access:pre-auth — CVE vulnerabilities tagged 18887

18887 CVE security advisories tagged "access:pre-auth" with AI Chinese analysis, CVSS, references and POCs.

CVE ID	Title	CVSS	Severity	Published
CVE-2024-9220	LH Copy Media File <= 1.08 - Reflected Cross-Site Scripting — LH Copy Media FileCWE-79	6.1	Medium	2024-10-01
CVE-2024-9228	Loggedin – Limit Active Logins <= 1.3.1 - Reflected Cross-Site Scripting — Loggedin – Limit Concurrent SessionsCWE-79	6.1	Medium	2024-10-01
CVE-2024-8799	Custom Banners <= 3.3 - Reflected Cross-Site Scripting — Custom BannersCWE-79	6.1	Medium	2024-10-01
CVE-2024-9209	WP Search Analytics <= 1.4.10 - Reflected Cross-Site Scripting — Search Analytics for WPCWE-79	6.1	Medium	2024-10-01
CVE-2024-9241	PDF Image Generator <= 1.5.6 - Reflected Cross-Site Scripting — PDF Image GeneratorCWE-79	6.1	Medium	2024-10-01
CVE-2024-8727	DK PDF <= 1.9.6 - Reflected Cross-Site Scripting — DK PDF – WordPress PDF GeneratorCWE-79	6.1	Medium	2024-10-01
CVE-2024-8728	Easy Load More <= 1.0.3 - Reflected Cross-Site Scripting — Easy Load MoreCWE-79	6.1	Medium	2024-10-01
CVE-2024-9267	Easy WordPress Subscribe – Optin Hound <= 1.4.3 - Reflected Cross-Site Scripting via add_query_arg Parameter — Easy WordPress Subscribe – Optin HoundCWE-79	6.1	Medium	2024-10-01
CVE-2024-8632	KB Support – WordPress Help Desk and Knowledge Base <= 1.6.6 - Missing Authorization to Unauthenticated Ticket Reply Exposure — KB Support – Customer Support Ticket & Helpdesk Plugin, Knowledge Base PluginCWE-862	6.5	Medium	2024-10-01
CVE-2024-8718	Gravity Forms Toolbar <= 1.7.0 - Reflected Cross-Site Scripting — Gravity Forms ToolbarCWE-79	6.1	Medium	2024-10-01
CVE-2024-7869	123.chat - Video Chat <= 1.3.1 - Unauthenticated Stored Cross-Site Scripting — 123.chat - Video ChatCWE-79	7.2	High	2024-10-01
CVE-2024-9106	Wechat Social login <= 1.3.0 - Authentication Bypass — Wechat Social login 微信QQ钉钉登录插件CWE-288	9.8	Critical	2024-10-01
CVE-2024-9108	Wechat Social login <= 1.3.0 - Unauthenticated Arbitrary File Upload — Wechat Social login 微信QQ钉钉登录插件CWE-434	9.8	Critical	2024-10-01
CVE-2024-47295	SEIKO EPSON Web Config 安全漏洞 — Web ConfigCWE-1188	9.8	-	2024-10-01
CVE-2024-8981	Broken Link Checker <= 2.4.0 - Reflected Cross-Site Scripting — Broken Link CheckerCWE-80	7.1	High	2024-10-01
CVE-2024-42514	Mitel MiContact Center Business 安全漏洞 — n/a	8.2	-	2024-10-01
CVE-2021-37577	Bluetooth Core Specification 安全漏洞 — n/a	5.9	-	2024-10-01
CVE-2024-8458	PLANET Technology switch devices - Cross-site Request Forgery — GS-4210-24PL4C hardware 2.0CWE-352	8.8	High	2024-09-30
CVE-2024-8456	PLANET Technology switch devices - Missing Authentication for multiple HTTP routes — GS-4210-24PL4C hardware 2.0CWE-306	9.8	Critical	2024-09-30
CVE-2024-8454	PLANET Technology switch devices - Swctrl service DoS attack — GS-4210-24PL4C hardware 2.0CWE-476	5.3	Medium	2024-09-30
CVE-2024-8449	PLANET Technology switch devices - Local users' passwords recovery through hard-coded credentials — GS-4210-24PL4C hardware 2.0CWE-798	6.8	Medium	2024-09-30
CVE-2024-8712	GTM Server Side <= 2.1.19 - Reflected Cross-Site Scripting — Stape Conversion TrackingCWE-79	6.1	Medium	2024-09-28
CVE-2024-8715	Simple LDAP Login <= 1.6.0 - Reflected Cross-Site Scripting — Simple LDAP LoginCWE-79	6.1	Medium	2024-09-28
CVE-2024-9189	EU/UK VAT Manager for WooCommerce <= 2.12.12 - Missing Authorization — EU/UK VAT Validation Manager for WooCommerceCWE-862	5.3	Medium	2024-09-28
CVE-2024-8353	GiveWP – Donation Plugin and Fundraising Platform <= 3.16.1 - Unauthenticated PHP Object Injection — GiveWP – Donation Plugin and Fundraising PlatformCWE-502	9.8	Critical	2024-09-28
CVE-2024-8788	EU/UK VAT Manager for WooCommerce <= 2.12.12 - Reflected Cross-Site Scripting — EU/UK VAT Validation Manager for WooCommerceCWE-79	6.1	Medium	2024-09-28
CVE-2024-23586	An insufficient session timeout vulnerability affects HCL Nomad server on Domino — Nomad server on DominoCWE-613	5.3	Medium	2024-09-27
CVE-2024-6931	The Events Calendar <= 6.6.3 - Unauthenticated Stored Cross-Site Scripting — The Events CalendarCWE-79	7.2	High	2024-09-27
CVE-2024-7714	AI Assistant with ChatGPT by AYS <= 2.0.9 - Unauthenticated AJAX Calls — AI ChatBot with ChatGPT and Content Generator by AYS	5.3^AI	Medium^AI	2024-09-27
CVE-2024-7713	AI Chatbot with ChatGPT by AYS <= 2.0.9 - Unauthenticated OpenAI Key Disclosure — AI ChatBot with ChatGPT and Content Generator by AYS	7.5^AI	High^AI	2024-09-27

Vulnerabilities classified as access:pre-auth represent 18887 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.

Goal Reached Thanks to every supporter — we hit 100%!

access:pre-auth — CVE vulnerabilities tagged 18887