Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1336 CNY

100%

access:pre-auth — CVE vulnerabilities tagged 21175

21175 CVE security advisories tagged "access:pre-auth" with AI Chinese analysis, CVSS, references and POCs.

The tag "access:pre-auth" identifies vulnerabilities that allow unauthenticated attackers to gain unauthorized access to a system, application, or network resource before legitimate credentials are verified. This classification is critical because it represents the lowest barrier to entry for exploitation, enabling remote code execution, data exfiltration, or full system compromise without prior authentication. Typical scenarios involve flaws in authentication mechanisms, such as broken access controls, insecure direct object references, or logic errors in session management that bypass login requirements. Attackers frequently target these weaknesses via exposed APIs, administrative interfaces, or default configurations. Because no user interaction or valid credentials are needed, pre-authentication flaws are among the most severe and widely exploited security issues, often leading to immediate breach of confidentiality, integrity, and availability across affected infrastructure.

CVE IDTitleCVSSSeverityPublished
CVE-2025-11885 EchBay Admin Security <= 1.3.0 - Reflected Cross-Site Scripting — EchBay Admin SecurityCWE-79 6.1 Medium2025-11-21
CVE-2025-13142 Custom Post Type <= 1.0 - Cross-Site Request Forgery to Custom Post Type Deletion — Custom Post TypeCWE-352 4.3 Medium2025-11-21
CVE-2025-12894 Import WP – Export and Import CSV and XML files to WordPress <= 2.14.17 - Unauthenticated Information Exposure — Import WP – Export and Import CSV and XML files to WordPressCWE-552 5.3 Medium2025-11-21
CVE-2025-12170 Checkbox <= 2.8.10 - Missing Authorization to Unauthenticated Log Clearing — CheckboxCWE-862 5.3 Medium2025-11-21
CVE-2025-12746 Tainacan <= 1.0.0 - Reflected Cross-Site Scripting — TainacanCWE-79 6.1 Medium2025-11-21
CVE-2025-11368 LearnPress – WordPress LMS Plugin <= 4.2.9.4 - Missing Authorization to Unauthenticated Arbitrary Callback Execution to Information Exposure — LearnPress – WordPress LMS Plugin for Create and Sell Online CoursesCWE-200 5.3 Medium2025-11-21
CVE-2025-36153 IBM Concert Cross-Site Scripting — ConcertCWE-79 6.1 Medium2025-11-20
CVE-2025-62674 Missing Authentication for RTSP in iCam Cameras — P201CWE-306 6.8 Medium2025-11-20
CVE-2025-64770 Missing Authentication for ONVIF in iCam Cameras — P201CWE-306 6.8 Medium2025-11-20
CVE-2025-34320 BASIS BBj < 25.00 Unauthenticated Arbitrary File Read RCE — BASIS BBjCWE-22 9.1 -2025-11-20
CVE-2025-40601 SonicWALL SonicOS SSLVPN 安全漏洞 — SonicOSCWE-121 7.5 -2025-11-20
CVE-2025-11676 UPnP DOS in TL-WR940N V6 — TL-WR940N V6CWE-20 6.5 -2025-11-20
CVE-2025-12778 Ultimate Member Widgets for Elementor <= 2.3 - Missing Authorization to Unauthenticated Information Exposure — Ultimate Member Widgets for Elementor – WordPress User DirectoryCWE-862 5.3 Medium2025-11-20
CVE-2025-63807 Blogile 安全漏洞 — n/a 9.8 -2025-11-20
CVE-2025-13422 freeprojectscodes Sports Club Management System change_s_pwd.php sql injection — Sports Club Management SystemCWE-89 7.3 High2025-11-19
CVE-2025-13315 Unauthenticated log access in Twonky Server — Twonky ServerCWE-420 9.1AICriticalAI2025-11-19
CVE-2025-34329 AudioCodes Fax/IVR Appliance <= 2.6.23 Unauthenticated Backup Upload RCE via ajaxBackupUploadFile.php — AudioCodes Fax/IVR ApplianceCWE-434 9.8AICriticalAI2025-11-19
CVE-2025-34331 AudioCodes Fax/IVR Appliance <= 2.6.23 Unauthenticated File Read via download.php — AudioCodes Fax/IVR ApplianceCWE-306 7.5AIHighAI2025-11-19
CVE-2025-34328 AudioCodes Fax/IVR Appliance <= 2.6.23 Unauthenticated File Upload RCE via ajaxScript.php — AudioCodes Fax/IVR ApplianceCWE-434 9.8AICriticalAI2025-11-19
CVE-2025-34330 AudioCodes Fax/IVR Appliance <= 2.6.23 Unauthenticated Prompt File Upload via ajaxPromptUploadFile.php — AudioCodes Fax/IVR ApplianceCWE-434 9.8AICriticalAI2025-11-19
CVE-2025-34336 eGovFramework <= 4.3.1 Unauthenticated File Upload via Web Editor Image Upload Endpoints — eGovFramework/egovframe-common-componentsCWE-434 9.1AICriticalAI2025-11-19
CVE-2025-34337 eGovFramework <= 4.3.1 Unauthenticated Encryption Oracle via Web Editor Image Upload Endpoints — eGovFramework/egovframe-common-componentsCWE-345 9.1AICriticalAI2025-11-19
CVE-2025-13206 GiveWP - Donation Plugin and Fundraising Platform <= 4.13.0 - Unauthenticated Stored Cross-Site Scripting via 'name' — GiveWP – Donation Plugin and Fundraising PlatformCWE-79 7.2 High2025-11-19
CVE-2025-12484 Giveaways and Contests by RafflePress – Get More Website Traffic, Email Subscribers, and Social Followers <= 1.12.19 - Unauthenticated Stored Cross-Site Scripting — Giveaways and Contests by RafflePress – Get More Website Traffic, Email Subscribers, and Social FollowersCWE-79 7.2 High2025-11-19
CVE-2025-12535 SureForms <= 1.13.1 - Cross-Site Request Forgery Protection Bypass via Improper Nonce Distribution — SureForms – Contact Form, Payment Form & Other Custom Form BuilderCWE-352 5.3 Medium2025-11-19
CVE-2025-12057 WavePlayer < 3.8.0 - Unauthenticated Arbitrary File Upload — WavePlayer 9.8AICriticalAI2025-11-19
CVE-2025-12646 Community Events <= 1.5.4 - Unauthenticated SQL Injection — Community EventsCWE-89 7.5 High2025-11-19
CVE-2025-12842 Booking Plugin for WordPress Appointments – Time Slot <= 1.4.7 - Unauthenticated Arbitrary Email Sending — Time Slot – Booking and Appointment SystemCWE-20 5.3 Medium2025-11-19
CVE-2025-12349 Email Subscribers & Newsletters <= 5.9.10 - Missing Authentication to Unauthenticated Mailing Queue Trigger — Email Subscribers & Newsletters – Email Marketing, Post Notifications & Newsletter Plugin for WordPressCWE-306 5.3 Medium2025-11-19
CVE-2025-12426 Quiz Maker <= 6.7.0.80 - Unauthenticated Sensitive Information Exposure — Quiz MakerCWE-200 5.3 Medium2025-11-19

Vulnerabilities classified as access:pre-auth represent 21175 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.