CWE-287
Improper Authentication
Description
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-114 · CAPEC-115 · CAPEC-151 · CAPEC-194 · CAPEC-22 · CAPEC-57 · CAPEC-593 · CAPEC-633 · CAPEC-650 · CAPEC-94
CVEs mapped to this weakness (2,419)
page 7 of 121| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-12287 | Cri | 0.64 | 9.8 | 0.01 | Dec 18, 2024 | The Biagiotti Membership plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 1.0.2. This is due to the plugin not properly verifying a user's identity prior to authenticating them. This makes it possible for unauthenticated attackers… | ||
| CVE-2024-11015 | Cri | 0.64 | 9.8 | 0.01 | Dec 12, 2024 | The Sign In With Google plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 1.8.0. This is due to the 'authenticate_user' user function not implementing sufficient null value checks when setting the access token and user information.… | ||
| CVE-2020-36832 | Cri | 0.64 | 9.8 | 0.01 | Oct 16, 2024 | The Ultimate Membership Pro plugin for WordPress is vulnerable to Authentication Bypass in versions between, and including, 7.3 to 8.6. This makes it possible for unauthenticated attackers to login as any user, including the site administrator with a default user ID of 1, via… | ||
| CVE-2024-41798 | Cri | 0.64 | 9.8 | 0.01 | Oct 8, 2024 | A vulnerability has been identified in SENTRON 7KM PAC3200 (All versions). Affected devices only provide a 4-digit PIN to protect from administrative access via Modbus TCP interface. Attackers with access to the Modbus TCP interface could easily bypass this protection by… | ||
| CVE-2024-5432 | Cri | 0.64 | 9.8 | 0.01 | Jun 20, 2024 | The Lifeline Donation plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.2.6. This is due to insufficient verification on the user being supplied during the checkout through the plugin. This makes it possible for unauthenticated… | ||
| CVE-2024-37019 | Cri | 0.64 | 9.8 | 0.01 | Jun 3, 2024 | Northern.tech Mender Enterprise before 3.6.4 and 3.7.x before 3.7.4 has Weak Authentication. | ||
| CVE-2024-3263 | Cri | 0.64 | 9.8 | 0.01 | May 14, 2024 | YMS VIS Pro is an information system for veterinary and food administration, veterinarians and farm. Due to a combination of improper method for system credentials generation and weak password policy, passwords can be easily guessed and enumerated through brute force attacks.… | ||
| CVE-2023-51484 | Cri | 0.64 | 9.8 | 0.01 | Apr 25, 2024 | Improper Authentication vulnerability in wp-buy Login as User or Customer (User Switching) allows Privilege Escalation.This issue affects Login as User or Customer (User Switching): from n/a through 3.8. | ||
| CVE-2023-51482 | Cri | 0.64 | 9.9 | 0.01 | Apr 25, 2024 | Improper Authentication vulnerability in EazyPlugins Eazy Plugin Manager allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Eazy Plugin Manager: from n/a through 4.1.2. | ||
| CVE-2023-51478 | Cri | 0.64 | 9.8 | 0.01 | Apr 25, 2024 | Improper Authentication vulnerability in Abdul Hakeem Build App Online allows Privilege Escalation.This issue affects Build App Online: from n/a through 1.0.19. | ||
| CVE-2023-51477 | Cri | 0.64 | 9.8 | 0.01 | Apr 24, 2024 | Improper Authentication vulnerability in BUDDYBOSS DMCC BuddyBoss Theme allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects BuddyBoss Theme: from n/a through 2.4.60. | ||
| CVE-2023-51472 | Cri | 0.64 | 9.8 | 0.01 | Apr 24, 2024 | Improper Authentication vulnerability in Mestres do WP Checkout Mestres WP allows Privilege Escalation.This issue affects Checkout Mestres WP: from n/a through 7.1.9.7. | ||
| CVE-2024-1148 | Cri | 0.64 | 9.8 | 0.01 | Mar 21, 2024 | Weak access control in OpenText PVCS Version Manager allows potential bypassing of authentication and uploading of files. | ||
| CVE-2024-1147 | — | Cri | 0.64 | 9.8 | 0.01 | Mar 21, 2024 | Weak access control in OpenText PVCS Version Manager allows potential bypassing of authentication and download of files. | |
| CVE-2023-49340 | Cri | 0.64 | 9.8 | 0.01 | Mar 9, 2024 | An issue was discovered in Newland Nquire 1000 Interactive Kiosk version NQ1000-II_G_V1.00.011, allows remote attackers to escalate privileges and bypass authentication via incorrect access control in the web management portal. | ||
| CVE-2023-2437 | Cri | 0.64 | 9.8 | 0.07 | Nov 22, 2023 | The UserPro plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 5.1.1. This is due to insufficient verification on the user being supplied during a Facebook login through the plugin. This makes it possible for unauthenticated attackers… | ||
| CVE-2023-4669 | Cri | 0.64 | 9.8 | 0.01 | Sep 14, 2023 | Authentication Bypass by Assumed-Immutable Data vulnerability in Exagate SYSGuard 3001 allows Authentication Bypass. This issue affects SYSGuard 3001: before 3.2.20.0. | ||
| CVE-2023-2499 | Cri | 0.64 | 9.8 | 0.01 | May 16, 2023 | The RegistrationMagic plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 5.2.1.0. This is due to insufficient verification on the user being supplied during a Google social login through the plugin. This makes it possible for… | ||
