Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

access:pre-auth — CVE vulnerabilities tagged 18802

18802 CVE security advisories tagged "access:pre-auth" with AI Chinese analysis, CVSS, references and POCs.

CVE IDTitleCVSSSeverityPublished
CVE-2019-25575 SimplePress CMS 1.0.7 SQL Injection via p and s Parameters — SimplePress CMSCWE-89 8.2 High2026-03-21
CVE-2019-25570 RealTerm Serial Terminal 2.0.0.70 Denial of Service via Port Field — RealTerm: Serial TerminalCWE-1260 5.5 Medium2026-03-21
CVE-2026-4373 JetFormBuilder <= 3.5.6.2 - Unauthenticated Arbitrary File Read via Media Field — JetFormBuilder — Dynamic Blocks Form BuilderCWE-36 7.5 High2026-03-21
CVE-2026-3478 Content Syndication Toolkit <= 1.3 - Unauthenticated Server-Side Request Forgery via 'url' Parameter — Content Syndication ToolkitCWE-918 7.2 High2026-03-21
CVE-2026-2723 Post Snippits <= 1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting via Settings Update — Post SnippitsCWE-352 6.1 Medium2026-03-21
CVE-2026-4143 Neos Connector for Fakturama <= 0.0.14 - Cross-Site Request Forgery to Settings Update — Neos Connector for FakturamaCWE-352 4.3 Medium2026-03-21
CVE-2026-1648 Performance Monitor <= 1.0.6 - Unauthenticated Server-Side Request Forgery via 'url' Parameter — Performance MonitorCWE-918 7.2 High2026-03-21
CVE-2026-1647 Comment Genius <= 1.2.5 - Reflected Cross-Site Scripting via $_SERVER['PHP_SELF'] — Comment GeniusCWE-79 6.1 Medium2026-03-21
CVE-2026-2427 itsukaita <= 0.1.2 - Reflected Cross-Site Scripting via 'day_from' Parameter — itsukaitaCWE-79 6.1 Medium2026-03-21
CVE-2026-1503 login_register <= 1.2.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting — Plugin Name: login_registerCWE-352 4.3 Medium2026-03-21
CVE-2024-13785 Contact Form, Survey, Quiz & Popup Form Builder – ARForms <= 1.7.2 - Unauthenticated Blind Arbitrary Shortcode Execution — Contact Form, Survey, Quiz & Popup Form Builder – ARFormsCWE-94 5.6 Medium2026-03-21
CVE-2026-3331 Lobot Slider Administrator <= 0.6.0 - Cross-Site Request Forgery to Settings Update — Lobot Slider AdministratorCWE-352 4.3 Medium2026-03-21
CVE-2026-3003 Vagaro Booking Widget <= 0.3 - Unauthenticated Stored Cross-Site Scripting via 'vagaro_code' — Vagaro Booking WidgetCWE-79 7.2 High2026-03-21
CVE-2026-1392 SR WP Minify HTML <= 2.1 - Cross-Site Request Forgery to Settings Update — SR WP Minify HTMLCWE-352 4.3 Medium2026-03-21
CVE-2026-3641 Appmax <= 1.0.3 - Missing Authorization to Order Status Manipulation and Arbitrary Order Creation via Webhook Endpoint — AppmaxCWE-20 5.3 Medium2026-03-21
CVE-2026-2468 Quentn WP <= 1.2.12 - Unauthenticated SQL Injection via 'qntn_wp_access' Cookie — Quentn WPCWE-89 7.5 High2026-03-21
CVE-2026-3332 Xhanch - My Advanced Settings <= 1.1.2 - Cross-Site Request Forgery to Settings Update — Xhanch – My Advanced SettingsCWE-352 4.3 Medium2026-03-21
CVE-2026-3651 Build App Online <= 1.0.23 - Missing Authorization to Arbitrary Post Author Modification via 'build-app-online-update-vendor-product' AJAX Action — Build App OnlineCWE-862 5.3 Medium2026-03-21
CVE-2025-13910 WP-WebAuthn <= 1.3.4 - Unauthenticated Stored Cross-Site Scripting — WP-WebAuthnCWE-79 6.1 Medium2026-03-21
CVE-2026-4069 Alfie – Feed Plugin <= 1.2.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting via 'naam' Parameter — Alfie – Feed PluginCWE-79 6.1 Medium2026-03-21
CVE-2026-3506 WP-Chatbot for Messenger <= 4.9 - Missing Authorization to Unauthenticated Chatbot Configuration Takeover — WP-Chatbot for MessengerCWE-862 5.3 Medium2026-03-21
CVE-2026-2277 rexCrawler <= 1.0.15 - Reflected Cross-Site Scripting via 'url' and 'regex' Parameters — rexCrawlerCWE-79 6.1 Medium2026-03-21
CVE-2026-1390 Redirect countdown <= 1.0 - Cross-Site Request Forgery to Settings Update — Redirect countdownCWE-352 4.3 Medium2026-03-21
CVE-2026-1378 WP Posts Re-order <= 1.0 - Cross-Site Request Forgery to Settings Update — WP Posts Re-orderCWE-352 4.3 Medium2026-03-21
CVE-2026-1393 Add Google Social Profiles to Knowledge Graph Box <= 1.0 - Cross-Site Request Forgery to Settings Update — Add Google Social Profiles to Knowledge Graph BoxCWE-352 4.3 Medium2026-03-21
CVE-2026-2375 App Builder – Create Native Android & iOS Apps On The Flight <= 5.5.10 - Unauthenticated Privilege Escalation via 'role' Parameter — App Builder – Create Native Android & iOS Apps On The FlightCWE-269 6.5 Medium2026-03-21
CVE-2026-1800 Fonts Manager | Custom Fonts <= 1.2 - Unauthenticated SQL Injection via fmcfIdSelectedFnt parameter — Fonts Manager | Custom FontsCWE-89 7.5 High2026-03-21
CVE-2026-2440 SurveyJS: Drag & Drop Form Builder <= 2.5.3 - Unauthenticated Stored Cross-Site Scripting — SurveyJS: Drag & Drop Form BuilderCWE-79 7.2 High2026-03-21
CVE-2026-3335 Canto <= 3.1.1 - Missing Authorization to Unauthenticated File Upload — CantoCWE-862 5.3 Medium2026-03-21
CVE-2026-3570 Smarter Analytics <= 2.0 - Missing Authorization to Unauthenticated Plugin Settings Reset via 'reset' Parameter — Smarter AnalyticsCWE-862 5.3 Medium2026-03-21

Vulnerabilities classified as access:pre-auth represent 18802 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.