Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

access:pre-auth — CVE vulnerabilities tagged 18882

18882 CVE security advisories tagged "access:pre-auth" with AI Chinese analysis, CVSS, references and POCs.

CVE IDTitleCVSSSeverityPublished
CVE-2024-9219 WordPress Social Share Buttons <= 1.19 - Reflected Cross-Site Scripting — Social Share ButtonsCWE-79 6.1 Medium2024-10-19
CVE-2024-9593 Time Clock <= 1.2.2 & Time Clock Pro <= 1.1.4 - Unauthenticated (Limited) Remote Code Execution — Time Clock ProCWE-94 8.3 High2024-10-18
CVE-2024-9206 MAS Companies For WP Job Manager <= 1.0.13 - Reflected Cross-Site Scripting — MAS Companies For WP Job ManagerCWE-79 6.1 Medium2024-10-18
CVE-2024-9382 Gantry 4 Framework <= 4.1.21 - Reflected Cross-Site Scripting — Gantry 4 FrameworkCWE-79 6.1 Medium2024-10-18
CVE-2024-9383 Parcel Pro <= 1.8.4 - Reflected Cross-Site Scripting — Parcel ProCWE-79 6.1 Medium2024-10-18
CVE-2024-9350 DPD Baltic Shipping <= 1.2.83 - Reflected Cross-Site Scripting — DPD Baltic ShippingCWE-79 6.1 Medium2024-10-18
CVE-2024-8740 GetResponse Forms by Optin Cat <= 2.5.7 - Reflected Cross-Site Scripting — GetResponse Forms by Optin CatCWE-79 6.1 Medium2024-10-18
CVE-2024-10040 Infinite-Scroll <= 2.6.2 - Cross-Site Request Forgery to Plugin Settings Update — Infinite-ScrollCWE-352 5.3 Medium2024-10-18
CVE-2024-10049 Edit WooCommerce Templates <= 1.1.2 - Reflected Cross-Site Scripting via page — Edit WooCommerce TemplatesCWE-79 6.1 Medium2024-10-18
CVE-2024-8790 Social Share With Floating Bar <= 1.0.3 - Reflected Cross-Site Scripting — Social Share With Floating BarCWE-79 6.1 Medium2024-10-18
CVE-2024-10119 SECOM WRTM326 - OS Command Injection — WRTM326CWE-78 9.8 Critical2024-10-18
CVE-2024-10118 SECOM WRTR-304GN-304TW-UPSC - OS Command Injection — WRTR-304GN-304TW-UPSCCWE-78 9.8 Critical2024-10-18
CVE-2024-7316 Denial of Service (DoS) Vulnerability in Mitsubishi Electric CNC Series — Mitsubishi Electric CNC M800V Series M800VWCWE-1284 5.9 Medium2024-10-17
CVE-2024-9184 SendPulse Free Web Push <= 1.3.6 - Unauthenticated Stored Cross-Site Scripting — SendPulse Free Web PushCWE-79 7.2 High2024-10-17
CVE-2024-9951 Wordpress Photo Album Plus <= 8.8.05.003 - Reflected Cross-Site Scripting — WP Photo Album PlusCWE-79 6.1 Medium2024-10-17
CVE-2024-9213 Persian WooCommerce SMS <= 7.0.2 - Reflected Cross-Site Scripting — افزونه پیامک ووکامرس Persian WooCommerce SMSCWE-79 6.1 Medium2024-10-17
CVE-2024-9351 Forminator Forms – Contact Form, Payment Form & Custom Form Builder <= 1.35.1 - Cross-Site Request Forgery to Draft Quiz Creation — Forminator Forms – Contact Form, Payment Form & Custom Form BuilderCWE-352 4.3 Medium2024-10-17
CVE-2024-9352 Forminator Forms – Contact Form, Payment Form & Custom Form Builder <= 1.35.1 - Cross-Site Request Forgery to Draft Custom Form Creation — Forminator Forms – Contact Form, Payment Form & Custom Form BuilderCWE-352 4.3 Medium2024-10-17
CVE-2024-8719 Flexmls® IDX Plugin <= 3.14.22 - Reflected Cross-Site Scripting — Flexmls® IDX PluginCWE-79 6.1 Medium2024-10-17
CVE-2024-9347 The Ultimate WordPress Toolkit – WP Extended <= 3.0.9 - Reflected Cross-Site Scripting — The Ultimate WordPress Toolkit – WP ExtendedCWE-79 6.1 Medium2024-10-17
CVE-2024-9263 WP Timetics- AI-powered Appointment Booking Calendar and Online Scheduling Plugin <= 1.0.25 - Insecure Direct Object Reference to Unauthenticated Arbitrary User Password/Email Reset/Account Takeover — Timetics – Appointment Booking & SchedulingCWE-639 9.8 Critical2024-10-17
CVE-2024-9863 Miniorange OTP Verification with Firebase <= 3.6.0 - Privilege Escalation via Registration due to Administrator Default User Role Value — Miniorange OTP Verification with FirebaseCWE-266 9.8 Critical2024-10-17
CVE-2024-9940 Calculated Fields Form <= 5.2.45 - HTML Injection — Calculated Fields FormCWE-75 5.3 Medium2024-10-17
CVE-2024-9240 ReDi Restaurant Reservation <= 24.0902 - Reflected Cross-Site Scripting — ReDi Restaurant Reservation – Instant Availability & ConfirmationCWE-79 6.1 Medium2024-10-17
CVE-2024-9862 Miniorange OTP Verification with Firebase <= 3.6.0 - Unauthenticated Arbitrary User Password Change — Miniorange OTP Verification with FirebaseCWE-639 9.8 Critical2024-10-17
CVE-2024-9861 Miniorange OTP Verification with Firebase <= 3.6.0 - Authentication Bypass — Miniorange OTP Verification with FirebaseCWE-288 8.1 High2024-10-17
CVE-2024-47836 Admidio vulnerable to HTML Injection In The Messages Section — admidioCWE-502 3.5 Low2024-10-16
CVE-2024-20512 Cisco Unified Contact Center Management Portal Reflected Cross-Site Scripting Vulnerability — Cisco Unified Contact Center Management PortalCWE-79 6.1 Medium2024-10-16
CVE-2024-20463 Cisco ATA 190 Series Analog Telephone Adapter Firmware Command Injection and Denial of Service Vulnerability — Cisco Analog Telephone Adaptor (ATA) SoftwareCWE-305 5.4 Medium2024-10-16
CVE-2024-20460 Cisco ATA 190 Series Analog Telephone Adapter Firmware Reflected Cross-Site Scripting Vulnerability — Cisco Analog Telephone Adaptor (ATA) SoftwareCWE-80 6.1 Medium2024-10-16

Vulnerabilities classified as access:pre-auth represent 18882 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.