Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1336 CNY

100%

access:pre-auth — CVE vulnerabilities tagged 21460

21460 CVE security advisories tagged "access:pre-auth" with AI Chinese analysis, CVSS, references and POCs.

The tag "access:pre-auth" identifies vulnerabilities that allow unauthenticated attackers to gain unauthorized access to a system, application, or network resource before legitimate credentials are verified. This classification is critical because it represents the lowest barrier to entry for exploitation, enabling remote code execution, data exfiltration, or full system compromise without prior authentication. Typical scenarios involve flaws in authentication mechanisms, such as broken access controls, insecure direct object references, or logic errors in session management that bypass login requirements. Attackers frequently target these weaknesses via exposed APIs, administrative interfaces, or default configurations. Because no user interaction or valid credentials are needed, pre-authentication flaws are among the most severe and widely exploited security issues, often leading to immediate breach of confidentiality, integrity, and availability across affected infrastructure.

CVE IDTitleCVSSSeverityPublished
CVE-2024-53850 The Addressing GLPI plugin allows data enumeration through uncontrolled object instantiation — addressingCWE-470 8.2 High2024-12-26
CVE-2024-53291 Dell NativeEdge 安全漏洞 — NativeEdgeCWE-1230 7.5 High2024-12-25
CVE-2023-5117 Exposure of Sensitive Information Due to Incompatible Policies in GitLab — GitLabCWE-213 3.7 Low2024-12-25
CVE-2024-10862 NEX-Forms <= 8.7.15 - Authenticated (Admin+) SQL Injection — NEX-Forms – Ultimate Forms Plugin for WordPressCWE-89 4.9 Medium2024-12-25
CVE-2024-11281 WooCommerce Point of Sale <= 6.1.0 - Insecure Direct Object Reference to Privilege Escalation via Arbitrary User Email Change — WooCommerce Point of SaleCWE-862 9.8 Critical2024-12-25
CVE-2024-12428 WP Data Access – App, Table, Form and Chart Builder plugin <= 5.5.22 - Unauthenticated SQL Injection — WP Data Access – App Builder for Tables, Forms, Charts, Maps & DashboardsCWE-89 7.5 High2024-12-25
CVE-2024-12636 Privacy Policy Generator, Terms & Conditions Generator WordPress Plugin : WP Legal Pages <= 3.2.7 - Cross-Site Request Forgery — Privacy Policy Generator – WPLP Legal PagesCWE-352 4.3 Medium2024-12-25
CVE-2024-12413 MarketKing — Ultimate WooCommerce Multivendor Marketplace Solution <= 2.0.00 - Missing Authorization — MarketKing — Ultimate WooCommerce Multivendor Marketplace SolutionCWE-862 5.3 Medium2024-12-25
CVE-2019-2483 Oracle iStore 安全漏洞 — Oracle iStore 6.1 -2024-12-24
CVE-2024-10584 DirectoryPress <= 3.6.16 - Authenticated (Author+) Stored Cross-Site Scripting — DirectoryPress – Business Directory And Classified Ad ListingCWE-434 5.4 Medium2024-12-24
CVE-2024-12103 Content No Cache: prevent specific content from being cached <= 0.1.2 - Unauthenticated Private Content Disclosure — Content No Cache | Serve uncached partial content even when you add it to a page that is fully cached.CWE-639 5.3 Medium2024-12-24
CVE-2024-12468 WP Datepicker <= 2.1.4 - Reflected Cross-Site Scripting — WP DatepickerCWE-79 6.1 Medium2024-12-24
CVE-2024-12100 Bitcoin Lightning Publisher for WordPress <= 1.4.1 - Reflected Cross-Site Scripting — Bitcoin Lightning Publisher for WordPressCWE-79 6.1 Medium2024-12-24
CVE-2024-12405 Export Customers Data <= 1.2.3 - Reflected Cross-Site Scripting — Export Customers DataCWE-79 6.1 Medium2024-12-24
CVE-2024-12034 Advanced Google reCAPTCHA <= 1.25 - Brute Force Protection IP Unblock — Advanced Google reCAPTCHACWE-340 5.3 Medium2024-12-24
CVE-2024-12266 ELEX WooCommerce Dynamic Pricing and Discounts <= 2.1.7 - Missing Authorization — ELEX WooCommerce Dynamic Pricing and DiscountsCWE-862 6.5 Medium2024-12-24
CVE-2024-12710 WP-Appbox <= 4.5.3 - Reflected Cross-Site Scripting — WP-AppboxCWE-79 6.1 Medium2024-12-24
CVE-2024-52321 Sharp多款产品 安全漏洞 — home 5G HR02CWE-497 7.5 -2024-12-23
CVE-2024-47864 Sharp HR02、Sharp SH-52B和Sharp SH-54C 安全漏洞 — home 5G HR02CWE-120 7.5 -2024-12-23
CVE-2024-46873 Sharp SH-05L、SH-52B、SH-54C和HR02 安全漏洞 — home 5G HR02CWE-489 9.8 -2024-12-23
CVE-2024-11688 LaTeX2HTML <= 2.5.5 - Reflected Cross-Site Scripting — LaTeX2HTMLCWE-79 6.1 Medium2024-12-21
CVE-2024-11722 Frontend Admin by DynamiApps <= 3.25.1 - Unauthenticated SQL Injection — Frontend Admin by DynamiAppsCWE-89 5.9 Medium2024-12-21
CVE-2024-12408 WP on AWS <= 5.2.1 - Reflected Cross-Site Scripting — WP on AWSCWE-79 6.1 Medium2024-12-21
CVE-2024-11808 Pingmeter Uptime Monitoring <= 1.0.3 - Reflected Cross-Site Scripting — Pingmeter Uptime MonitoringCWE-79 6.1 Medium2024-12-21
CVE-2024-11682 G Web Pro Store Locator <= 2.1 - Reflected Cross-Site Scripting — G Web Pro Store LocatorCWE-79 6.1 Medium2024-12-21
CVE-2024-11975 Reactflow Visitor Recording and Heatmaps <= 1.0.10 - Reflected Cross-Site Scripting — Reactflow Visitor Recording and HeatmapsCWE-79 6.1 Medium2024-12-21
CVE-2024-12262 Ebook Store <= 5.8001 - Reflected Cross-Site Scripting via 'step' — Ebook StoreCWE-79 6.1 Medium2024-12-21
CVE-2024-12771 eCommerce Product Catalog Plugin for WordPress <= 3.3.43 - Cross-Site Request Forgery to Password Reset — eCommerce Product Catalog Plugin for WordPressCWE-352 8.8 High2024-12-21
CVE-2024-11287 Ebook Store <= 5.8001 - Reflected Cross-Site Scripting — Ebook StoreCWE-79 6.1 Medium2024-12-21
CVE-2024-11977 kk Star Ratings – Rate Post & Collect User Feedbacks <= 5.4.10 - Unauthenticated Arbitrary Shortcode Execution — kk Star Ratings – Rate Post & Collect User FeedbacksCWE-94 7.3 High2024-12-21

Vulnerabilities classified as access:pre-auth represent 21460 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.