Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

access:pre-auth — CVE vulnerabilities tagged 18839

18839 CVE security advisories tagged "access:pre-auth" with AI Chinese analysis, CVSS, references and POCs.

CVE IDTitleCVSSSeverityPublished
CVE-2025-12646 Community Events <= 1.5.4 - Unauthenticated SQL Injection — Community EventsCWE-89 7.5 High2025-11-19
CVE-2025-12842 Booking Plugin for WordPress Appointments – Time Slot <= 1.4.7 - Unauthenticated Arbitrary Email Sending — Time Slot – Booking and Appointment SystemCWE-20 5.3 Medium2025-11-19
CVE-2025-12349 Email Subscribers & Newsletters <= 5.9.10 - Missing Authentication to Unauthenticated Mailing Queue Trigger — Email Subscribers & Newsletters – Email Marketing, Post Notifications & Newsletter Plugin for WordPressCWE-306 5.3 Medium2025-11-19
CVE-2025-12426 Quiz Maker <= 6.7.0.80 - Unauthenticated Sensitive Information Exposure — Quiz MakerCWE-200 5.3 Medium2025-11-19
CVE-2025-12427 YITH WooCommerce Wishlist <= 4.10.0 - Unauthenticated Insecure Direct Object Reference to Unauthenticated Wishlist Rename — YITH WooCommerce WishlistCWE-639 5.3 Medium2025-11-19
CVE-2025-12770 New User Approve <= 3.0.9 - Unauthenticated Sensitive Information Disclosure via Type Juggling — New User ApproveCWE-200 5.3 Medium2025-11-19
CVE-2025-12777 YITH WooCommerce Wishlist <= 4.10.0 - Unauthenticated Wishlist Token Disclosure to Wishlist Item Deletion — YITH WooCommerce WishlistCWE-285 5.3 Medium2025-11-19
CVE-2025-63207 R.V.R Elettronica TEX 安全漏洞 — n/a 9.8AICriticalAI2025-11-19
CVE-2025-63209 ELCA Star Transmitter Remote Control 安全漏洞 — n/a 9.8AICriticalAI2025-11-19
CVE-2025-63212 GatesAir Flexiva-LX Series 安全漏洞 — n/a 9.1AICriticalAI2025-11-19
CVE-2025-63218 Axel WOLF1MS和Axel WOLF2MS 安全漏洞 — n/a 9.8AICriticalAI2025-11-19
CVE-2025-63219 Itel ISO FM SFN Adapter 安全漏洞 — n/a 9.8AICriticalAI2025-11-19
CVE-2025-63221 Axel PUMA 安全漏洞 — n/a 9.8AICriticalAI2025-11-19
CVE-2025-63223 Axel StreamerMAX MK II 安全漏洞 — n/a 9.8AICriticalAI2025-11-19
CVE-2025-63932 D-Link Router 安全漏洞 — n/a 9.8AICriticalAI2025-11-19
CVE-2025-37161 Unauthenticated Remote Denial-of-Service (DoS) Vulnerability in Web Management Interface — HPE Aruba Networking 100 Series Cellular Bridge 7.5 High2025-11-18
CVE-2025-46215 Fortinet FortiSandbox 安全漏洞 — FortiSandboxCWE-653 5.0 Medium2025-11-18
CVE-2025-9977 Improper neutralization of input in Times Software E-PAYROLL — E-PayrollCWE-89 7.5AIHighAI2025-11-18
CVE-2025-12545 Pixel Manager for WooCommerce – Track Conversions and Analytics, Google Ads, TikTok and more <= 1.49.2 - Unauthenticated Information Exposure — Pixel Manager for WooCommerce – Conversion Tracking, Google Ads, GA4, TikTok, Dynamic RemarketingCWE-200 5.3 Medium2025-11-18
CVE-2025-9312 Improper Certificate-Based Authentication Enforcement in Multiple WSO2 Products — WSO2 API ManagerCWE-306 9.8 Critical2025-11-18
CVE-2025-11427 WP Migrate Lite <= 2.7.6 - Unauthenticated Blind Server-Side Request Forgery — WP Migrate Lite – Migration Made EasyCWE-918 5.8 Medium2025-11-18
CVE-2025-41737 Improper access control via php endpoint — Energy-Controlling EWIO2-MCWE-284 7.5 High2025-11-18
CVE-2025-41734 Unauthenticated Local File Inclusion in php module — Energy-Controlling EWIO2-MCWE-98 9.8 Critical2025-11-18
CVE-2025-41733 Possible malfunction credential injection — Energy-Controlling EWIO2-MCWE-305 9.8 Critical2025-11-18
CVE-2025-12391 Restrictions for BuddyPress <= 1.5.2 - Missing Authorization to Unauthenticated Tracking Status Update — Restrictions for BuddyPressCWE-862 5.3 Medium2025-11-18
CVE-2025-12392 Cryptocurrency Payment Gateway for WooCommerce <= 2.0.25 - Missing Authorization to Unauthenticated Tracking Status Update — Cryptocurrency Payment Gateway for WooCommerceCWE-862 5.3 Medium2025-11-18
CVE-2025-12079 WP Twitter Auto Publish <= 1.7.4 - Reflected Cross-Site Scripting via PostMessage — WP Twitter Auto PublishCWE-79 6.1 Medium2025-11-18
CVE-2025-12955 Live sales notification for WooCommerce <= 2.3.39 - Missing Authorization to Unauthenticated Customer Data Exposure — PiWeb Live sales notification for WooCommerceCWE-862 7.5 High2025-11-18
CVE-2025-4212 Checkout Files Upload for WooCommerce <= 2.2.1 - Unauthenticated Stored Cross-Site Scripting — Checkout Files Upload for WooCommerceCWE-79 7.2 High2025-11-18
CVE-2025-12078 ArtiBot Free Chat Bot for WebSites <= 1.1.7 - Reflected Cross-Site Scripting via PostMessage — ArtiBot Free Chat Bot for WebSitesCWE-79 6.1 Medium2025-11-18

Vulnerabilities classified as access:pre-auth represent 18839 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.