Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

access:pre-auth — CVE vulnerabilities tagged 18839

18839 CVE security advisories tagged "access:pre-auth" with AI Chinese analysis, CVSS, references and POCs.

CVE IDTitleCVSSSeverityPublished
CVE-2025-61945 Missing Authentication for Critical Function in Radiometrics VizAir — VizAirCWE-306 10.0 Critical2025-11-04
CVE-2025-12682 Easy Upload Files During Checkout <= 2.9.8 - Unauthenticated Arbitrary JavaScript File Upload — Easy Upload Files During CheckoutCWE-434 9.8 Critical2025-11-04
CVE-2025-41340 Missing Authorization vulnerability in CanalDenuncia.app — CanalDenuncia.appCWE-862 5.3AIMediumAI2025-11-04
CVE-2025-12493 ShopLentor <= 3.2.5 - Unauthenticated Local PHP File Inclusion via 'load_template' — ShopLentor – All-in-One WooCommerce Growth & Store Enhancement PluginCWE-22 9.8 Critical2025-11-04
CVE-2025-12403 Associados Amazon Plugin <= 0.8 - Cross-Site Request Forgery to Stored Cross-Site Scripting — Associados Amazon PluginCWE-352 6.1 Medium2025-11-04
CVE-2025-12158 Simple User Capabilities <= 1.0 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation — Simple User CapabilitiesCWE-862 9.8 Critical2025-11-04
CVE-2025-12452 Visit Counter 1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting — Visit CounterCWE-352 6.1 Medium2025-11-04
CVE-2025-11733 Footnotes Made Easy <= 3.0.7 - Unauthenticated Stored Cross-Site Scripting — Footnotes Made EasyCWE-79 7.2 High2025-11-04
CVE-2025-12402 LinkedIn Resume <= 2.00 - Cross-Site Request Forgery to Stored Cross-Site Scripting — LinkedIn ResumeCWE-352 6.1 Medium2025-11-04
CVE-2025-12415 MapMap <= 1.1 - Cross-Site Request Forgery to Settings Update and Stored Cross-Site Scripting — MapMapCWE-352 6.1 Medium2025-11-04
CVE-2025-12456 Centangle Team Showcase <= 1.0.0 - Cross-Site Request Forgery To Plugin's Settings Modification And Stored Cross-Site Scripting — Centangle-TeamCWE-352 6.1 Medium2025-11-04
CVE-2025-11890 Crypto Payment Gateway with Payeer for WooCommerce <= 1.0.3 - Unauthenticated Payment Bypass — Crypto Payment Gateway with Payeer for WooCommerceCWE-862 7.5 High2025-11-04
CVE-2025-12400 LMB^Box Smileys <= 3.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting — LMB^Box SmileysCWE-352 6.1 Medium2025-11-04
CVE-2025-12157 Simple User Capabilities <= 1.0 - Missing Authorization to Unauthenticated Capability Reset — Simple User CapabilitiesCWE-862 5.3 Medium2025-11-04
CVE-2025-12410 SH Contextual Help <= 3.2.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting — SH Contextual HelpCWE-352 6.1 Medium2025-11-04
CVE-2025-11758 All in One Time Clock Lite – Tracking Employee Time Has Never Been Easier <= 2.0.3 - Missing Authorization to Page Creation and Information Exposure — All in One Time Clock Lite – Tracking Employee Time Has Never Been EasierCWE-862 6.5 Medium2025-11-04
CVE-2025-12350 DominoKit <= 1.1.0 - Missing Authorization to Unauthenticated Settings Update — DominoKitCWE-862 5.3 Medium2025-11-04
CVE-2025-12413 Social Media WPCF7 Stop Words <= 1.1.3 - Cross-Site Request Forgery to Settings Update — WPCF7 Stop wordsCWE-352 5.4 Medium2025-11-04
CVE-2025-12416 Pagerank Tools <= 1.1.5 - Cross-Site Request Forgery to Stored Cross-Site Scripting — Pagerank toolsCWE-352 6.1 Medium2025-11-04
CVE-2025-12412 Top Bar Notification <= 1.12 - Cross-Site Request Forgery to Stored Cross-Site Scripting — Top Bar NotificationCWE-352 6.1 Medium2025-11-04
CVE-2025-12188 Posts Navigation Links for Sections and Headings - Free by WP Masters <= 1.0.1 - Cross-Site Request Forgery to Settings Update — Posts Navigation Links for Sections and Headings – Free by WP MastersCWE-352 4.3 Medium2025-11-04
CVE-2025-11008 CE21 Suite <= 2.3.1 - Unauthenticated Sensitive Information Exposure to Privilege Escalation — CE21 SuiteCWE-532 9.8 Critical2025-11-04
CVE-2025-12069 WP Global Screen Options <= 0.2 - Cross-Site Request Forgery to Screen Options Update — WP Global Screen OptionsCWE-352 4.3 Medium2025-11-04
CVE-2025-11007 CE21 Suite 2.2.1 - 2.3.1 - Missing Authorization to Unauthenticated Privilege Escalation via Plugin Settings Update — CE21 SuiteCWE-306 9.8 Critical2025-11-04
CVE-2025-12401 Label Plugins <= 0.5 - Cross-Site Request Forgery to Stored Cross-Site Scripting — Label PluginsCWE-352 6.1 Medium2025-11-04
CVE-2025-12070 ViaAds <= 2.1.2 - Cross-Site Request Forgery to API Key Update — ViaAdsCWE-352 4.3 Medium2025-11-04
CVE-2025-8558 Proofpoint Insider Threat Management Server 安全漏洞 — Insider Threat Management (ITM) ServerCWE-306 6.3AIMediumAI2025-11-03
CVE-2025-12463 Unauthenticated SQL Injection in Guetebruck G-Cam Series Cameras — G-CamCWE-89 9.8 Critical2025-11-03
CVE-2025-11953 Command injection in React Native Community CLI allows remote attackers to perform remote code execution by sending HTTP requests CWE-78 9.8 Critical2025-11-03
CVE-2025-8900 Doccure Core < 1.5.4 - Unauthenticated Privilege Escalation — Doccure CoreCWE-269 9.8 Critical2025-11-03

Vulnerabilities classified as access:pre-auth represent 18839 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.