VYPR

CWE-288

Authentication Bypass Using an Alternate Path or Channel

BaseIncomplete

Description

The product requires authentication, but the product has an alternate path or channel that does not require authentication.

Hierarchy (View 1000)

Parents

Related attack patterns (CAPEC)

CAPEC-127 · CAPEC-665

CVEs mapped to this weakness (336)

page 11 of 17
  • CVE-2025-7692HigJul 22, 2025
    risk 0.53cvss 8.1epss 0.01

    The Orion Login with SMS plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 1.0.5. This is due to the olws_handle_verify_phone() function not utilizing a strong enough OTP value, exposing the hash needed to generate the OTP value,…

  • CVE-2025-29996HigMar 13, 2025
    risk 0.53cvss epss 0.00

    This vulnerability exists in the CAP back office application due to improper implementation of OTP verification mechanism in its API based login. A remote attacker with valid credentials could exploit this vulnerability by manipulating API request URL/payload. Successful…

  • CVE-2025-0749HigMar 7, 2025
    risk 0.53cvss 8.1epss 0.00

    The Homey theme for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.4.3. This is due to the 'verification_id' value being set to empty, and the not empty check is missing in the dashboard user profile page. This makes it possible for…

  • CVE-2023-2781HigJun 3, 2023
    risk 0.53cvss 8.1epss 0.01

    The User Email Verification for WooCommerce plugin for WordPress is vulnerable to authentication bypass via authenticate_user_by_email in versions up to, and including, 3.5.0. This is due to a random token generation weakness in the resend_verification_email function. This…

  • CVE-2016-5018CriAug 10, 2017
    risk 0.53cvss 9.1epss 0.10

    In Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 a malicious web application was able to bypass a configured SecurityManager via a Tomcat utility method that was accessible to web applications.

  • CVE-2026-40582CriApr 18, 2026
    risk 0.52cvss epss 0.01

    ChurchCRM is an open-source church management system. In versions prior to 7.2.0, the /api/public/user/login endpoint validates only the username and password before returning the user's API key, bypassing the normal authentication flow that enforces account lockout and…

  • CVE-2026-34040HigMar 31, 2026
    risk 0.51cvss 8.8epss 0.08

    Moby is an open source container framework. Prior to version 29.3.1, a security vulnerability has been detected that allows attackers to bypass authorization plugins (AuthZ). This issue has been patched in version 29.3.1.

  • CVE-2025-22230HigMar 25, 2025
    risk 0.51cvss 7.8epss 0.00

    VMware Tools for Windows contains an authentication bypass vulnerability due to improper access control. A malicious actor with non-administrative privileges on a guest VM may gain ability to perform certain high privilege operations within that VM.

  • CVE-2024-9890HigOct 26, 2024
    risk 0.51cvss 8.8epss 0.01

    The User Toolkit plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.2.3. This is due to an improper capability check in the 'switchUser' function. This makes it possible for authenticated attackers, with subscriber-level permissions…

  • CVE-2023-2546HigJun 6, 2023
    risk 0.51cvss 8.8epss 0.01

    The WP User Switch plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.0.2. This is due to incorrect authentication checking in the 'wpus_allow_user_to_admin_bar_menu' function with the 'wpus_who_switch' cookie value. This makes it…

  • CVE-2025-24206HigApr 29, 2025
    risk 0.50cvss 7.7epss 0.00

    An authentication issue was addressed with improved state management. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.4, visionOS 2.4. An attacker on the local network may be able to bypass…

  • CVE-2025-26511HigFeb 13, 2025
    risk 0.50cvss 8.8epss 0.01

    Systems running the Instaclustr fork of Stratio's Cassandra-Lucene-Index plugin versions 4.0-rc1-1.0.0 through 4.0.16-1.0.0 and 4.1.2-1.0.0 through 4.1.8-1.0.0, installed into Apache Cassandra version 4.x, are susceptible to a vulnerability which when successfully exploited…

  • CVE-2024-5204HigMay 29, 2024
    risk 0.50cvss 8.8epss 0.01

    The Swiss Toolkit For WP plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.0.7. This is due to the plugin storing custom data in post metadata without an underscore prefix. This makes it possible for authenticated attackers with…

  • CVE-2026-42668HigJun 15, 2026
    risk 0.49cvss 7.5epss 0.00

    Unauthenticated Broken Authentication in Email Marketing for WooCommerce by Omnisend <= 1.18.0 versions.

  • CVE-2026-40781HigJun 15, 2026
    risk 0.49cvss 7.5epss 0.00

    Unauthenticated Broken Authentication in ReviewX <= 2.3.6 versions.

  • CVE-2026-40780HigJun 2, 2026
    risk 0.49cvss 7.5epss 0.00

    Authentication Bypass Using an Alternate Path or Channel vulnerability in Liquid Web / StellarWP BookIt allows Password Recovery Exploitation. This issue affects BookIt: from n/a before 2.5.4.1.

  • CVE-2026-42760HigMay 27, 2026
    risk 0.49cvss 7.5epss 0.00

    Authentication Bypass Using an Alternate Path or Channel vulnerability in revmakx Backup and Staging by WP Time Capsule wp-time-capsule allows Password Recovery Exploitation.This issue affects Backup and Staging by WP Time Capsule: from n/a through <= 1.22.25.

  • CVE-2024-44286HigApr 2, 2026
    risk 0.49cvss 7.5epss 0.00

    This issue was addressed through improved state management. This issue is fixed in macOS Sequoia 15.1. An attacker with physical access can input keyboard events to apps running on a locked device.

  • CVE-2026-32678HigMar 27, 2026
    risk 0.49cvss 7.5epss 0.00

    Authentication bypass issue exists in BUFFALO Wi-Fi router products, which may allow an attacker to alter critical configuration settings without authentication.

  • CVE-2026-25002HigMar 25, 2026
    risk 0.49cvss 7.5epss 0.00

    Authentication Bypass Using an Alternate Path or Channel vulnerability in ThimPress LearnPress – Sepay Payment learnpress-sepay-payment allows Authentication Abuse.This issue affects LearnPress – Sepay Payment: from n/a through <= 4.0.0.