Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

access:pre-auth — CVE vulnerabilities tagged 18829

18829 CVE security advisories tagged "access:pre-auth" with AI Chinese analysis, CVSS, references and POCs.

CVE IDTitleCVSSSeverityPublished
CVE-2025-13930 Checkout Field Manager (Checkout Manager) for WooCommerce <= 7.8.5 - Missing Authorization to Unauthenticated Arbitrary Attachment Deletion — Checkout Field Manager (Checkout Manager) for WooCommerceCWE-862 5.3 Medium2026-02-19
CVE-2026-1405 Slider Future <= 1.0.5 - Unauthenticated Arbitrary File Upload — Slider FutureCWE-434 9.8 Critical2026-02-19
CVE-2025-13413 Country Blocker for AdSense <= 1.0 - Cross-Site Request Forgery to Settings Update — Country Blocker for AdSenseCWE-352 4.3 Medium2026-02-19
CVE-2025-14294 Razorpay for WooCommerce <= 4.7.8 - Missing Authentication to Unauthenticated Order Modification — Razorpay for WooCommerceCWE-306 5.3 Medium2026-02-19
CVE-2026-2502 xmlrpc attacks blocker <= 1.0 - Unauthenticated Stored Cross-Site Scripting via 'X-Forwarded-For' — xmlrpc attacks blockerCWE-79 6.1 Medium2026-02-19
CVE-2025-12500 Checkout Field Manager (Checkout Manager) for WooCommerce <= 7.8.1 - Unauthenticated Limited File Upload — Checkout Field Manager (Checkout Manager) for WooCommerceCWE-434 5.3 Medium2026-02-19
CVE-2025-13113 Web Accessibility by accessiBe <= 2.11 - Unauthenticated Sensitive Information Exposure — Web Accessibility by accessiBeCWE-200 5.3 Medium2026-02-19
CVE-2025-12821 NewsBlogger <= 0.2.5.6 - 0.2.6.1 - Cross-Site Request Forgery to Arbitrary Plugin Installation — NewsBloggerCWE-352 8.8 High2026-02-19
CVE-2025-12882 Clasifico Listing <= 2.0 - Unauthenticated Privilege Escalation — Clasifico ListingCWE-269 9.8 Critical2026-02-19
CVE-2025-12707 Library Management System <= 3.2.1 - Unauthenticated SQL Injection — Library Management SystemCWE-89 7.5 High2026-02-19
CVE-2025-13079 Popup Builder - Create highly converting, mobile friendly marketing popups. <= 4.4.2 - Improper Authorization to Unauthenticated Subscriber Removal via Predictable Tokens — Popup Builder – Create highly converting, mobile friendly marketing popups.CWE-1241 5.3 Medium2026-02-19
CVE-2025-11754 Cookie Banner, Cookie Consent, Consent Log, Cookie Scanner, Script Blocker (for GDPR, CCPA & ePrivacy) : WP Cookie Consent <= 4.1.2 - Missing Authorization to Sensitive Information Exposure — Cookie Banner for GDPR / CCPA – WPLP Cookie ConsentCWE-862 7.5 High2026-02-19
CVE-2025-12172 Mailchimp List Subscribe Form <= 2.0.0 - Cross-Site Request Forgery to Mailchimp List Change — Mailchimp List Subscribe FormCWE-352 4.3 Medium2026-02-19
CVE-2025-11725 Aruba HiSpeed Cache <= 3.0.2 - Missing Authorization to Unauthenticated Plugin's Settings Modification — Aruba HiSpeed CacheCWE-862 6.5 Medium2026-02-19
CVE-2025-11706 Aruba HiSpeed Cache <= 3.0.2 - Reflected Cross-Site Scripting — Aruba HiSpeed CacheCWE-79 6.1 Medium2026-02-19
CVE-2026-25242 Gogs allows unauthenticated file uploads — gogsCWE-862 9.8 -2026-02-19
CVE-2026-26744 FormaLMS 安全漏洞 — n/a 5.3AIMediumAI2026-02-19
CVE-2019-25355 Genivia gSOAP 2.8 - 'gSOAP' Path Traversal — gSOAPCWE-22 7.5 High2026-02-18
CVE-2026-27181 MajorDoMo Unauthenticated Module Uninstall via Market Endpoint — MajorDoMoCWE-862 7.5 High2026-02-18
CVE-2026-27180 MajorDoMo Supply Chain Remote Code Execution via Update URL Poisoning — MajorDoMoCWE-494 9.8 Critical2026-02-18
CVE-2026-27179 MajorDoMo Unauthenticated SQL Injection in Commands Module — MajorDoMoCWE-89 8.2 High2026-02-18
CVE-2026-27178 MajorDoMo Stored Cross-Site Scripting via Method Parameters to Shoutbox — MajorDoMoCWE-79 7.2 High2026-02-18
CVE-2026-27177 MajorDoMo Stored Cross-Site Scripting via Property Set Endpoint — MajorDoMoCWE-79 7.2 High2026-02-18
CVE-2026-27175 MajorDoMo Command Injection in rc/index.php via Race Condition — MajorDoMoCWE-78 9.8 Critical2026-02-18
CVE-2026-27174 MajorDoMo Unauthenticated Remote Code Execution via Admin Console Eval — MajorDoMoCWE-94 9.8 Critical2026-02-18
CVE-2026-27182 Saturn Remote Mouse Server UDP Command Injection RCE — Saturn Remote Mouse ServerCWE-306 8.4 High2026-02-18
CVE-2026-23491 InvoicePlane has Unauthenticated Path Traversal in Guest Controller — InvoicePlaneCWE-22 7.5 -2026-02-18
CVE-2026-1404 Ultimate Member <= 2.11.1 - Reflected Cross-Site Scripting via Filter Parameters — Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership PluginCWE-79 6.1 Medium2026-02-18
CVE-2026-2329 Grandstream GXP1600 VoIP Phones - Unauthenticated stack buffer overflow — GXP1610CWE-121 9.8 -2026-02-18
CVE-2026-2464 Directory Traversal in AMR Printer Management by AMR — AMR Printer Management Beta web serviceCWE-22 7.5AIHighAI2026-02-18

Vulnerabilities classified as access:pre-auth represent 18829 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.