Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

access:pre-auth — CVE vulnerabilities tagged 19238

19238 CVE security advisories tagged "access:pre-auth" with AI Chinese analysis, CVSS, references and POCs.

The tag "access:pre-auth" identifies vulnerabilities that allow unauthenticated attackers to gain unauthorized access to a system, application, or network resource before legitimate credentials are verified. This classification is critical because it represents the lowest barrier to entry for exploitation, enabling remote code execution, data exfiltration, or full system compromise without prior authentication. Typical scenarios involve flaws in authentication mechanisms, such as broken access controls, insecure direct object references, or logic errors in session management that bypass login requirements. Attackers frequently target these weaknesses via exposed APIs, administrative interfaces, or default configurations. Because no user interaction or valid credentials are needed, pre-authentication flaws are among the most severe and widely exploited security issues, often leading to immediate breach of confidentiality, integrity, and availability across affected infrastructure.

CVE IDTitleCVSSSeverityPublished
CVE-2023-4386 Essential Blocks <= 4.2.0 - Unauthenticated PHP Object Injection via queries — Essential Blocks ProCWE-502 8.1 High2023-10-20
CVE-2022-2441 ImageMagick Engine <= 1.7.5 - Cross-Site Request Forgery to Remote Command Execution — ImageMagick EngineCWE-352 8.8 High2023-10-20
CVE-2023-4926 BEAR <= 1.1.3.3 - Cross-Site Request Forgery to Product Deletion — BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.NetCWE-352 5.4 Medium2023-10-20
CVE-2020-36751 Coupon Creator <= 3.1 - Cross-Site Request Forgery Bypass — Coupon CreatorCWE-352 4.3 Medium2023-10-20
CVE-2023-5533 AI ChatBot <= 4.8.9 and 4.9.2 - Missing Authorization on AJAX actions — WPBot – AI ChatBot for Live Support, Lead Generation, AI ServicesCWE-862 5.3 Medium2023-10-20
CVE-2023-3998 wpDiscuz <= 7.6.3 - Insecure Direct Object Reference to Post Rating Increase/Decrease — Comments – wpDiscuzCWE-639 5.3 Medium2023-10-20
CVE-2022-3342 Jetpack CRM <= 5.3.1 - Cross-Site Request Forgery and PHAR Deserialization — Jetpack CRM – Clients, Leads, Invoices, Billing, Email Marketing, & AutomationCWE-502 7.5 High2023-10-20
CVE-2023-5534 AI ChatBot <= 4.8.9 and 4.9.2 - Cross-Site Request Forgery on AJAX actions — WPBot – AI ChatBot for Live Support, Lead Generation, AI ServicesCWE-352 4.3 Medium2023-10-20
CVE-2023-4923 BEAR <= 1.1.3.3 - Cross-Site Request Forgery to Product Deletion — BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.NetCWE-352 5.4 Medium2023-10-20
CVE-2022-4943 miniOrange's Google Authenticator <= 5.6.5 - Missing Authorization to Plugin Settings Change — miniOrange 2FA – Two-Factor Authentication for WordPress (SMS, Email & Google Authenticator)CWE-862 7.5 High2023-10-20
CVE-2022-4712 WP Cerber Security <= 9.1 - Unauthenticated Stored Cross-Site Scripting — WP Cerber Security, Anti-spam & Malware ScanCWE-79 7.2 High2023-10-20
CVE-2023-4488 Dropbox Folder Share <= 1.9.7 - Unauthenticated Local File Inclusion — Dropbox Folder ShareCWE-98 9.8 Critical2023-10-20
CVE-2023-4935 BEAR <= 1.1.3.3 - Cross-Site Request Forgery to Profile Creation — BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.NetCWE-352 4.3 Medium2023-10-20
CVE-2021-4353 WooCommerce Dynamic Pricing and Discounts <= 2.4.1 - Unauthenticated Settings Import/Export — WooCommerce Dynamic Pricing and DiscountsCWE-288 5.3 Medium2023-10-20
CVE-2023-4920 BEAR <= 1.1.3.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting — BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.NetCWE-352 4.3 Medium2023-10-20
CVE-2023-5576 Migration, Backup, Staging – WPvivid <= 0.9.91 - Google Drive Client Secret Exposure — WPvivid — Backup, Migration & StagingCWE-200 8.0 High2023-10-20
CVE-2023-4937 BEAR <= 1.1.3.3 - Cross-Site Request Forgery to Product Manipulation — BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.NetCWE-352 4.3 Medium2023-10-20
CVE-2023-4940 BEAR <= 1.1.3.3 - Cross-Site Request Forgery to Product Manipulation — BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.NetCWE-352 4.3 Medium2023-10-20
CVE-2023-4975 Website Builder by SeedProd <= 6.15.13.1 - Cross-Site Request Forgery to Settings Update — Website Builder by SeedProd — Theme Builder, Landing Page Builder, Coming Soon Page, Maintenance ModeCWE-352 4.3 Medium2023-10-20
CVE-2023-4942 BEAR <= 1.1.3.3 - Cross-Site Request Forgery to Product Manipulation — BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.NetCWE-352 4.3 Medium2023-10-20
CVE-2023-4402 Essential Blocks <= 4.2.0 - Unauthenticated PHP Object Injection via products — Essential Blocks ProCWE-502 8.1 High2023-10-20
CVE-2023-34051 VMware Aria Operations for Logs 安全漏洞 — VMware Aria Operations for Logs 9.8 -2023-10-20
CVE-2023-45471 QAD Search Server 跨站脚本漏洞 — n/a 6.1 -2023-10-20
CVE-2023-41894 Local-only webhooks externally accessible via SniTun in Home Assistant Core — coreCWE-669 5.3 Medium2023-10-19
CVE-2023-35187 SolarWinds Access Rights Manager Directory Traversal Remote Code Execution Vulnerability — Access Rights ManagerCWE-22 8.8 High2023-10-19
CVE-2023-35182 SolarWinds Access Rights Manager Deserialization of Untrusted Data Remote Code Execution Vulnerability — Access Rights ManagerCWE-502 8.8 High2023-10-19
CVE-2023-35184 SolarWinds Access Rights Manager Deserialization of Untrusted Data Remote Code Execution Vulnerability — Access Rights ManagerCWE-502 8.8 High2023-10-19
CVE-2022-24401 Keystream recovery for arbitrary frames in TETRA — TETRA StandardCWE-323 8.8 High2023-10-19
CVE-2023-5254 AI ChatBot <= 4.8.9 - Unauthenticated Sensitive Information Exposure via qcld_wb_chatbot_check_user — WPBot – AI ChatBot for Live Support, Lead Generation, AI ServicesCWE-200 5.3 Medium2023-10-19
CVE-2023-5204 AI ChatBot <= 4.8.9 - Unauthenticated SQL Injection via qc_wpbo_search_response — WPBot – AI ChatBot for Live Support, Lead Generation, AI ServicesCWE-89 9.8 Critical2023-10-19

Vulnerabilities classified as access:pre-auth represent 19238 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.