Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1336 CNY

100%

access:pre-auth — CVE vulnerabilities tagged 21457

21457 CVE security advisories tagged "access:pre-auth" with AI Chinese analysis, CVSS, references and POCs.

The tag "access:pre-auth" identifies vulnerabilities that allow unauthenticated attackers to gain unauthorized access to a system, application, or network resource before legitimate credentials are verified. This classification is critical because it represents the lowest barrier to entry for exploitation, enabling remote code execution, data exfiltration, or full system compromise without prior authentication. Typical scenarios involve flaws in authentication mechanisms, such as broken access controls, insecure direct object references, or logic errors in session management that bypass login requirements. Attackers frequently target these weaknesses via exposed APIs, administrative interfaces, or default configurations. Because no user interaction or valid credentials are needed, pre-authentication flaws are among the most severe and widely exploited security issues, often leading to immediate breach of confidentiality, integrity, and availability across affected infrastructure.

CVE IDTitleCVSSSeverityPublished
CVE-2024-12322 ThePerfectWedding.nl Widget <= 2.8 - Cross-Site Request Forgery to Stored Cross-Site Scripting — ThePerfectWedding.nl WidgetCWE-352 8.8 High2025-01-07
CVE-2024-12470 School Management System – SakolaWP <= 1.0.8 - Unauthenticated Privilege Escalation — School Management System – SakolaWPCWE-266 9.8 Critical2025-01-07
CVE-2024-9208 Enable Accessibility <= 1.4.1 - Reflected Cross-Site Scripting — Enable AccessibilityCWE-79 6.1 Medium2025-01-07
CVE-2024-12159 Optimize Your Campaigns – Google Shopping – Google Ads – Google Adwords <= 3.1 - Information Exposure — Optimize Your Campaigns – Google Shopping – Google Ads – Google AdwordsCWE-200 5.3 Medium2025-01-07
CVE-2024-12176 WordLift – AI powered SEO – Schema <= 3.54.2 - Missing Authorization to Authenticated (Subscriber+) Settings Update — WordLift – AI powered SEO – SchemaCWE-862 5.3 Medium2025-01-07
CVE-2024-12256 Simple Video Management System <= 1.0.4 - Reflected Cross-Site Scripting — Simple Video Management SystemCWE-79 6.1 Medium2025-01-07
CVE-2024-11290 Member Access <= 1.1.6 - Unauthenticated Content Restriction Bypass to Sensitive Information Exposure — Member AccessCWE-200 5.3 Medium2025-01-07
CVE-2024-12264 PayU CommercePro Plugin <= 3.8.3 - Unauthenticated Privilege Escalation — PayU CommercePro PluginCWE-287 9.8 Critical2025-01-07
CVE-2024-11377 Automate Hub Free by Sperse.IO <= 1.7.0 - Reflected Cross-Site Scripting — Automate Hub Free by Sperse.IOCWE-79 6.1 Medium2025-01-07
CVE-2024-12158 Popup – MailChimp, GetResponse and ActiveCampaign Intergrations <= 3.2.6 - Missing Authorization to Unauthenticated DB Table Truncation — Popup – MailChimp, GetResponse and ActiveCampaign IntergrationsCWE-862 5.3 Medium2025-01-07
CVE-2024-11363 Same but Different – Related Posts by Taxonomy <= 1.0.16 - Reflected Cross-Site Scripting — Same but Different – Related Posts by TaxonomyCWE-79 6.1 Medium2025-01-07
CVE-2024-12153 GDY Modular Content <= 0.9.92 - Reflected Cross-Site Scripting — GDY Modular ContentCWE-79 6.1 Medium2025-01-07
CVE-2024-12252 SEO LAT Auto Post <= 2.2.1 - Missing Authorization to File Overwrite/Upload (Remote Code Execution) — SEO LAT Auto PostCWE-94 9.8 Critical2025-01-07
CVE-2024-12291 ViewMedica 9 <= 1.4.17 - Cross-Site Request Forgery to Reflected Cross-Site Scripting — ViewMedica 9CWE-352 6.1 Medium2025-01-07
CVE-2024-12290 Infility Global <= 2.9.8 - Reflected Cross-Site Scripting via set_type Parameter — Infility GlobalCWE-79 6.1 Medium2025-01-07
CVE-2024-12313 Compare Products for WooCommerce <= 3.2.1 - Unauthenticated PHP Object Injection — Compare Products for WooCommerceCWE-502 8.1 High2025-01-07
CVE-2024-12170 ViewMedica Embed <= 1.4.15 - Cross-Site Request Forgery to SQL Injection — ViewMedica 9CWE-352 5.4 Medium2025-01-07
CVE-2024-11375 WC1C <= 0.23.0 - Reflected Cross-Site Scripting — WC1CCWE-79 6.1 Medium2025-01-07
CVE-2024-11378 Bizapp for WooCommerce <= 2.0.8 - Reflected Cross-Site Scripting — Bizapp for WooCommerceCWE-79 6.1 Medium2025-01-07
CVE-2024-12288 Simple add pages or posts <= 2.0.0 - Cross-Site Request Forgery to Reflected Cross-Site Scripting — Simple add pages or postsCWE-352 6.1 Medium2025-01-07
CVE-2024-11690 Financial Stocks & Crypto Market Data Plugin <= 1.10.3 - Reflected Cross-Site Scripting — Financial Stocks & Crypto Market Data PluginCWE-79 6.1 Medium2025-01-07
CVE-2024-12126 SEO Keywords <= 1.1.3 - Reflected Cross-Site Scripting via google_error Parameter — SEO KeywordsCWE-79 6.1 Medium2025-01-07
CVE-2024-12157 Popup – MailChimp, GetResponse and ActiveCampaign Intergrations <= 3.2.6 - Unauthenticated SQL Injection — Popup – MailChimp, GetResponse and ActiveCampaign IntergrationsCWE-89 7.5 High2025-01-07
CVE-2024-12214 WooCommerce HSS Extension for Streaming Video <= 3.31 - Reflected Cross-Site Scripting via videolink Parameter — WooCommerce HSS Extension for Streaming VideoCWE-79 6.1 Medium2025-01-07
CVE-2024-11434 WP – Bulk SMS – by SMS.to <= 1.0.12 - Reflected Cross-Site Scripting — WP – Bulk SMS – by SMS.toCWE-79 6.1 Medium2025-01-07
CVE-2024-12049 Woo Ukrposhta <= 1.17.11 - Reflected Cross-Site Scripting via order, post, and idd Parameters — UkrposhtaCWE-79 6.1 Medium2025-01-07
CVE-2024-12098 ARS Affiliate Page Plugin <= 2.0.2 - Reflected Cross-Site Scripting — ARS Affiliate Page PluginCWE-79 6.1 Medium2025-01-07
CVE-2024-12559 ClickDesigns <= 1.8.0 - Missing Authorization to API Key Modification or Removal — ClickDesignsCWE-862 5.3 Medium2025-01-07
CVE-2024-12416 Woomotiv <= 3.6.1 - Unauthenticated SQL Injection — Live Sales Notification for Woocommerce – WoomotivCWE-89 7.5 High2025-01-07
CVE-2024-12419 Design for Contact Form 7 Style WordPress Plugin – CF7 WOW Styler <= 1.7.1 - Unauthenticated Arbitrary Shortcode Execution and Reflected Cross-Site Scripting — WOW Styler for CF7 – Visual Styler for Contact Form 7 FormsCWE-94 6.5 Medium2025-01-07

Vulnerabilities classified as access:pre-auth represent 21457 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.