Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

access:pre-auth — CVE vulnerabilities tagged 18855

18855 CVE security advisories tagged "access:pre-auth" with AI Chinese analysis, CVSS, references and POCs.

CVE IDTitleCVSSSeverityPublished
CVE-2021-32584 FortiWLC 访问控制错误漏洞 — FortiWLCCWE-284 4.8 Medium2025-03-17
CVE-2025-2395 e-Excellence U-Office Force - Improper Authentication — U-Office ForceCWE-565 9.8 Critical2025-03-17
CVE-2025-1530 Tripetto <= 8.0.9 - Cross-Site Request Forgery to Arbitrary Results Deletion — WordPress form builder plugin for contact forms, surveys and quizzes – TripettoCWE-352 4.3 Medium2025-03-15
CVE-2025-2025 Give <= 3.22.0 - Missing Authorization to Unauthenticated Arbitrary Earning Reports Disclosure via give_reports_earnings Function — GiveWP – Donation Plugin and Fundraising PlatformCWE-862 6.5 Medium2025-03-15
CVE-2019-25222 Thumbnail carousel slider <= 1.0.4 - Authenticated (Admin+) SQL Injection — Thumbnail carousel sliderCWE-89 4.9 Medium2025-03-15
CVE-2025-2325 WP Test Email <= 1.1.8 - Unauthenticated Stored Cross-Site Scripting — WP Test EmailCWE-79 7.2 High2025-03-15
CVE-2025-1771 Traveler <= 3.1.8 - Unauthenticated Local File Inclusion via hotel_alone_load_more_post — Travel Booking WordPress ThemeCWE-98 9.8 Critical2025-03-15
CVE-2024-13497 WordPress form builder plugin for contact forms, surveys and quizzes – Tripetto <= 8.0.9 - Unauthenticated Stored Cross-Site Scripting — WordPress form builder plugin for contact forms, surveys and quizzes – TripettoCWE-80 7.2 High2025-03-15
CVE-2025-1773 Traveler <= 3.1.8 - Reflected Cross-Site Scripting — Travel Booking WordPress ThemeCWE-79 6.1 Medium2025-03-15
CVE-2025-2164 pixelstats <= 0.8.2 - Reflected Cross-Site Scripting — pixelstatsCWE-79 6.1 Medium2025-03-15
CVE-2025-2163 Zoorum Comments <= 0.9 - Cross-Site Request Forgery to Stored Cross-Site Scripting — Zoorum CommentsCWE-79 6.1 Medium2025-03-15
CVE-2024-12245 Blind SQL Injection in Logout — LogicalDOC CommunityCWE-89 9.1 -2025-03-14
CVE-2024-12020 Reflected Cross-Site Scripting (XSS) — LogicalDOC EnterpriseCWE-79 6.1 -2025-03-14
CVE-2024-54445 Blind SQLi in Login — LogicalDOC CommunityCWE-89 9.1 -2025-03-14
CVE-2023-48785 Fortinet FortiNAC-F 信任管理问题漏洞 — FortiNAC-FCWE-295 4.4 Medium2025-03-14
CVE-2024-40590 Fortinet FortiPortal 信任管理问题漏洞 — FortiPortalCWE-295 4.4 Medium2025-03-14
CVE-2024-13773 Civi - Job Board & Freelance Marketplace WordPress Theme <= 2.1.4 - Sensitive Information Exposure — Civi - Job Board & Freelance Marketplace WordPress ThemeCWE-321 7.3 High2025-03-14
CVE-2024-13772 Civi - Job Board & Freelance Marketplace WordPress Theme <= 2.1.6.1 - Authentication Bypass — Civi - Job Board & Freelance Marketplace WordPress ThemeCWE-288 5.6 Medium2025-03-14
CVE-2025-2232 Realteo - Real Estate Plugin by Purethemes <= 1.2.8 - Authentication Bypass via 'do_register_user' — RealteoCWE-269 9.8 Critical2025-03-14
CVE-2024-13771 Civi - Job Board & Freelance Marketplace WordPress Theme <= 2.1.4 - Authentication Bypass via Password Update — Civi - Job Board & Freelance Marketplace WordPress ThemeCWE-288 9.8 Critical2025-03-14
CVE-2024-26006 Fortinet FortiOS 安全漏洞 — FortiProxyCWE-79 6.9 High2025-03-14
CVE-2025-1507 ShareThis Dashboard for Google Analytics <= 3.2.1 - Missing Authorization to Unauthenticated Feature Deactivation — ShareThis Dashboard for Google AnalyticsCWE-862 5.3 Medium2025-03-14
CVE-2024-13321 AnalyticsWP <= 2.0.0 - Unauthenticated SQL Injection — AnalyticsWPCWE-89 7.5 High2025-03-14
CVE-2024-13824 CiyaShop - Multipurpose WooCommerce Theme <= 4.19.0 - Unauthenticated PHP Object Injection — CiyaShop - Multipurpose WooCommerce ThemeCWE-502 9.8 Critical2025-03-14
CVE-2025-2221 WPCOM Member <= 1.7.6 - Unauthenticated Time-Based SQL Injection — WPCOM MemberCWE-89 7.5 High2025-03-14
CVE-2024-13913 InstaWP Connect – 1-click WP Staging & Migration <= 0.1.0.83 - Cross-Site Request Forgery to Local File Inclusion — InstaWP Connect – 1-click WP Staging & MigrationCWE-352 8.8 High2025-03-14
CVE-2025-1764 LoginPress <= 3.3.1 - Cross-Site Request Forgery to Arbitrary Options Update — LoginPress | wp-login Custom Login Page CustomizerCWE-352 7.5 High2025-03-14
CVE-2025-2056 WP Ghost <= 5.4.01 - Unauthenticated Limited File Read — WP Ghost (Hide My WP Ghost) – Security & FirewallCWE-23 7.5 High2025-03-14
CVE-2025-0955 VidoRev Extensions <= 2.9.9.9.9.9.5 - Missing Authorization to Unauthenticated Youtube Video Import — VidoRev ExtensionsCWE-862 5.3 Medium2025-03-14
CVE-2024-11283 WP JobHunt <= 7.1 - Authentication Bypass to Candidate — WP JobHuntCWE-289 7.5 High2025-03-14

Vulnerabilities classified as access:pre-auth represent 18855 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.