Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1336 CNY

100%

access:pre-auth — CVE vulnerabilities tagged 21363

21363 CVE security advisories tagged "access:pre-auth" with AI Chinese analysis, CVSS, references and POCs.

The tag "access:pre-auth" identifies vulnerabilities that allow unauthenticated attackers to gain unauthorized access to a system, application, or network resource before legitimate credentials are verified. This classification is critical because it represents the lowest barrier to entry for exploitation, enabling remote code execution, data exfiltration, or full system compromise without prior authentication. Typical scenarios involve flaws in authentication mechanisms, such as broken access controls, insecure direct object references, or logic errors in session management that bypass login requirements. Attackers frequently target these weaknesses via exposed APIs, administrative interfaces, or default configurations. Because no user interaction or valid credentials are needed, pre-authentication flaws are among the most severe and widely exploited security issues, often leading to immediate breach of confidentiality, integrity, and availability across affected infrastructure.

CVE IDTitleCVSSSeverityPublished
CVE-2024-12020 Reflected Cross-Site Scripting (XSS) — LogicalDOC EnterpriseCWE-79 6.1 -2025-03-14
CVE-2024-54445 Blind SQLi in Login — LogicalDOC CommunityCWE-89 9.1 -2025-03-14
CVE-2023-48785 Fortinet FortiNAC-F 信任管理问题漏洞 — FortiNAC-FCWE-295 4.4 Medium2025-03-14
CVE-2024-40590 Fortinet FortiPortal 信任管理问题漏洞 — FortiPortalCWE-295 4.4 Medium2025-03-14
CVE-2024-13773 Civi - Job Board & Freelance Marketplace WordPress Theme <= 2.1.4 - Sensitive Information Exposure — Civi - Job Board & Freelance Marketplace WordPress ThemeCWE-321 7.3 High2025-03-14
CVE-2024-13772 Civi - Job Board & Freelance Marketplace WordPress Theme <= 2.1.6.1 - Authentication Bypass — Civi - Job Board & Freelance Marketplace WordPress ThemeCWE-288 5.6 Medium2025-03-14
CVE-2025-2232 Realteo - Real Estate Plugin by Purethemes <= 1.2.8 - Authentication Bypass via 'do_register_user' — RealteoCWE-269 9.8 Critical2025-03-14
CVE-2024-13771 Civi - Job Board & Freelance Marketplace WordPress Theme <= 2.1.4 - Authentication Bypass via Password Update — Civi - Job Board & Freelance Marketplace WordPress ThemeCWE-288 9.8 Critical2025-03-14
CVE-2024-26006 Fortinet FortiOS 安全漏洞 — FortiProxyCWE-79 6.9 High2025-03-14
CVE-2025-1507 ShareThis Dashboard for Google Analytics <= 3.2.1 - Missing Authorization to Unauthenticated Feature Deactivation — ShareThis Dashboard for Google AnalyticsCWE-862 5.3 Medium2025-03-14
CVE-2024-13321 AnalyticsWP <= 2.0.0 - Unauthenticated SQL Injection — AnalyticsWPCWE-89 7.5 High2025-03-14
CVE-2024-13824 CiyaShop - Multipurpose WooCommerce Theme <= 4.19.0 - Unauthenticated PHP Object Injection — CiyaShop - Multipurpose WooCommerce ThemeCWE-502 9.8 Critical2025-03-14
CVE-2025-2221 WPCOM Member <= 1.7.6 - Unauthenticated Time-Based SQL Injection — WPCOM MemberCWE-89 7.5 High2025-03-14
CVE-2024-13913 InstaWP Connect – 1-click WP Staging & Migration <= 0.1.0.83 - Cross-Site Request Forgery to Local File Inclusion — InstaWP Connect – 1-click WP Staging & MigrationCWE-352 8.8 High2025-03-14
CVE-2025-1764 LoginPress <= 3.3.1 - Cross-Site Request Forgery to Arbitrary Options Update — LoginPress | wp-login Custom Login Page CustomizerCWE-352 7.5 High2025-03-14
CVE-2025-2056 WP Ghost <= 5.4.01 - Unauthenticated Limited File Read — WP Ghost (Hide My WP Ghost) – Security & FirewallCWE-23 7.5 High2025-03-14
CVE-2025-0955 VidoRev Extensions <= 2.9.9.9.9.9.5 - Missing Authorization to Unauthenticated Youtube Video Import — VidoRev ExtensionsCWE-862 5.3 Medium2025-03-14
CVE-2024-11283 WP JobHunt <= 7.1 - Authentication Bypass to Candidate — WP JobHuntCWE-289 7.5 High2025-03-14
CVE-2024-11286 WP JobHunt <= 7.1 - Authentication Bypass — WP JobHuntCWE-288 9.8 Critical2025-03-14
CVE-2024-11284 WP JobHunt <= 7.1 - Unauthenticated Privilege Escalation via Password Reset/Account Takeover — WP JobHuntCWE-639 9.8 Critical2025-03-14
CVE-2025-2166 CM FAQ – Simplify support with an intuitive FAQ management tool <= 1.2.5 - Reflected Cross-Site Scripting — CM FAQ – Simplify support with an intuitive FAQ management toolCWE-79 6.1 Medium2025-03-14
CVE-2025-1285 Resido - Real Estate WordPress Theme <= 3.6 - Missing Authorization to Unauthenticated Server-Side Request Forgery and API Key Settings Update — Resido - Real Estate WordPress ThemeCWE-862 5.3 Medium2025-03-14
CVE-2024-11285 WP JobHunt <= 7.1 - Unauthenticated Privilege Escalation via Email Update/Account Takeover — WP JobHuntCWE-639 9.8 Critical2025-03-14
CVE-2025-2264 Santesoft Sante PACS Server Path Traversal Information Disclosure — Sante PACS ServerCWE-22 7.5 High2025-03-13
CVE-2025-2263 Santesoft Sante PACS Server Stack-based Buffer Overflow — Sante PACS ServerCWE-121 9.8 Critical2025-03-13
CVE-2024-10942 All in One WP Migration <= 7.89 - Unauthenticated PHP Object Injection — All-in-One WP Migration and BackupCWE-502 7.5 High2025-03-13
CVE-2025-21104 Dell NetWorker 输入验证错误漏洞 — NetWorkerCWE-601 4.3 Medium2025-03-13
CVE-2025-29994 Improper Authentication Vulnerability in CAP back office application — CAP back office applicationCWE-1390 8.2 -2025-03-13
CVE-2025-1119 Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin <= 1.6.8.5 - Unauthenticated Arbitrary Shortcode Execution — Appointment Booking Calendar — Simply Schedule Appointments Booking PluginCWE-94 7.3 High2025-03-13
CVE-2025-1561 AppPresser – Mobile App Framework <= 4.4.10 - Unauthenticated Stored Cross-Site Scripting — AppPresser – Mobile App FrameworkCWE-79 7.2 High2025-03-13

Vulnerabilities classified as access:pre-auth represent 21363 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.