Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

access:pre-auth — CVE vulnerabilities tagged 18842

18842 CVE security advisories tagged "access:pre-auth" with AI Chinese analysis, CVSS, references and POCs.

CVE IDTitleCVSSSeverityPublished
CVE-2025-11284 Zytec Dalian Zhuoyun Technology Central Authentication Service HTTP Header git hard-coded password — Central Authentication ServiceCWE-259 7.3 High2025-10-05
CVE-2025-61882 Oracle E-Business Suite 安全漏洞 — Oracle Concurrent Processing 9.8 Critical2025-10-05
CVE-2025-9886 Trinity Audio <= 5.20.2 - Cross-Site Request Forgery — Trinity Audio – Text to Speech AI audio player to convert content into audioCWE-352 4.3 Medium2025-10-04
CVE-2025-9952 Trinity Audio <= 5.20.2 - Reflected Cross-Site Scripting — Trinity Audio – Text to Speech AI audio player to convert content into audioCWE-79 6.1 Medium2025-10-04
CVE-2025-9029 WDesignKit – Elementor & Gutenberg Starter Templates, Patterns, Cloud Workspace & Widget Builder <= 1.2.16 - Missing Authentication via wdkit_handle_review_submission Function — WDesignKit – Elementor & Gutenberg Starter Templates, Patterns, Cloud Workspace & Widget BuilderCWE-862 4.3 Medium2025-10-04
CVE-2025-11228 GiveWP – Donation Plugin and Fundraising Platform <= 4.10.0 - Missing Authorization to Unauthenticated Forms-Campaign Association — GiveWP – Donation Plugin and Fundraising PlatformCWE-862 5.3 Medium2025-10-04
CVE-2025-10746 Integrate Dynamics 365 CRM <= 1.0.9 - Missing Authorization — Integrate Dynamics 365 CRMCWE-306 6.5 Medium2025-10-04
CVE-2025-9485 OAuth Single Sign On – SSO (OAuth Client) <= 6.26.12 - Authentication Bypass via get_resource_owner_from_id_token() — OAuth Single Sign On – SSO (OAuth Client)CWE-347 9.8 Critical2025-10-04
CVE-2025-11227 GiveWP – Donation Plugin and Fundraising Platform <= 4.10.0 - Missing Authorization to Unauthenticated Forms and Campaigns Disclosure — GiveWP – Donation Plugin and Fundraising PlatformCWE-285 6.5 Medium2025-10-04
CVE-2025-61679 Anyquery Unauthenticated Access Vulnerability Exposes Private Integration Data — anyqueryCWE-200 7.7 High2025-10-03
CVE-2025-61673 Karapace is vulnerable to Authentication Bypass — karapaceCWE-306 8.6 High2025-10-03
CVE-2025-10695 OpenSupports 4.11.0 — SSRF via test imap and smtp endpoints — OpenSupportsCWE-918 7.5AIHighAI2025-10-03
CVE-2025-10302 Ultimate Viral Quiz <= 1.0 - Cross-Site Request Forgery to Settings Update — Ultimate Viral QuizCWE-352 4.3 Medium2025-10-03
CVE-2025-9897 AP Background <= 3.8.2 - Cross-Site Request Forgery — AP BackgroundCWE-352 4.3 Medium2025-10-03
CVE-2025-9895 Notification Bar <= 2.2 - Cross-Site Request Forgery — Notification BarCWE-352 4.3 Medium2025-10-03
CVE-2025-9630 WP SinoType <= 1.0 - Cross-Site Request Forgery — WP SinoTypeCWE-352 4.3 Medium2025-10-03
CVE-2025-8669 Customify <= 0.4.11 - Cross-Site Request Forgery — CustomifyCWE-352 4.3 Medium2025-10-03
CVE-2025-9889 ContentMX Content Publisher <= 1.0.6 - Cross-Site Request Forgery — ContentMX Content PublisherCWE-352 4.3 Medium2025-10-03
CVE-2025-9200 Blappsta Mobile App Plugin – Your native, mobile iPhone App and Android App <= 0.8.8.8 - Unauthenticated SQL Injection — Blappsta Mobile App Plugin – Your native, mobile iPhone App and Android AppCWE-89 7.5 High2025-10-03
CVE-2025-9892 Restrict User Registration <= 1.0.1 - Cross-Site Request Forgery to Settings Update — Restrict User RegistrationCWE-352 5.3 Medium2025-10-03
CVE-2025-10309 PayPal Forms <= 1.0.3 - Cross-Site Request Forgery — PayPal FormsCWE-352 4.3 Medium2025-10-03
CVE-2025-9945 Optimize More! – CSS <= 1.0.3 - Cross-Site Request Forgery to Plugin Settings Reset — Optimize More! – CSSCWE-352 4.3 Medium2025-10-03
CVE-2025-9884 Mobile Site Redirect <= 1.2.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting — Mobile Site RedirectCWE-352 6.1 Medium2025-10-03
CVE-2025-7721 JoomSport <= 5.7.3 - Unauthenticated Directory Traversal to Local File Inclusion — JoomSport – for Sports: Team & League, Football, Hockey & moreCWE-98 9.8 Critical2025-10-03
CVE-2025-9209 RestroPress – Online Food Ordering System 3.0.0 - 3.1.9.2 - Unauthenticated Information Exposure to Authentication Bypass via Forged JWT — RestroPress – Online Food Ordering SystemCWE-200 9.8 Critical2025-10-03
CVE-2025-9286 Appy Pie Connect for WooCommerce <= 1.1.2 - Missing Authorization to Unauthenticated Privilege Escalation via reset_user_password — Appy Pie Connect for WooCommerceCWE-620 9.8 Critical2025-10-03
CVE-2025-9885 MPWizard – Create Mercado Pago Payment Links <= 1.2.1 - Cross-Site Request Forgery to Arbitrary Post Deletion — MPWizard – Create Mercado Pago Payment LinksCWE-352 4.3 Medium2025-10-03
CVE-2025-10726 WPRecovery <= 2.0 - Unauthenticated SQL Injection to Arbitrary File Deletion — WPRecoveryCWE-89 9.1 Critical2025-10-03
CVE-2025-10311 Comment Info Detector <= 1.0.5 - Cross-Site Request Forgery to Settings Update — Comment Info DetectorCWE-352 4.3 Medium2025-10-03
CVE-2025-10212 SiteAlert (Formerly WP Health) <= 1.9.8 - Missing Authorization to Unauthenticated Site Health Information Exposure — SiteAlert (Formerly WP Health)CWE-862 5.3 Medium2025-10-03

Vulnerabilities classified as access:pre-auth represent 18842 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.