Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

access:pre-auth — CVE vulnerabilities tagged 18872

18872 CVE security advisories tagged "access:pre-auth" with AI Chinese analysis, CVSS, references and POCs.

CVE IDTitleCVSSSeverityPublished
CVE-2024-11225 Premium Packages – Sell Digital Products Securely <= 5.9.3 - Reflected Cross-Site Scripting via add_query_arg — Premium Packages – Sell Digital Products SecurelyCWE-79 6.1 Medium2024-11-22
CVE-2024-11601 Sky Addons for Elementor (Free Templates Library, Live Copy, Animations, Post Grid, Post Carousel, Particles, Sliders, Chart, Blogs) <= 2.6.1 - Cross-Site Request Forgery to Limited Arbitrary Options Update — Sky Addons – Elementor Addons with Widgets & TemplatesCWE-862 8.1 High2024-11-22
CVE-2024-45837 AIPHONE IX SYSTEM和AIPHONE IXG SYSTEM 安全漏洞 — IX-MVCWE-321 8.8 -2024-11-22
CVE-2024-39290 AIPHONE IX SYSTEM和AIPHONE IXG SYSTEM 安全漏洞 — IX-MVCWE-522 8.1 -2024-11-22
CVE-2024-52053 Stored Cross-Site Scripting in Wowza Streaming Engine — Streaming EngineCWE-79 6.1AIMediumAI2024-11-21
CVE-2024-8525 Automated Logic WebCTRL and Carrier i-Vu Unrestricted File Upload — WebCTRLCWE-434 9.8AICriticalAI2024-11-21
CVE-2024-28892 GoCast 操作系统命令注入漏洞 — GoCastCWE-78 9.8 Critical2024-11-21
CVE-2024-29224 GoCast 操作系统命令注入漏洞 — GoCastCWE-78 9.8 Critical2024-11-21
CVE-2024-21855 GoCast 访问控制错误漏洞 — GoCastCWE-306 9.8 Critical2024-11-21
CVE-2024-11088 Simple Membership <= 4.5.5 - Exposure of Private Personal Information to an Unauthorized Actor — Simple MembershipCWE-200 5.3 Medium2024-11-21
CVE-2024-11089 Anonymous Restricted Content <= 1.6.5 - Unauthenticated Content Restriction Bypass to Sensitive Information Exposure — Anonymous Restricted ContentCWE-200 5.3 Medium2024-11-21
CVE-2024-10792 Easiest Funnel Builder For WordPress & WooCommerce by WPFunnels <= 3.5.5 - Reflected Cross-Site Scripting — WPFunnels – Funnel Builder for WooCommerce with Checkout & One Click UpsellCWE-79 6.1 Medium2024-11-21
CVE-2024-10675 affiliate-toolkit <= 3.6.7 - Reflected Cross-Site Scripting — affiliate-toolkit – Multi-Network Affiliate & Amazon Product DisplayCWE-79 6.1 Medium2024-11-21
CVE-2024-11371 Theater for WordPress <= 0.18.6.2 - Reflected Cross-Site Scripting — Theater for WordPressCWE-79 6.1 Medium2024-11-21
CVE-2024-11456 Run Contests, Raffles, and Giveaways with ContestsWP <= 2.0.3 - Reflected Cross-Site Scripting — Run Contests, Raffles, and Giveaways with ContestsWPCWE-79 6.1 Medium2024-11-21
CVE-2024-10400 Tutor LMS <= 2.7.6 - Unauthenticated SQL Injection via rating_filter — Tutor LMS – eLearning and online course solutionCWE-89 7.5 High2024-11-21
CVE-2024-10890 WPAdverts – Classifieds Plugin <= 2.1.7 - Reflected Cross-Site Scripting — WPAdverts – Classifieds PluginCWE-79 6.1 Medium2024-11-21
CVE-2024-10393 Tutor LMS <= 2.7.6 - User Registration Setting Bypass to Unauthorized User Registration — Tutor LMS – eLearning and online course solutionCWE-284 5.3 Medium2024-11-21
CVE-2024-11334 My Contador lesr <= 2.0 - Missing Authorization to Unauthenticated User Registration CSV Export — My Contador lesrCWE-862 4.3 Medium2024-11-21
CVE-2024-10788 Activity Log – Monitor & Record User Changes <= 2.11.1 - Unauthenticated Stored Cross-Site Scripting via Event Context — Activity Log – Monitor & Record User ChangesCWE-79 7.2 High2024-11-21
CVE-2024-10623 ForumEngine <= 1.8 - Reflected Cross-Site Scripting — ForumEngineCWE-79 6.1 Medium2024-11-21
CVE-2024-9371 Branda – White Label & Branding, Custom Login Page Customizer <= 3.4.19 - Reflected Cross-Site Scripting — Branda – White Label & Branding, Free Login Page CustomizerCWE-79 6.1 Medium2024-11-21
CVE-2024-11365 Crypto and DeFi Widgets – Web3 Cryptocurrency Shortcodes <= 1.1.6 - Reflected Cross-Site Scripting — Crypto and DeFi Widgets – Web3 Cryptocurrency ShortcodesCWE-79 6.1 Medium2024-11-21
CVE-2024-11416 WIP Incoming Lite <= 1.1.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting — WIP Incoming LiteCWE-352 6.1 Medium2024-11-21
CVE-2024-11360 Page Parts <= 1.4.3 - Reflected Cross-Site Scripting — Page PartsCWE-79 6.1 Medium2024-11-21
CVE-2024-10522 Co-marquage service-public.fr <= 0.5.76 - Reflected Cross-Site Scripting via add_query_arg Parameter — Co-marquage service-public.frCWE-79 6.1 Medium2024-11-21
CVE-2024-11435 salavat counter Plugin <= 0.9.4 - Reflected Cross-Site Scripting — salavat counter PluginCWE-79 6.1 Medium2024-11-21
CVE-2024-10726 Friendly Functions for Welcart <= 1.2.4 - Cross-Site Request Forgery to Reflected Cross-Site Scripting — Friendly Functions for WelcartCWE-352 6.1 Medium2024-11-21
CVE-2024-11370 Subaccounts for WooCommerce <= 1.6.0 - Reflected Cross-Site Scripting — Subaccounts for WooCommerceCWE-79 6.1 Medium2024-11-21
CVE-2024-10682 Bulletin Announcements <= 3.11.7 - Reflected Cross-Site Scripting — Announcement & Notification Banner – BulletinCWE-79 6.1 Medium2024-11-21

Vulnerabilities classified as access:pre-auth represent 18872 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.