access:pre-auth — CVE vulnerabilities tagged 18867

18867 CVE security advisories tagged "access:pre-auth" with AI Chinese analysis, CVSS, references and POCs.

CVE ID	Title	CVSS	Severity	Published
CVE-2024-11363	Same but Different – Related Posts by Taxonomy <= 1.0.16 - Reflected Cross-Site Scripting — Same but Different – Related Posts by TaxonomyCWE-79	6.1	Medium	2025-01-07
CVE-2024-12153	GDY Modular Content <= 0.9.92 - Reflected Cross-Site Scripting — GDY Modular ContentCWE-79	6.1	Medium	2025-01-07
CVE-2024-12252	SEO LAT Auto Post <= 2.2.1 - Missing Authorization to File Overwrite/Upload (Remote Code Execution) — SEO LAT Auto PostCWE-94	9.8	Critical	2025-01-07
CVE-2024-12291	ViewMedica 9 <= 1.4.17 - Cross-Site Request Forgery to Reflected Cross-Site Scripting — ViewMedica 9CWE-352	6.1	Medium	2025-01-07
CVE-2024-12290	Infility Global <= 2.9.8 - Reflected Cross-Site Scripting via set_type Parameter — Infility GlobalCWE-79	6.1	Medium	2025-01-07
CVE-2024-12313	Compare Products for WooCommerce <= 3.2.1 - Unauthenticated PHP Object Injection — Compare Products for WooCommerceCWE-502	8.1	High	2025-01-07
CVE-2024-12170	ViewMedica Embed <= 1.4.15 - Cross-Site Request Forgery to SQL Injection — ViewMedica 9CWE-352	5.4	Medium	2025-01-07
CVE-2024-11375	WC1C <= 0.23.0 - Reflected Cross-Site Scripting — WC1CCWE-79	6.1	Medium	2025-01-07
CVE-2024-11378	Bizapp for WooCommerce <= 2.0.8 - Reflected Cross-Site Scripting — Bizapp for WooCommerceCWE-79	6.1	Medium	2025-01-07
CVE-2024-12288	Simple add pages or posts <= 2.0.0 - Cross-Site Request Forgery to Reflected Cross-Site Scripting — Simple add pages or postsCWE-352	6.1	Medium	2025-01-07
CVE-2024-11690	Financial Stocks & Crypto Market Data Plugin <= 1.10.3 - Reflected Cross-Site Scripting — Financial Stocks & Crypto Market Data PluginCWE-79	6.1	Medium	2025-01-07
CVE-2024-12126	SEO Keywords <= 1.1.3 - Reflected Cross-Site Scripting via google_error Parameter — SEO KeywordsCWE-79	6.1	Medium	2025-01-07
CVE-2024-12157	Popup – MailChimp, GetResponse and ActiveCampaign Intergrations <= 3.2.6 - Unauthenticated SQL Injection — Popup – MailChimp, GetResponse and ActiveCampaign IntergrationsCWE-89	7.5	High	2025-01-07
CVE-2024-12214	WooCommerce HSS Extension for Streaming Video <= 3.31 - Reflected Cross-Site Scripting via videolink Parameter — WooCommerce HSS Extension for Streaming VideoCWE-79	6.1	Medium	2025-01-07
CVE-2024-11434	WP – Bulk SMS – by SMS.to <= 1.0.12 - Reflected Cross-Site Scripting — WP – Bulk SMS – by SMS.toCWE-79	6.1	Medium	2025-01-07
CVE-2024-12049	Woo Ukrposhta <= 1.17.11 - Reflected Cross-Site Scripting via order, post, and idd Parameters — UkrposhtaCWE-79	6.1	Medium	2025-01-07
CVE-2024-12098	ARS Affiliate Page Plugin <= 2.0.2 - Reflected Cross-Site Scripting — ARS Affiliate Page PluginCWE-79	6.1	Medium	2025-01-07
CVE-2024-12559	ClickDesigns <= 1.8.0 - Missing Authorization to API Key Modification or Removal — ClickDesignsCWE-862	5.3	Medium	2025-01-07
CVE-2024-12416	Woomotiv <= 3.6.1 - Unauthenticated SQL Injection — Live Sales Notification for Woocommerce – WoomotivCWE-89	7.5	High	2025-01-07
CVE-2024-12419	Design for Contact Form 7 Style WordPress Plugin – CF7 WOW Styler <= 1.7.1 - Unauthenticated Arbitrary Shortcode Execution and Reflected Cross-Site Scripting — WOW Styler for CF7 – Visual Styler for Contact Form 7 FormsCWE-94	6.5	Medium	2025-01-07
CVE-2024-12541	Chative Live chat and Chatbot <= 1.1 - Cross-Site Request Forgery via add_chative_widget_action Function — Chative Live chat and ChatbotCWE-352	5.4	Medium	2025-01-07
CVE-2024-12402	Themes Coder – Create Android & iOS Apps For Your Woocommerce Site <= 1.3.4 - Insecure Direct Object Reference to Password Change/Account Takeover/Privilege Escalation — TC Ecommerce – Create Android & iOS Apps for WooCommerceCWE-288	9.8	Critical	2025-01-07
CVE-2024-12557	Transporters.io <= 2.1.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting — Transporters.ioCWE-352	6.1	Medium	2025-01-07
CVE-2024-11437	Timeline Designer <= 1.4 - Authenticated (Admin+) SQL Injection — Timeline DesignerCWE-89	4.9	Medium	2025-01-07
CVE-2024-55555	Invoice Ninja 代码问题漏洞 — n/a	8.1	-	2025-01-07
CVE-2024-55556	Crater 代码问题漏洞 — n/a	8.1	-	2025-01-07
CVE-2024-11356	Tourmaster < 5.3.4 - Unauthenticated Stored XSS via Room Booking — tourmaster	6.1	-	2025-01-06
CVE-2024-54763	ipTIME A2004 安全漏洞 — n/a	7.5	-	2025-01-06
CVE-2024-54764	ipTIME A2004 安全漏洞 — n/a	7.5	-	2025-01-06
CVE-2024-54767	AVM FRITZ!Box 7530 AX 安全漏洞 — n/a	7.5	-	2025-01-06

Vulnerabilities classified as access:pre-auth represent 18867 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.

Goal Reached Thanks to every supporter — we hit 100%!

access:pre-auth — CVE vulnerabilities tagged 18867