Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1325 CNY

100%
Buy Us a Coffee

access:pre-auth — CVE vulnerabilities tagged 20697

20697 CVE security advisories tagged "access:pre-auth" with AI Chinese analysis, CVSS, references and POCs.

The tag "access:pre-auth" identifies vulnerabilities that allow unauthenticated attackers to gain unauthorized access to a system, application, or network resource before legitimate credentials are verified. This classification is critical because it represents the lowest barrier to entry for exploitation, enabling remote code execution, data exfiltration, or full system compromise without prior authentication. Typical scenarios involve flaws in authentication mechanisms, such as broken access controls, insecure direct object references, or logic errors in session management that bypass login requirements. Attackers frequently target these weaknesses via exposed APIs, administrative interfaces, or default configurations. Because no user interaction or valid credentials are needed, pre-authentication flaws are among the most severe and widely exploited security issues, often leading to immediate breach of confidentiality, integrity, and availability across affected infrastructure.

CVE IDTitleCVSSSeverityPublished
CVE-2026-54341 Dragonfly: RESTORE operations may crash the server — dragonflyCWE-125 7.5 High2026-06-26
CVE-2026-5757 There exists an unauthenticated remote information disclosure vulnerability in Ollama's model quantization engine — Ollama--2026-06-26
CVE-2026-57664 WordPress Bopo – WooCommerce Product Bundle Builder plugin <= 1.1.6 - Sensitive Data Exposure vulnerability — Bopo – WooCommerce Product Bundle BuilderCWE-497 4.3 Medium2026-06-26
CVE-2026-57665 WordPress GravityView plugin <= 3.0.0 - Insecure Direct Object References (IDOR) vulnerability — GravityViewCWE-639 5.3 Medium2026-06-26
CVE-2026-57660 WordPress Booking and Rental Manager plugin <= 2.7.1 - Broken Access Control vulnerability — Booking and Rental ManagerCWE-862 5.3 Medium2026-06-26
CVE-2026-57659 WordPress Paid Memberships Pro - Add Member From Admin plugin <= 0.7.2 - Cross Site Request Forgery (CSRF) vulnerability — Paid Memberships Pro - Add Member From AdminCWE-352 8.8 High2026-06-26
CVE-2026-57657 WordPress Gmail SMTP plugin <= 1.2.3.19 - Cross Site Request Forgery (CSRF) vulnerability — Gmail SMTPCWE-352 4.3 Medium2026-06-26
CVE-2026-57655 WordPress Child theme Wizard plugin <= 1.4 - Cross Site Request Forgery (CSRF) vulnerability — Child Theme WizardCWE-352 8.2 High2026-06-26
CVE-2026-57652 WordPress JS Help Desk plugin <= 3.1.0 - Insecure Direct Object References (IDOR) vulnerability — JS Help DeskCWE-639 5.3 Medium2026-06-26
CVE-2026-57641 WordPress Real Estate 7 theme <= 3.5.9 - Cross Site Request Forgery (CSRF) vulnerability — Real Estate 7CWE-352 6.5 Medium2026-06-26
CVE-2026-57637 WordPress Abandoned Cart Lite for WooCommerce plugin <= 6.8.0 - Cross Site Request Forgery (CSRF) vulnerability — Abandoned Cart Lite for WooCommerceCWE-352 4.3 Medium2026-06-26
CVE-2026-57635 WordPress FunnelKit Payment Gateway for Stripe WooCommerce plugin <= 1.14.0.3 - Cross Site Request Forgery (CSRF) vulnerability — FunnelKit Payment Gateway for Stripe WooCommerceCWE-352 6.5 Medium2026-06-26
CVE-2026-57633 WordPress WCBoost &#8211; Products Compare plugin <= 1.1.0 - Sensitive Data Exposure vulnerability — WCBoost &#8211; Products CompareCWE-497 5.3 Medium2026-06-26
CVE-2026-57630 WordPress Blocksy Companion Pro plugin <= 2.1.46 - Insecure Direct Object References (IDOR) vulnerability — Blocksy Companion ProCWE-639 5.3 Medium2026-06-26
CVE-2026-57325 WordPress NanoMag theme <= 1.8 - Cross Site Scripting (XSS) vulnerability — NanoMagCWE-79 7.1 High2026-06-26
CVE-2026-57324 WordPress GIFT4U plugin <= 1.0.10 - Broken Access Control vulnerability — GIFT4UCWE-862 6.5 Medium2026-06-26
CVE-2026-57323 WordPress Flash & HTML5 Video plugin <= 2.11.0 - Broken Access Control vulnerability — Flash & HTML5 VideoCWE-862 5.8 Medium2026-06-26
CVE-2026-57322 WordPress weMail plugin <= 2.1.2 - Reflected Cross Site Scripting (XSS) vulnerability — weMailCWE-79 7.1 High2026-06-26
CVE-2026-57319 WordPress FOX plugin <= 1.4.8 - Cross Site Scripting (XSS) vulnerability — FOXCWE-79 7.1 High2026-06-26
CVE-2026-57317 WordPress Simply Schedule Appointments plugin <= 1.6.12.2 - Cross Site Scripting (XSS) vulnerability — Simply Schedule AppointmentsCWE-79 7.1 High2026-06-26
CVE-2026-57314 WordPress SureCart plugin <= 4.3.2 - Reflected Cross Site Scripting (XSS) vulnerability — SureCartCWE-79 7.1 High2026-06-26
CVE-2026-57312 WordPress Everest Forms plugin <= 3.4.8 - Reflected Cross Site Scripting (XSS) vulnerability — Everest FormsCWE-79 7.1 High2026-06-26
CVE-2026-56072 WordPress WoodMart theme <= 8.5.3 - Cross Site Scripting (XSS) vulnerability — WoodMartCWE-79 7.1 High2026-06-26
CVE-2026-56070 WordPress Advance Product Search plugin <= 1.4.4 - SQL Injection vulnerability — Advance Product SearchCWE-89 9.3 Critical2026-06-26
CVE-2026-56068 WordPress JetEngine plugin <= 3.8.10.2 - SQL Injection vulnerability — JetEngineCWE-89 9.3 Critical2026-06-26
CVE-2026-56069 WordPress Toolset Forms plugin <= 2.6.24 - Insecure Direct Object References (IDOR) vulnerability — Toolset FormsCWE-639 7.5 High2026-06-26
CVE-2026-56067 WordPress JetSmartFilters plugin <= 3.8.3 - SQL Injection vulnerability — JetSmartFiltersCWE-89 9.3 Critical2026-06-26
CVE-2026-56066 WordPress ShortPixel Adaptive Images plugin <= 3.11.4 - Arbitrary File Deletion vulnerability — ShortPixel Adaptive ImagesCWE-22 5.8 Medium2026-06-26
CVE-2026-56063 WordPress MailChimp Block plugin <= 1.1.15 - Broken Access Control vulnerability — MailChimp BlockCWE-862 8.3 High2026-06-26
CVE-2026-56062 WordPress Quotes llama plugin <= 3.1.5 - SQL Injection vulnerability — Quotes llamaCWE-89 9.3 Critical2026-06-26

Vulnerabilities classified as access:pre-auth represent 20697 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.