Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1020 CNY

100%
Buy Us a Coffee

access:pre-auth — CVE vulnerabilities tagged 19356

19356 CVE security advisories tagged "access:pre-auth" with AI Chinese analysis, CVSS, references and POCs.

The tag "access:pre-auth" identifies vulnerabilities that allow unauthenticated attackers to gain unauthorized access to a system, application, or network resource before legitimate credentials are verified. This classification is critical because it represents the lowest barrier to entry for exploitation, enabling remote code execution, data exfiltration, or full system compromise without prior authentication. Typical scenarios involve flaws in authentication mechanisms, such as broken access controls, insecure direct object references, or logic errors in session management that bypass login requirements. Attackers frequently target these weaknesses via exposed APIs, administrative interfaces, or default configurations. Because no user interaction or valid credentials are needed, pre-authentication flaws are among the most severe and widely exploited security issues, often leading to immediate breach of confidentiality, integrity, and availability across affected infrastructure.

CVE IDTitleCVSSSeverityPublished
CVE-2021-4381 uListing <= 1.6.6 - Unauthenticated Options Changes via wp_route — Directory Listings WordPress plugin – uListingCWE-862 9.8 Critical2023-06-07
CVE-2020-36731 Flexible Checkout Fields for WooCommerce <= 2.3.1 - Unauthenticated Arbitrary Plugin Settings Update — Flexible Checkout Fields for WooCommerce – WooCommerce Checkout ManagerCWE-79 7.2 High2023-06-07
CVE-2020-36730 CMP <= 3.8.1 - Missing Authorization — CMP – Coming Soon & Maintenance Plugin by NiteoThemesCWE-862 8.3 High2023-06-07
CVE-2020-36726 Ultimate Reviews < 2.1.33 - PHP Object Injection — Ultimate ReviewsCWE-502 9.8 Critical2023-06-07
CVE-2020-36727 Newsletter Manager <= 1.5.1 - Insecure Deserialization — Newsletter ManagerCWE-502 9.8 Critical2023-06-07
CVE-2021-4373 Better Search <= 2.5.2 - Cross-Site Request Forgery to Settings Import — Better Search – Relevant search results for WordPressCWE-288 8.8 High2023-06-07
CVE-2021-4374 WordPress Automatic Plugin <= 3.53.2 - Unauthenticated Arbitrary Options Update — WordPress Automatic PluginCWE-862 9.1 Critical2023-06-07
CVE-2021-4370 uListing <= 1.6.6 - Missing Authorization — Directory Listings WordPress plugin – uListingCWE-862 9.8 Critical2023-06-07
CVE-2021-4369 Frontend File Manager <= 18.2 - Unauthenticated Content Injection — Frontend File Manager PluginCWE-862 5.8 Medium2023-06-07
CVE-2020-36724 Wordable <= 3.1.1 - Authentication Bypass — Wordable – Export Google Docs to WordPressCWE-288 9.8 Critical2023-06-07
CVE-2020-36723 ListingPro - WordPress Directory & Listing Theme < 2.6.1 - Sensitive Information Disclosure — ListingPro - WordPress Directory & Listing ThemeCWE-200 5.3 Medium2023-06-07
CVE-2021-4372 WooCommerce Dynamic Pricing and Discounts <= 2.4.1 - Stored Cross-Site Scripting — WooCommerce Dynamic Pricing and DiscountsCWE-79 6.5 Medium2023-06-07
CVE-2019-25148 WP HTML Mail < 2.9.1 - HTML Injection — Email Template Designer – WP HTML MailCWE-79 6.1 Medium2023-06-07
CVE-2019-25147 Pretty Links <= 2.1.9 - Unauthenticated Stored Cross-Site Scripting via track_link — PrettyLinks – Affiliate Links, Link Branding, Link Tracking, Marketing and Stripe Payments PluginCWE-79 7.2 High2023-06-07
CVE-2016-15033 Delete All Comments <= 2.0 - Arbitrary File Upload — Delete All CommentsCWE-434 9.8 Critical2023-06-07
CVE-2019-25146 DELUCKS SEO < 2.1.8 - Stored Cross Site Scripting — DELUCKS SEOCWE-79 7.2 High2023-06-07
CVE-2020-36721 Epsilon Framework Themes (Various Versions) - Unauthenticated Plugin Activation/Deactivation — BrillianceCWE-284 6.5 Medium2023-06-07
CVE-2021-4365 Frontend File Manager <= 18.2 - Unauthenticated Stored Cross-Site Scripting — Frontend File Manager PluginCWE-79 7.2 High2023-06-07
CVE-2020-36717 Kali Forms <= 2.1.1 - Cross-Site Request Forgery — Kali Forms — Contact Form & Drag-and-Drop BuilderCWE-352 8.8 High2023-06-07
CVE-2020-36718 GDPR CCPA Compliance Support <= 2.3 - PHP Object Injection — GDPR CCPA Compliance & Cookie Consent BannerCWE-502 9.8 Critical2023-06-07
CVE-2020-36719 ListingPro - WordPress Directory & Listing Theme < 2.6.1 - Arbitrary Plugin Installation, Activation and Deactivation — ListingPro - WordPress Directory & Listing ThemeCWE-862 9.8 Critical2023-06-07
CVE-2019-25145 Contact Form & SMTP Plugin by PirateForms <= 2.5.1 - Unauthenticated HTML injection — Contact Form & SMTP Plugin for WordPress by PirateFormsCWE-79 7.2 High2023-06-07
CVE-2020-36716 WP Activity Log <= 4.0.1 - Missing Authorization — WP Activity LogCWE-862 7.3 High2023-06-07
CVE-2019-25144 WP HTML Mail < 2.2.11 - HTML injection — WP Email TemplateCWE-79 5.4 Medium2023-06-07
CVE-2020-36712 Kali Forms <= 2.1.1 - Unauthenticated Arbitrary Post Deletion — Kali Forms — Contact Form & Drag-and-Drop BuilderCWE-862 8.6 High2023-06-07
CVE-2020-36713 MStore API <= 2.1.5 - Authentication Bypass — MStore API – Create Native Android & iOS Apps On The CloudCWE-288 9.8 Critical2023-06-07
CVE-2019-25141 Easy WP SMTP <= 1.3.9 - Missing Authorization to Arbitrary Options Update — Easy WP SMTP – WordPress SMTP and Email Logs: Gmail, Office 365, Outlook, Custom SMTP, and moreCWE-862 9.8 Critical2023-06-07
CVE-2021-4359 Frontend File Manager Plugin <= 18.2 - Unauthenticated Arbitrary Post Deletion — Frontend File Manager PluginCWE-862 6.5 Medium2023-06-07
CVE-2021-4362 WordPress Plugin Kiwi Social Share 安全漏洞 — Social Sharing Plugin – Kiwi 9.8 Critical2023-06-07
CVE-2021-4363 WP Quick FrontEnd Editor <= 5.5 - Reflected Cross-Site Scripting — WP Quick FrontEnd Editor – WordPress PluginCWE-79 6.1 Medium2023-06-07

Vulnerabilities classified as access:pre-auth represent 19356 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.