| CVE-2023-2297 | Cri | 0.64 | 9.8 | 0.01 | Apr 27, 2023 | The Profile Builder – User Profile & User Registration Forms plugin for WordPress is vulnerable to unauthorized password resets in versions up to, and including 3.9.0. This is due to the plugin using native password reset functionality, with insufficient validation on the… | ||
| CVE-2023-24831 | — | Cri | 0.64 | 9.8 | 0.01 | Apr 17, 2023 | Improper Authentication vulnerability in Apache Software Foundation Apache IoTDB.This issue affects Apache IoTDB Grafana Connector: from 0.13.0 through 0.13.3. Attackers could login without authorization. This is fixed in 0.13.4. |
- risk 0.64cvss 9.8epss 0.01
The Biagiotti Membership plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 1.0.2. This is due to the plugin not properly verifying a user's identity prior to authenticating them. This makes it possible for unauthenticated attackers…
- risk 0.64cvss 9.8epss 0.01
The Sign In With Google plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 1.8.0. This is due to the 'authenticate_user' user function not implementing sufficient null value checks when setting the access token and user information.…
- risk 0.64cvss 9.8epss 0.01
The Ultimate Membership Pro plugin for WordPress is vulnerable to Authentication Bypass in versions between, and including, 7.3 to 8.6. This makes it possible for unauthenticated attackers to login as any user, including the site administrator with a default user ID of 1, via…
- risk 0.64cvss 9.8epss 0.01
A vulnerability has been identified in SENTRON 7KM PAC3200 (All versions). Affected devices only provide a 4-digit PIN to protect from administrative access via Modbus TCP interface. Attackers with access to the Modbus TCP interface could easily bypass this protection by…
- risk 0.64cvss 9.8epss 0.01
The Lifeline Donation plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.2.6. This is due to insufficient verification on the user being supplied during the checkout through the plugin. This makes it possible for unauthenticated…
- risk 0.64cvss 9.8epss 0.01
Northern.tech Mender Enterprise before 3.6.4 and 3.7.x before 3.7.4 has Weak Authentication.
- risk 0.64cvss 9.8epss 0.01
YMS VIS Pro is an information system for veterinary and food administration, veterinarians and farm. Due to a combination of improper method for system credentials generation and weak password policy, passwords can be easily guessed and enumerated through brute force attacks.…
- risk 0.64cvss 9.8epss 0.01
Improper Authentication vulnerability in wp-buy Login as User or Customer (User Switching) allows Privilege Escalation.This issue affects Login as User or Customer (User Switching): from n/a through 3.8.
- risk 0.64cvss 9.9epss 0.01
Improper Authentication vulnerability in EazyPlugins Eazy Plugin Manager allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Eazy Plugin Manager: from n/a through 4.1.2.
- risk 0.64cvss 9.8epss 0.01
Improper Authentication vulnerability in Abdul Hakeem Build App Online allows Privilege Escalation.This issue affects Build App Online: from n/a through 1.0.19.
- risk 0.64cvss 9.8epss 0.01
Improper Authentication vulnerability in BUDDYBOSS DMCC BuddyBoss Theme allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects BuddyBoss Theme: from n/a through 2.4.60.
- risk 0.64cvss 9.8epss 0.01
Improper Authentication vulnerability in Mestres do WP Checkout Mestres WP allows Privilege Escalation.This issue affects Checkout Mestres WP: from n/a through 7.1.9.7.
- risk 0.64cvss 9.8epss 0.01
Weak access control in OpenText PVCS Version Manager allows potential bypassing of authentication and uploading of files.
- risk 0.64cvss 9.8epss 0.01
Weak access control in OpenText PVCS Version Manager allows potential bypassing of authentication and download of files.
- risk 0.64cvss 9.8epss 0.01
An issue was discovered in Newland Nquire 1000 Interactive Kiosk version NQ1000-II_G_V1.00.011, allows remote attackers to escalate privileges and bypass authentication via incorrect access control in the web management portal.
- risk 0.64cvss 9.8epss 0.07
The UserPro plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 5.1.1. This is due to insufficient verification on the user being supplied during a Facebook login through the plugin. This makes it possible for unauthenticated attackers…
- risk 0.64cvss 9.8epss 0.01
Authentication Bypass by Assumed-Immutable Data vulnerability in Exagate SYSGuard 3001 allows Authentication Bypass. This issue affects SYSGuard 3001: before 3.2.20.0.
- risk 0.64cvss 9.8epss 0.01
The RegistrationMagic plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 5.2.1.0. This is due to insufficient verification on the user being supplied during a Google social login through the plugin. This makes it possible for…
- risk 0.64cvss 9.8epss 0.01
The Profile Builder – User Profile & User Registration Forms plugin for WordPress is vulnerable to unauthorized password resets in versions up to, and including 3.9.0. This is due to the plugin using native password reset functionality, with insufficient validation on the…
- risk 0.64cvss 9.8epss 0.01
Improper Authentication vulnerability in Apache Software Foundation Apache IoTDB.This issue affects Apache IoTDB Grafana Connector: from 0.13.0 through 0.13.3. Attackers could login without authorization. This is fixed in 0.13.4.