Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1336 CNY

100%

access:pre-auth — CVE vulnerabilities tagged 21230

21230 CVE security advisories tagged "access:pre-auth" with AI Chinese analysis, CVSS, references and POCs.

The tag "access:pre-auth" identifies vulnerabilities that allow unauthenticated attackers to gain unauthorized access to a system, application, or network resource before legitimate credentials are verified. This classification is critical because it represents the lowest barrier to entry for exploitation, enabling remote code execution, data exfiltration, or full system compromise without prior authentication. Typical scenarios involve flaws in authentication mechanisms, such as broken access controls, insecure direct object references, or logic errors in session management that bypass login requirements. Attackers frequently target these weaknesses via exposed APIs, administrative interfaces, or default configurations. Because no user interaction or valid credentials are needed, pre-authentication flaws are among the most severe and widely exploited security issues, often leading to immediate breach of confidentiality, integrity, and availability across affected infrastructure.

CVE IDTitleCVSSSeverityPublished
CVE-2025-12055 Unauthenticated Local File Disclosure in MPDV Mikrolab MIP 2 / FEDRA 2 / HYDRA X Manufacturing Execution System — MIP 2CWE-22 7.5AIHighAI2025-10-27
CVE-2025-11154 IDonate < 2.1.13 - Unauthenticated User Deletion — IDonate 6.5AIMediumAI2025-10-27
CVE-2025-10497 Allocation of Resources Without Limits or Throttling in GitLab — GitLabCWE-770 7.5 High2025-10-27
CVE-2025-11974 Allocation of Resources Without Limits or Throttling in GitLab — GitLabCWE-770 6.5 Medium2025-10-27
CVE-2025-11447 Allocation of Resources Without Limits or Throttling in GitLab — GitLabCWE-770 7.5 High2025-10-27
CVE-2025-27225 Rocket TRUfusion Enterprise 安全漏洞 — n/a 7.5AIHighAI2025-10-27
CVE-2023-37749 HubSpot 安全漏洞 — n/a 5.3AIMediumAI2025-10-27
CVE-2025-55757 Extension - virtuemart.net - XSS in VirtueMart component 1.0.0 - 4.4.10 for Joomla — Virtuemart component for JoomlaCWE-79 6.1 -2025-10-25
CVE-2025-4203 wpForo Forum <= 2.4.8 - Unauthenticated SQL Injection via get_members Function — wpForo ForumCWE-89 7.5 High2025-10-25
CVE-2025-8416 Product Filter by WBW <= 2.9.7 - Unauthenticated SQL Injection — Product Filter for WooCommerce by WBWCWE-89 7.5 High2025-10-25
CVE-2025-11976 FuseWP – WordPress User Sync to Email List & Marketing Automation (Mailchimp, Constant Contact, ActiveCampaign etc.) <= 1.1.23.0 - Cross-Site Request Forgery to Sync Rule Creation — FuseWP – WordPress User Sync to Email List & Marketing Automation (Mailchimp, Constant Contact, ActiveCampaign etc.)CWE-352 4.3 Medium2025-10-25
CVE-2025-10637 Social Feed Gallery <= 4.9.2 - Missing Authorization to Unauthenticated Information Exposure — Social Feed GalleryCWE-862 5.3 Medium2025-10-25
CVE-2025-9322 Stripe Payment Forms <= 8.3.1 - Unauthenticated SQL Injection — Stripe Payment Forms by WP Full Pay – Accept Credit Card Payments, Donations & SubscriptionsCWE-89 7.5 High2025-10-25
CVE-2025-11497 Advanced Database Cleaner <= 3.1.6 - Cross-Site Request Forgery to Settings Manipulation — Advanced Database Cleaner – Optimize & Clean Database to Speed Up Site PerformanceCWE-20 4.3 Medium2025-10-25
CVE-2025-10488 Directorist: AI-Powered Business Directory Plugin with Classified Ads Listings <= 8.4.8 - Authenticated (Subscriber+) Arbitrary File Move — Directorist: AI-Powered Business Directory, Listings & Classified AdsCWE-22 8.1 High2025-10-25
CVE-2025-10694 User Feedback – Create Interactive Feedback Form, User Surveys, and Polls in Seconds <= 1.8.0 - Missing Authorization to Information Disclosure — UserFeedback – Create Interactive Feedback Form, User Surveys, and Polls in SecondsCWE-862 5.3 Medium2025-10-25
CVE-2025-12095 Simple Registration for WooCommerce <= 1.5.8 - Cross-Site Request Forgery to Privilege Escalation via Role Request Approval — Simple Registration for WooCommerceCWE-352 8.8 High2025-10-25
CVE-2025-11564 Tutor LMS – eLearning and online course solution <= 3.8.3 - Missing Authorization to Unauthenticated Payment Status Update — Tutor LMS – eLearning and online course solutionCWE-862 5.3 Medium2025-10-25
CVE-2025-11238 Watu Quiz <= 3.4.4 - Unauthenticated Stored Cross-Site Scripting via HTTP Referer — Watu QuizCWE-79 7.2 High2025-10-25
CVE-2025-11269 Product Filter by WBW <= 3.0.0 - Missing Authorization to Unauthenticated Settings Update — Product Filter for WooCommerce by WBWCWE-862 5.3 Medium2025-10-25
CVE-2025-11760 eRoom – Webinar & Meeting Plugin for Zoom, Google Meet, Microsoft Teams <= 1.5.6 - Unauthenticated Sensitive Information Exposure — eRoom – Webinar & Meeting Plugin for Zoom, Google Meet, Microsoft TeamsCWE-200 5.3 Medium2025-10-25
CVE-2025-62716 Plane Vulnerable to Cross-Site Scripting via Open Redirect in ?next_path Parameter — planeCWE-79 8.1 High2025-10-24
CVE-2025-62714 Karmada Dashboard API Unauthorized Access Vulnerability — dashboardCWE-862 7.5 -2025-10-24
CVE-2025-43994 Dell Storage Manager 访问控制错误漏洞 — Dell Storage ManagerCWE-306 8.6 High2025-10-24
CVE-2025-43995 Dell Storage Manager 授权问题漏洞 — Dell Storage ManagerCWE-287 9.8 Critical2025-10-24
CVE-2025-11576 AI Chatbot Free Models – Customer Support, Live Chat, Virtual Assistant <= 1.6.5 - Unauthenticated CSV Injection — AI Chatbot Free Models – Customer Support, Live Chat, Virtual AssistantCWE-1236 4.3 Medium2025-10-24
CVE-2025-10861 Popup builder with Gamification, Multi-Step Popups, Page-Level Targeting, and WooCommerce Triggers <= 2.1.4 - Unauthenticated Server-Side Request Forgery — Popup builder with Gamification, Multi-Step Popups, Page-Level Targeting, and WooCommerce TriggersCWE-918 7.5 High2025-10-24
CVE-2025-12134 ZoloBlocks <= 2.3.11 - Missing Authorization to Unauthenticated Popup Enable/Disable — ZoloBlocks – Gutenberg Block Editor Plugin with Advanced Blocks, Dynamic Content, Templates & PatternsCWE-862 5.3 Medium2025-10-24
CVE-2025-12017 VNPAY for Woocommerce <= 1.0.0 - Reflected Cross-Site Scripting — VNPAY Payment gatewayCWE-79 6.1 Medium2025-10-24
CVE-2025-11504 Quickcreator – AI Blog Writer 0.0.9 - 0.1.17 - Unauthenticated API Key Exposure — Quickcreator – AI Blog WriterCWE-532 7.5 High2025-10-24

Vulnerabilities classified as access:pre-auth represent 21230 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.