Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-862 (授权机制缺失) — Vulnerability Class 5531

5531 vulnerabilities classified as CWE-862 (授权机制缺失). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2025-47612 WordPress ClickWhale plugin <= 2.4.6 - Broken Access Control Vulnerability — ClickWhale 5.4 Medium2025-05-07
CVE-2025-47602 WordPress Calculate Prices based on Distance For WooCommerce plugin <= 1.3.5 - Broken Access Control vulnerability — Calculate Prices based on Distance For WooCommerce 5.4 Medium2025-05-07
CVE-2025-47591 WordPress Bulk Featured Image plugin <= 1.2.4 - Broken Access Control vulnerability — Bulk Featured Image 4.3 Medium2025-05-07
CVE-2025-47528 WordPress Ovation Elements plugin <= 1.1.2 - Broken Access Control Vulnerability — Ovation Elements 4.3 Medium2025-05-07
CVE-2025-47526 WordPress GS Variation Swatches for WooCommerce plugin <= 3.0.4 - Broken Access Control Vulnerability — GS Variation Swatches for WooCommerce 5.4 Medium2025-05-07
CVE-2025-47486 WordPress Gutenberg & Elementor Templates Importer For Responsive plugin <= 3.1.9 - Broken Access Control Vulnerability — Responsive Plus 5.3 Medium2025-05-07
CVE-2025-47485 WordPress Cozy Blocks plugin <= 2.1.22 - Broken Access Control Vulnerability — Cozy Blocks 5.3 Medium2025-05-07
CVE-2025-47480 WordPress Graphina plugin <= 3.0.4 - Broken Access Control Vulnerability — Graphina 5.4 Medium2025-05-07
CVE-2025-47472 WordPress Music Player for WooCommerce plugin <= 1.5.1 - Broken Access Control Vulnerability — Music Player for WooCommerce 5.4 Medium2025-05-07
CVE-2025-47471 WordPress Envo Extra plugin <= 1.9.9 - Broken Access Control Vulnerability — Envo Extra 4.3 Medium2025-05-07
CVE-2025-47469 WordPress Media Hygiene plugin <= 4.0.0 - Broken Access Control Vulnerability — Media Hygiene 5.4 Medium2025-05-07
CVE-2025-47467 WordPress GS Testimonial Slider plugin <= 3.3.0 - Broken Access Control Vulnerability — GS Testimonial Slider 4.3 Medium2025-05-07
CVE-2025-47465 WordPress Blocksy theme <= 2.0.97 - Broken Access Control Vulnerability — Blocksy 4.9 Medium2025-05-07
CVE-2025-47457 WordPress LocateAndFilter plugin <= 1.6.16 - Broken Access Control Vulnerability — LocateAndFilter 5.3 Medium2025-05-07
CVE-2025-47450 WordPress Simple File List plugin <= 6.1.13 - Settings Change Vulnerability — Simple File List 5.3 Medium2025-05-07
CVE-2025-3766 Login Lockdown & Protection <= 2.11 - Missing Authorization to Authenticated (Subscriber+) Arbitrary IP Whitelisting — Login Lockdown & Protection 5.4 Medium2025-05-07
CVE-2025-2821 Search Exclude <= 2.4.9 - Missing Authorization to Unauthenticated Plugin Settings Modification — Search Exclude 5.3 Medium2025-05-07
CVE-2025-0856 PGS Core <= 5.8.0 - Missing Authorization via Multiple Functions — PGS Core 7.3 High2025-05-06
CVE-2025-46586 Huawei HarmonyOS 安全漏洞 — HarmonyOS 5.1 Medium2025-05-06
CVE-2025-1326 Homey - Booking and Rentals WordPress Theme <= 2.4.4 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Reservation & Post Deletion — Homey 4.3 Medium2025-05-02
CVE-2024-13419 Smart Framework <= Multiple Plugins - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting — Benaa Framework 6.4 Medium2025-05-02
CVE-2025-4177 Flynax Bridge <= 2.2.0 - Unauthenticated Arbitrary User Deletion — Flynax Bridge 5.3 Medium2025-05-02
CVE-2025-4179 Flynax Bridge <= 2.2.0 - Unauthenticated Limited Privilege Escalation — Flynax Bridge 7.3 High2025-05-02
CVE-2025-3746 OTP-less one tap Sign in 2.0.14 - 2.0.59 - Unauthenticated Arbitrary Email Update to Account Takeover/Privilege Escalation — OTP-less one tap Sign in 9.8 Critical2025-05-02
CVE-2025-3952 Projectopia &#8211; WordPress Project Management <= 5.1.16 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Option Deletion — Projectopia – Project Management Tool 8.1 High2025-05-01
CVE-2025-1304 NewsBlogger <= 0.2.5.1 - Authenticated (Subscriber+) Arbitrary File Upload — NewsBlogger 8.8 High2025-05-01
CVE-2025-2816 Page View Count 2.8.0 - 2.8.4 - Missing Authorization to Authenticated (Subscriber+) Limited Options Update — Page View Count 8.1 High2025-05-01
CVE-2025-46554 XWiki missing authorization when accessing the wiki level attachments list and metadata via REST API — xwiki-platform 5.3 Medium2025-04-30
CVE-2025-46557 Any user with view access to the XWiki space can change the authenticator — xwiki-platform 8.1AIHighAI2025-04-30
CVE-2025-39413 WordPress Simple Sitemap – Create a Responsive HTML Sitemap plugin <= 3.6.0 - Broken Access Control vulnerability — Simple Sitemap – Create a Responsive HTML Sitemap 4.3 Medium2025-04-30

Vulnerabilities classified as CWE-862 (授权机制缺失) represent 5531 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.