticated Sensitive Information Exposure — Dokan Pro 5.3 Medium2025-12-16
CVE-2025-13794 Auto Featured Image <= 4.2.1 - Missing Authorization to Authenticated (Contributor+) Post Thumbnail Modification — Auto Featured Image (Auto Post Thumbnail) 4.3 Medium2025-12-16
CVE-2025-13956 LearnPress – WordPress LMS Plugin <= 4.3.1 - Missing Authorization to Unauthenticated Orders Statistics Exposure — LearnPress – WordPress LMS Plugin for Create and Sell Online Courses 5.3 Medium2025-12-16
CVE-2025-66402 misskey.js's export data contains private post data — misskey 5.3AIMediumAI2025-12-15
CVE-2025-14038 EnterpriseDB Hybrid Manager - LTS 安全漏洞 — Hybrid Manager - LTS 7.0 High2025-12-15
CVE-2025-13950 OneSignal – Web Push Notifications <= 3.6.1 - Missing Authorization to Unauthenticated Plugin Settings Update — OneSignal – Web Push Notifications 5.3 Medium2025-12-15
CVE-2025-12900 FileBird – WordPress Media Library Folders & File Manager <= 6.5.1 - Missing Authorization to Authenticated (Author+) Global Folders Tampering — FileBird – WordPress Media Library Folders & File Manager 4.3 Medium2025-12-15
CVE-2025-14003 Image Gallery – Photo Grid & Video Gallery <= 2.13.3 - Missing Authorization to Authenticated (Author+) Arbitrary Gallery Modification — Modula Image Gallery – Photo Grid & Video Gallery 4.3 Medium2025-12-15
CVE-2025-12362 myCred – Points Management System For Gamification, Ranks, Badges, and Loyalty Program <= 2.9.7 - Missing Authorization to Unauthenticated Withdrawal Request Approval — Points Management System For Gamification, Ranks, Badges, and Loyalty Rewards Program – myCred 5.3 Medium2025-12-13
CVE-2025-14446 Popup Builder <= 1.1.37 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Settings Reset — Easy Notify Lite 5.4 Medium2025-12-13
CVE-2025-13092 Devs CRM – Manage tasks, attendance and teams all together <= 1.1.8 - Unauthenticated Information Expsoure — Devs CRM – Manage tasks, attendance and teams all together 5.3 Medium2025-12-13
CVE-2025-14365 Eyewear prescription form <= 6.0.1 - Missing Authorization to Unauthenticated Arbitrary WooCommerce Category Deletion — Eyewear prescription form 5.3 Medium2025-12-13
CVE-2025-11164 Mavix Education <= 1.0 - Missing Authorization to Authenticated (Subscriber+) 'Creativ Demo Importer' Plugin Activation — Mavix Education 4.3 Medium2025-12-13
CVE-2025-14508 MediaCommander – Bring Folders to Media, Posts, and Pages <= 2.3.1 - Missing Authorization to Authenticated (Author+) Media Folder Deletion — MediaCommander – Bring Folders to Media, Posts, and Pages 6.5 Medium2025-12-13
CVE-2025-14367 Easy Theme Options <= 1.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Settings Import — Easy Theme Options 5.3 Medium2025-12-13
CVE-2025-13093 Devs CRM – Manage tasks, attendance and teams all together <= 1.1.8 - Missing Authorization to Unauthenticated Lead Tag Update — Devs CRM – Manage tasks, attendance and teams all together 5.3 Medium2025-12-13
CVE-2025-14288 Gallery Blocks with Lightbox <= 3.3.0 - Missing Authorization to Authenticated (Contributor+) Plugin Settings Modification — Mixed Media Gallery Blocks 4.3 Medium2025-12-13
CVE-2025-9218 rtMedia for WordPress, BuddyPress and bbPress 4.7.0 - 4.7.3 - Missing Authorization to Unauthenticated Information Disclosure via handle_rest_pre_dispatch Function — rtMedia for WordPress, BuddyPress and bbPress 3.7 Low2025-12-13
CVE-2025-14397 Postem Ipsum <= 3.0.1 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation in postem_ipsum_generate_users — Postem Ipsum 8.8 High2025-12-13
CVE-2025-14447 AnnunciFunebri Impresa <= 4.7.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Options Deletion — AnnunciFunebri 4.3 Medium2025-12-13
CVE-2025-14540 Userback <= 1.0.15 - Missing Authorization to Authenticated (Subscriber+) Plugin's Configuration Exposure — Userback 4.3 Medium2025-12-13
CVE-2025-14395 Popover Windows <= 1.2 - Missing Authorization to Authenticated (Subscriber+) Popover Configuration Update via AJAX Actions — Popover Windows 4.3 Medium2025-12-13
CVE-2025-14366 Eyewear prescription form <= 6.0.1 - Missing Authorization to Unauthenticated Arbitrary WooCommerce Product Creation — Eyewear prescription form 5.3 Medium2025-12-13
CVE-2025-14581 HAPPY – Helpdesk Support Ticket System <= 1.0.9 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Ticket Reply — HAPPY – Helpdesk Support Ticket System 4.3 Medium2025-12-13
CVE-2025-13403 Employee Spotlight – Team Member Showcase & Meet the Team Plugin <= 5.1.3 - Missing Authorization to Authenticated (Subscriber+) Tracking Opt-In/Opt-Out Modification — Employee Spotlight – Team Member Showcase & Meet the Team Plugin 4.3 Medium2025-12-13

Vulnerabilities classified as CWE-862 (授权机制缺失) represent 5531 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.