CWE-862 授权机制缺失 类弱点 5967 条 CVE 漏洞汇总,含 AI 中文分析。
CWE-862 属于缺失授权漏洞,指产品在用户访问资源或执行操作时未进行权限校验。攻击者通常通过直接修改请求参数或构造恶意 URL,绕过前端限制以访问未授权数据或执行敏感操作。开发者应避免仅依赖前端验证,需在服务端对每个请求实施严格的身份认证与权限检查,确保用户仅能访问其被授权的资源,从而从根本上消除越权风险。
function runEmployeeQuery($dbName, $name){ mysql_select_db($dbName,$globalDbHandle) or die("Could not open Database".$dbName); //Use a prepared statement to avoid CWE-89 $preparedStatement = $globalDbHandle->prepare('SELECT * FROM employees WHERE name = :name'); $preparedStatement->execute(array(':name' => $name)); return $preparedStatement->fetchAll(); } /.../ $employeeRecord = runEmployeeQuery('EmployeeDB',$_GET['EmployeeName']);sub DisplayPrivateMessage { my($id) = @_; my $Message = LookupMessageObject($id); print "From: " . encodeHTML($Message->{from}) . "<br>\n"; print "Subject: " . encodeHTML($Message->{subject}) . "\n"; print "<hr>\n"; print "Body: " . encodeHTML($Message->{body}) . "\n"; } my $q = new CGI; # For purposes of this example, assume that CWE-309 and # CWE-523 do not apply. if (! AuthenticateUser($q->param('username'), $q->param('password'))) { ExitError("invalid username or password"); } my $id = $q->param('id'); DisplayPrivateMessage($id);| CVE ID | 标题 | CVSS | 风险等级 | Published |
|---|---|---|---|---|
| CVE-2025-24580 | WordPress plugin 12 Step Meeting List 安全漏洞 — 12 Step Meeting List | 6.5 | Medium | 2025-01-24 |
| CVE-2025-22611 | Coolify 安全漏洞 — coolify | 10.0 | Critical | 2025-01-24 |
| CVE-2025-22610 | Coolify 安全漏洞 — coolify | 7.1 | - | 2025-01-24 |
| CVE-2025-22609 | Coolify 安全漏洞 — coolify | 10.0 | Critical | 2025-01-24 |
| CVE-2025-23991 | WordPress plugin Product Size Charts Plugin for WooCommerce 安全漏洞 — Product Size Charts Plugin for WooCommerce | 4.3 | Medium | 2025-01-24 |
| CVE-2024-13698 | WordPress plugin Jobify - Job Board WordPress 安全漏洞 — Jobify - Job Board WordPress Theme | 6.5 | Medium | 2025-01-24 |
| CVE-2024-13335 | WordPress plugin Spexo Addons for Elementor 安全漏洞 — Spexo Addons for Elementor – Elementor Widgets, Mega Menu, Popup Builder, Template Kits and Starter Templates for Elementor | 4.3 | Medium | 2025-01-24 |
| CVE-2025-23486 | WordPress plugin Database Sync 安全漏洞 — Database Sync | 6.5 | Medium | 2025-01-22 |
| CVE-2025-23684 | WordPress plugin Debug Tool 安全漏洞 — Debug Tool | 4.3 | Medium | 2025-01-22 |
| CVE-2025-23512 | WordPress plugin Team 118GROUP Agent 安全漏洞 — Team 118GROUP Agent | 7.5 | High | 2025-01-22 |
| CVE-2024-13447 | WordPress plugin WP Hotel Booking 安全漏洞 — WP Hotel Booking | 4.3 | Medium | 2025-01-22 |
| CVE-2024-13361 | WordPress plugin AI Power 安全漏洞 — AI Puffer – Your AI engine for WordPress (formerly AI Power) | 6.3 | Medium | 2025-01-22 |
| CVE-2024-12879 | WordPress plugin WPBot Pro Wordpress Chatbot 安全漏洞 — WPBot Pro Wordpress Chatbot | 4.3 | Medium | 2025-01-22 |
| CVE-2025-24461 | JetBrains TeamCity 安全漏洞 — TeamCity | 6.5 | Medium | 2025-01-21 |
| CVE-2025-22722 | WordPress plugin Widget Options 安全漏洞 — Widget Options | 4.3 | Medium | 2025-01-21 |
| CVE-2025-22721 | WordPress plugin ApplyOnline 安全漏洞 — ApplyOnline | 4.3 | Medium | 2025-01-21 |
| CVE-2025-23477 | WordPress plugin Realty Workstation 安全漏洞 — Realty Workstation | 8.2 | High | 2025-01-21 |
| CVE-2025-22717 | WordPress plugin My Tickets 安全漏洞 — My Tickets | 7.5 | High | 2025-01-21 |
| CVE-2025-22318 | WordPress plugin Standard Box Sizes – for WooCommerce 安全漏洞 — Standard Box Sizes – for WooCommerce | 7.5 | High | 2025-01-21 |
| CVE-2024-12104 | WordPress plugin Atarim 安全漏洞 — Atarim – Visual Feedback, Review & AI Collaboration | 5.3 | Medium | 2025-01-21 |
| CVE-2025-0515 | WordPress plugin Buzz Club 安全漏洞 — Buzz Club – Night Club, DJ and Music Festival Event WordPress Theme | 4.3 | Medium | 2025-01-18 |
| CVE-2024-12071 | WordPress plugin Evergreen Content Poster 安全漏洞 — Evergreen Content Poster – Auto Post and Schedule Your Best Content to Social Media | 5.3 | Medium | 2025-01-18 |
| CVE-2024-13367 | WordPress plugin Sandbox 安全漏洞 — Sandbox | 6.5 | Medium | 2025-01-17 |
| CVE-2025-23764 | WordPress plugin Copy Move Posts 安全漏洞 — Copy Move Posts | 5.3 | Medium | 2025-01-16 |
| CVE-2025-23761 | WordPress plugin Woo Tuner 安全漏洞 — Woo Tuner | 5.4 | Medium | 2025-01-16 |
| CVE-2025-23957 | WordPress plugin Sur.ly 安全漏洞 — Sur.ly | 4.3 | Medium | 2025-01-16 |
| CVE-2025-23955 | WordPress plugin Xola 安全漏洞 — Xola | 4.3 | Medium | 2025-01-16 |
| CVE-2025-23961 | WordPress plugin WordPress Graphs & Charts 安全漏洞 — WordPress Graphs & Charts | 5.4 | Medium | 2025-01-16 |
| CVE-2025-23963 | WordPress plugin Mark Posts 安全漏洞 — Mark Posts | 5.4 | Medium | 2025-01-16 |
| CVE-2025-23962 | WordPress plugin Goldstar 安全漏洞 — Goldstar | 4.3 | Medium | 2025-01-16 |
CWE-862(授权机制缺失) 是常见的弱点类别,本平台收录该类弱点关联的 5967 条 CVE 漏洞。