Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

access:pre-auth — CVE vulnerabilities tagged 18893

18893 CVE security advisories tagged "access:pre-auth" with AI Chinese analysis, CVSS, references and POCs.

CVE IDTitleCVSSSeverityPublished
CVE-2024-4345 Startklar Elementor Addons <= 1.7.13 - Unauthenticated Arbitrary File Upload — Startklar Elementor AddonsCWE-434 9.8 Critical2024-05-07
CVE-2024-4346 Startklar Elementor Addons <= 1.7.13 - Unauthenticated Arbitrary File Deletion — Startklar Elementor AddonsCWE-22 9.1 Critical2024-05-07
CVE-2024-4186 Edwiser Bridge <= 3.0.5 - Authentication Bypass due to Missing Empty Value Check — Edwiser Bridge – WordPress Moodle IntegrationCWE-288 9.8 Critical2024-05-07
CVE-2024-34523 AChecker 安全漏洞 — n/a 7.5AIHighAI2024-05-07
CVE-2024-4548 Delta Electronics DIAEnergie SQL Injection — DIAEnergieCWE-20 9.8 Critical2024-05-06
CVE-2024-4547 Delta Electronics DIAEnergie Unauthenticated SQL Injection — DIAEnergieCWE-20 9.8 Critical2024-05-06
CVE-2023-49676 CODESYS: Use after free vulnerability through corrupted project files — CODESYS Development System V2.3CWE-416 5.5 Medium2024-05-06
CVE-2023-49675 CODESYS: Out-of-bounds write through corrupted project files — CODESYS Development System V2.3CWE-787 7.8 High2024-05-06
CVE-2024-34093 Archer Platform 安全漏洞 — n/a 5.3 Medium2024-05-06
CVE-2024-34470 HSC Cybersecurity HC Mailinspector 路径遍历漏洞 — n/a 7.5AIHighAI2024-05-06
CVE-2023-7065 Stop Spammers Security | Block Spam Users, Comments, Forms <= 2024.4 - Cross-Site Request Forgery (CSRF) via sfs_process — Stop Spammers ClassicCWE-352 5.4 Medium2024-05-04
CVE-2024-4439 WordPress 跨站脚本漏洞 — WordPress 7.2 High2024-05-03
CVE-2023-50202 D-Link G416 flupl pythonmodules Command Injection Remote Code Execution Vulnerability — G416CWE-78 8.8 -2024-05-03
CVE-2023-39467 Triangle MicroWorks SCADA Data Gateway certificate Information Disclosure Vulnerability — SCADA Data GatewayCWE-219 7.5 -2024-05-03
CVE-2024-3473 Header Footer Code Manager Pro <= 1.0.16 - Reflected Cross-Site Scripting via message — Header Footer Code Manager ProCWE-79 6.1 Medium2024-05-02
CVE-2024-3681 Interactive World Maps <= 2.4.14 - Reflected Cross-Site Scripting — Interactive World MapsCWE-79 6.1 Medium2024-05-02
CVE-2024-4097 Cost Calculator Builder Pro <= 3.1.67 - Unauthenticated Cross-Site Scripting via SVG Upload — Cost Calculator Builder PROCWE-79 7.2 High2024-05-02
CVE-2024-0710 GP Unique ID <= 1.5.5 - Unauthenticated Form Submission Unique ID Modification — GP Unique IDCWE-20 5.3 Medium2024-05-02
CVE-2024-3601 Poll Maker – Best WordPress Poll Plugin <= 5.1.8 - Missing Authorization to Unauthenticated Email Enumeration — Poll Maker – Versus Polls, Anonymous Polls, Image PollsCWE-862 5.3 Medium2024-05-02
CVE-2024-2667 InstaWP Connect – 1-click WP Staging & Migration <= 0.1.0.22 - Unauthenticated Arbitrary File Upload — InstaWP Connect – 1-click WP Staging & MigrationCWE-434 9.8 Critical2024-05-02
CVE-2024-3553 Tutor LMS <= 2.6.2 - Missing Authorization to Unauthenticated Limited Options Update — Tutor LMS – eLearning and online course solutionCWE-862 6.5 Medium2024-05-02
CVE-2024-4086 CM Tooltip Glossary – Powerful Glossary Plugin <= 4.2.11 - Cross-Site Request Forgery — CM Tooltip GlossaryCWE-352 4.3 Medium2024-05-02
CVE-2024-2960 SVS Pricing Tables <= 1.0.4 - Cross-Site Request Forgery to Pricing Table Deletion — SVS Pricing TablesCWE-352 4.3 Medium2024-05-02
CVE-2024-3897 Popup Box – Best WordPress Popup Plugin <= 4.3.6 - Missing Authorization to Information Exposure — Popup Box – Create Countdown, Coupon, Video, Contact Form PopupsCWE-862 5.3 Medium2024-05-02
CVE-2024-2876 Icegram Express - Email Subscribers, Newsletters and Marketing Automation Plugin <= 5.7.14 - Unauthenticated SQL Injection — Email Subscribers & Newsletters – Email Marketing, Post Notifications & Newsletter Plugin for WordPressCWE-89 9.8 Critical2024-05-02
CVE-2024-1415 Responsive Contact Form Builder & Lead Generation Plugin <= 1.8.9 - Cross-Site Request Forgery — Lead Form Builder & Contact FormCWE-352 4.3 Medium2024-05-02
CVE-2024-1416 Responsive Contact Form Builder & Lead Generation Plugin <= 1.8.9 - Missing Authorization — Lead Form Builder & Contact FormCWE-352 4.3 Medium2024-05-02
CVE-2024-2082 EleForms – All In One Form Integration including DB for Elementor <= 2.9.9.7 - Unauthenticated Stored Cross-Site Scripting — EleForms – All In One Form Integration including DB for ElementorCWE-79 7.2 High2024-05-02
CVE-2023-6961 WP Meta SEO <= 4.5.12 - Unauthenticated Stored Cross-Site Scripting via Referer header — WP Meta SEOCWE-79 7.2 High2024-05-02
CVE-2024-0613 Delete Custom Fields <= 0.3.1 - Cross-Site Request Forgery to Post Meta Deletion — Delete Custom FieldsCWE-352 6.1 Medium2024-05-02

Vulnerabilities classified as access:pre-auth represent 18893 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.