Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1020 CNY

100%
Buy Us a Coffee

access:pre-auth — CVE vulnerabilities tagged 19342

19342 CVE security advisories tagged "access:pre-auth" with AI Chinese analysis, CVSS, references and POCs.

The tag "access:pre-auth" identifies vulnerabilities that allow unauthenticated attackers to gain unauthorized access to a system, application, or network resource before legitimate credentials are verified. This classification is critical because it represents the lowest barrier to entry for exploitation, enabling remote code execution, data exfiltration, or full system compromise without prior authentication. Typical scenarios involve flaws in authentication mechanisms, such as broken access controls, insecure direct object references, or logic errors in session management that bypass login requirements. Attackers frequently target these weaknesses via exposed APIs, administrative interfaces, or default configurations. Because no user interaction or valid credentials are needed, pre-authentication flaws are among the most severe and widely exploited security issues, often leading to immediate breach of confidentiality, integrity, and availability across affected infrastructure.

CVE IDTitleCVSSSeverityPublished
CVE-2023-0291 Quiz And Survey Master <= 8.0.8 - Unauthenticated Arbitrary Media Deletion — Quiz and Survey Master (QSM) – Easy Quiz and Survey MakerCWE-862 7.2 High2023-06-09
CVE-2023-1843 Metform Elementor Contact Form Builder <= 3.3.0 - Missing Authorization — MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for ElementorCWE-862 6.5 Medium2023-06-09
CVE-2023-2402 Photo Gallery Slideshow & Masonry Tiled Gallery <= 1.0.13 - Reflected Cross-Site Scripting — Photo Gallery Slideshow & Masonry Tiled GalleryCWE-79 6.1 Medium2023-06-09
CVE-2023-2526 Easy Google Maps <= 1.11.7 - Cross-Site Request Forgery via AJAX action — Easy Google MapsCWE-352 5.4 Medium2023-06-09
CVE-2023-0832 Under Construction <= 3.96 - Cross-Site Request Forgery via admin_action_install_weglot — Under ConstructionCWE-352 4.3 Medium2023-06-09
CVE-2023-2604 Team Circle Image Slider With Lightbox <= 1.0.17 - Reflected Cross-Site Scripting — Team Circle Image Slider With LightboxCWE-79 6.1 Medium2023-06-09
CVE-2023-0992 Shield Security <= 17.0.17 - Unauthenticated Stored Cross-Site Scripting — Shield: Blocks Bots, Protects Users, and Prevents Security BreachesCWE-79 7.2 High2023-06-09
CVE-2023-0831 Under Construction <= 3.96 - Cross-Site Request Forgery via admin_action_ucp_dismiss_notice — Under ConstructionCWE-352 4.3 Medium2023-06-09
CVE-2023-30262 MIM Software 代码问题漏洞 — n/a 9.8 -2023-06-09
CVE-2023-2986 Abandoned Cart Lite for WooCommerce <= 5.15.1 - Authentication Bypass — Abandoned Cart Lite for WooCommerceCWE-288 9.8 Critical2023-06-08
CVE-2020-36728 Adning Advertising <= 1.5.5 - Unauthenticated Arbitrary File Deletion via Path Traversal — Adning AdvertisingCWE-22 6.5 Medium2023-06-07
CVE-2021-4380 Pinterest Automatic <= 4.14.3 - Unuathenticated Arbitrary Options Update — Pinterest AutomaticCWE-284 9.8 Critical2023-06-07
CVE-2020-36705 Adning Advertising <= 1.5.5 - Arbitrary File Upload — Adning AdvertisingCWE-434 9.8 Critical2023-06-07
CVE-2023-2541 Sensitive information disclosure in KNIME Hub Web Application — KNIME Business HubCWE-497 5.3 Medium2023-06-07
CVE-2023-2187 Triangle MicroWorks SCADA Data Gateway 安全漏洞 — SCADA Data GatewayCWE-306 5.3 Medium2023-06-07
CVE-2023-2186 Triangle MicroWorks SCADA Data Gateway 格式化字符串错误漏洞 — SCADA Data GatewayCWE-134 8.2 High2023-06-07
CVE-2021-4381 uListing <= 1.6.6 - Unauthenticated Options Changes via wp_route — Directory Listings WordPress plugin – uListingCWE-862 9.8 Critical2023-06-07
CVE-2020-36731 Flexible Checkout Fields for WooCommerce <= 2.3.1 - Unauthenticated Arbitrary Plugin Settings Update — Flexible Checkout Fields for WooCommerce – WooCommerce Checkout ManagerCWE-79 7.2 High2023-06-07
CVE-2020-36730 CMP <= 3.8.1 - Missing Authorization — CMP – Coming Soon & Maintenance Plugin by NiteoThemesCWE-862 8.3 High2023-06-07
CVE-2020-36726 Ultimate Reviews < 2.1.33 - PHP Object Injection — Ultimate ReviewsCWE-502 9.8 Critical2023-06-07
CVE-2020-36727 Newsletter Manager <= 1.5.1 - Insecure Deserialization — Newsletter ManagerCWE-502 9.8 Critical2023-06-07
CVE-2021-4373 Better Search <= 2.5.2 - Cross-Site Request Forgery to Settings Import — Better Search – Relevant search results for WordPressCWE-288 8.8 High2023-06-07
CVE-2021-4374 WordPress Automatic Plugin <= 3.53.2 - Unauthenticated Arbitrary Options Update — WordPress Automatic PluginCWE-862 9.1 Critical2023-06-07
CVE-2021-4370 uListing <= 1.6.6 - Missing Authorization — Directory Listings WordPress plugin – uListingCWE-862 9.8 Critical2023-06-07
CVE-2021-4369 Frontend File Manager <= 18.2 - Unauthenticated Content Injection — Frontend File Manager PluginCWE-862 5.8 Medium2023-06-07
CVE-2020-36724 Wordable <= 3.1.1 - Authentication Bypass — Wordable – Export Google Docs to WordPressCWE-288 9.8 Critical2023-06-07
CVE-2020-36723 ListingPro - WordPress Directory & Listing Theme < 2.6.1 - Sensitive Information Disclosure — ListingPro - WordPress Directory & Listing ThemeCWE-200 5.3 Medium2023-06-07
CVE-2021-4372 WooCommerce Dynamic Pricing and Discounts <= 2.4.1 - Stored Cross-Site Scripting — WooCommerce Dynamic Pricing and DiscountsCWE-79 6.5 Medium2023-06-07
CVE-2019-25148 WP HTML Mail < 2.9.1 - HTML Injection — Email Template Designer – WP HTML MailCWE-79 6.1 Medium2023-06-07
CVE-2019-25147 Pretty Links <= 2.1.9 - Unauthenticated Stored Cross-Site Scripting via track_link — PrettyLinks – Affiliate Links, Link Branding, Link Tracking, Marketing and Stripe Payments PluginCWE-79 7.2 High2023-06-07

Vulnerabilities classified as access:pre-auth represent 19342 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.