Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1020 CNY

100%
Buy Us a Coffee

access:pre-auth — CVE vulnerabilities tagged 19357

19357 CVE security advisories tagged "access:pre-auth" with AI Chinese analysis, CVSS, references and POCs.

The tag "access:pre-auth" identifies vulnerabilities that allow unauthenticated attackers to gain unauthorized access to a system, application, or network resource before legitimate credentials are verified. This classification is critical because it represents the lowest barrier to entry for exploitation, enabling remote code execution, data exfiltration, or full system compromise without prior authentication. Typical scenarios involve flaws in authentication mechanisms, such as broken access controls, insecure direct object references, or logic errors in session management that bypass login requirements. Attackers frequently target these weaknesses via exposed APIs, administrative interfaces, or default configurations. Because no user interaction or valid credentials are needed, pre-authentication flaws are among the most severe and widely exploited security issues, often leading to immediate breach of confidentiality, integrity, and availability across affected infrastructure.

CVE IDTitleCVSSSeverityPublished
CVE-2021-4363 WP Quick FrontEnd Editor <= 5.5 - Reflected Cross-Site Scripting — WP Quick FrontEnd Editor – WordPress PluginCWE-79 6.1 Medium2023-06-07
CVE-2021-4356 Frontend File Manager <= 18.2 - Unauthenticated Arbitrary File Download — Frontend File Manager PluginCWE-862 9.0 Critical2023-06-07
CVE-2020-36710 WPS Hide Login <= 1.5.4.2 - Hidden Login Page Location Disclosure — WPS Hide LoginCWE-863 5.3 Medium2023-06-07
CVE-2019-25140 Coming Soon Page & Maintenance Mode <= 1.8.1 - Stored Cross Site Scripting — Coming Soon Page & Maintenance ModeCWE-79 7.2 High2023-06-07
CVE-2021-4357 uListing <= 1.6.6 - Unauthenticated Arbitrary Post/Page Deletion — Directory Listings WordPress plugin – uListingCWE-862 9.1 Critical2023-06-07
CVE-2021-4358 WP DSGVO Tools (GDPR) <= 3.1.23 - Unauthenticated Stored Cross-Site Scripting — WP DSGVO Tools (GDPR)CWE-79 7.2 High2023-06-07
CVE-2021-4355 Welcart e-Commerce < 2.2.8 - Missing Capabilities Check to Information Disclosure — Welcart e-CommerceCWE-862 7.5 High2023-06-07
CVE-2019-25139 Coming Soon Page & Maintenance Mode <= 1.8.1 - Unauthenticated Settings Reset — Coming Soon Page & Maintenance ModeCWE-862 6.5 Medium2023-06-07
CVE-2020-36708 Epsilon Framework Themes (Various Versions) - Function Injection — AntreasCWE-94 9.8 Critical2023-06-07
CVE-2019-25138 User Submitted Posts <= 20190312 - Unauthenticated Arbitrary File Upload — User Submitted Posts – Enable Users to Submit Posts from the Front EndCWE-434 9.8 Critical2023-06-07
CVE-2020-36707 Coming Soon & Maintenance Mode Page <= 1.57 - Cross-Site Request Forgery — Coming Soon & Maintenance Mode Page & Under ConstructionCWE-352 8.8 High2023-06-07
CVE-2021-4352 JobSearch WP Job Board <= 1.8.1 - Missing Authorization to Settings Change — JobSearch WP Job BoardCWE-284 5.3 Medium2023-06-07
CVE-2021-4351 Frontend File Manager <= 18.2 - Unauthenticated Post Meta Change — Frontend File Manager PluginCWE-862 5.8 Medium2023-06-07
CVE-2021-4350 Frontend File Manager <= 18.2 - Unauthenticated HTML Injection leading to Spam Emails — Frontend File Manager PluginCWE-862 7.2 High2023-06-07
CVE-2021-4345 uListing <= 1.6.6 - Unauthenticated Arbitrary Roles and Capabilities Creation/Deletion — Directory Listings WordPress plugin – uListingCWE-862 6.5 Medium2023-06-07
CVE-2021-4346 uListing <= 1.6.6 - Unauthenticated Arbitrary Account Changes — Directory Listings WordPress plugin – uListingCWE-862 9.8 Critical2023-06-07
CVE-2021-4348 Ultimate GDPR & CCPA <= 2.4 - Unauthenticated Settings Import & Export — Ultimate GDPR & CCPA Compliance Toolkit for WordPressCWE-862 7.5 High2023-06-07
CVE-2021-4343 uListing <= 1.6.6 - Unauthenticated Arbitrary Account Creation — Directory Listings WordPress plugin – uListingCWE-862 9.8 Critical2023-06-07
CVE-2021-4344 Frontend File Manager <= 18.2 - Privilege Escalation — Frontend File Manager PluginCWE-285 6.4 Medium2023-06-07
CVE-2021-4349 Process Steps Template Designer <= 1.2.1 - Cross-Site Request Forgery — Process Steps Template DesignerCWE-352 8.8 High2023-06-07
CVE-2021-4341 uListing <= 1.6.6 - Unauthenticated Wordpress Options Changes via AJAX — Directory Listings WordPress plugin – uListingCWE-862 9.8 Critical2023-06-07
CVE-2021-4339 uListing <= 1.6.6 - Unauthenticated Information Disclosure — Directory Listings WordPress plugin – uListingCWE-862 7.5 High2023-06-07
CVE-2021-4340 uListing <= 1.6.6 - Unauthenticated SQL Injection — Directory Listings WordPress plugin – uListingCWE-89 9.8 Critical2023-06-07
CVE-2020-36696 Product Input Fields for WooCommerce <= 1.2.6 - Missing Authorization — Product Input Fields for WooCommerceCWE-285 7.5 High2023-06-07
CVE-2020-36697 WP GDPR <= 2.1.1 - Missing Authorization Checks — WP GDPRCWE-862 7.3 High2023-06-07
CVE-2023-34409 Percona Monitoring and Management 路径遍历漏洞 — n/a 9.8 -2023-06-06
CVE-2023-2416 Online Booking & Scheduling Calendar for WordPress by vcita <= 4.5 - Cross-Site Request Forgery to Account Logout — Online Booking & Scheduling Calendar for WordPress by vcitaCWE-352 5.4 Medium2023-06-03
CVE-2023-2298 Online Booking & Scheduling Calendar for WordPress by vcita <= 4.3.0 - Unauthenticated Stored Cross-Site Scripting — Online Booking & Scheduling Calendar for WordPress by vcitaCWE-79 7.2 High2023-06-03
CVE-2023-2301 Contact Form Builder by vcita <= 4.10.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting — Contact Form Builder by vcitaCWE-352 6.1 Medium2023-06-03
CVE-2023-2299 Online Booking & Scheduling Calendar for WordPress by vcita <= 4.4.2 - Missing Authorization on REST-API — Online Booking & Scheduling Calendar for WordPress by vcitaCWE-862 5.3 Medium2023-06-03

Vulnerabilities classified as access:pre-auth represent 19357 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.