CWE-288
Authentication Bypass Using an Alternate Path or Channel
BaseIncomplete
Description
The product requires authentication, but the product has an alternate path or channel that does not require authentication.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-127 · CAPEC-665
CVEs mapped to this weakness (254)
page 4 of 13| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-53187 | Cri | 0.64 | 9.8 | 0.00 | Aug 11, 2025 | Due to an issue in configuration, code that was intended for debugging purposes was included in the market release of the ASPECT FW allowing an attacker to bypass authentication. This vulnerability may allow an attacker to change the system time, access files, and make function calls without prior authentication. This issue affects all versions of ASPECT prior to 3.08.04-s01 | |
| CVE-2025-7710 | Cri | 0.64 | 9.8 | 0.00 | Aug 2, 2025 | The Brave Conversion Engine (PRO) plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 0.7.7. This is due to the plugin not properly restricting a claimed identity while authenticating with Facebook. This makes it possible for unauthenticated attackers to log in as other users, including administrators. | |
| CVE-2025-6895 | Cri | 0.64 | 9.8 | 0.01 | Jul 26, 2025 | The Melapress Login Security plugin for WordPress is vulnerable to Authentication Bypass due to missing authorization within the get_valid_user_based_on_token() function in versions 2.1.0 to 2.1.1. This makes it possible for unauthenticated attackers who know an arbitrary user meta value to bypass authentication checks and log in as that user. | |
| CVE-2025-7444 | Cri | 0.64 | 9.8 | 0.01 | Jul 18, 2025 | The LoginPress Pro plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 5.0.1. This is due to insufficient verification on the user being returned by the social login token. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the email and the user does not have an already-existing account for the service returning the token. | |
| CVE-2025-51381 | Cri | 0.64 | 9.8 | 0.00 | Jun 18, 2025 | An authentication bypass vulnerability exists in KCM3100 Ver1.4.2 and earlier. If this vulnerability is exploited, an attacker may bypass the authentication of the product from within the LAN to which the product is connected. | |
| CVE-2025-31022 | Cri | 0.64 | 9.8 | 0.00 | Jun 9, 2025 | Authentication Bypass Using an Alternate Path or Channel vulnerability in PayU India PayU India payu-india allows Authentication Abuse.This issue affects PayU India: from n/a through < 3.8.8. | |
| CVE-2025-4797 | Cri | 0.64 | 9.8 | 0.01 | Jun 3, 2025 | The Golo - City Travel Guide WordPress Theme theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.7.0. This is due to the plugin not properly validating a user's identity prior to setting an authorization cookie. This makes it possible for unauthenticated attackers to log in as any user, including administrators, provided they know the user's email address. CVE-2025-54725 is likely a duplicate of this issue. | |
| CVE-2025-46412 | Cri | 0.64 | 9.8 | 0.00 | May 21, 2025 | Affected Vertiv products do not properly protect webserver functions that could allow an attacker to bypass authentication. | |
| CVE-2025-3844 | Cri | 0.64 | 9.8 | 0.01 | May 7, 2025 | The PeproDev Ultimate Profile Solutions plugin for WordPress is vulnerable to Authentication Bypass in versions 1.9.1 to 7.5.2. This is due to handel_ajax_req() function not having proper restrictions on the change_user_meta functionality that makes it possible to set a OTP code and subsequently log in with that OTP code. This makes it possible for unauthenticated attackers to login as other users on the site, including administrators. | |
| CVE-2025-31095 | Cri | 0.64 | 9.8 | 0.00 | Apr 1, 2025 | Authentication Bypass Using an Alternate Path or Channel vulnerability in Hossein Material Dashboard material-dashboard allows Authentication Bypass.This issue affects Material Dashboard: from n/a through <= 1.4.5. | |
| CVE-2024-13442 | Cri | 0.64 | 9.8 | 0.00 | Mar 19, 2025 | The Service Finder Bookings plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 5.0. This is due to the plugin not properly validating a user's identity prior to (1) performing a post-booking auto-login or (2) updating their profile details (e.g. password). This makes it possible for unauthenticated attackers to (1) login as an arbitrary user if their email address is known or (2) change an arbitrary user's password, including administrators, and leverage that to gain access to their account. | |
| CVE-2024-13771 | Cri | 0.64 | 9.8 | 0.00 | Mar 14, 2025 | The Civi - Job Board & Freelance Marketplace WordPress Theme plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 2.1.4. This is due to a lack of user validation before changing a password. This makes it possible for unauthenticated attackers to change the password of arbitrary users, including administrators, if the attacker knows the username of the victim. | |
| CVE-2025-1515 | Cri | 0.64 | 9.8 | 0.00 | Mar 5, 2025 | The WP Real Estate Manager plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 2.8. This is due to insufficient identity verification on the LinkedIn login request process. This makes it possible for unauthenticated attackers to bypass official authentication and log in as any user on the site, including administrators. | |
| CVE-2025-1671 | Cri | 0.64 | 9.8 | 0.00 | Mar 1, 2025 | The Academist Membership plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.1.6. This is due to the academist_membership_check_facebook_user() function not properly verifying a user's identity prior to authenticating them. This makes it possible for unauthenticated attackers to log in as any user, including site administrators. | |
| CVE-2025-1638 | Cri | 0.64 | 9.8 | 0.00 | Mar 1, 2025 | The Alloggio Membership plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 1.0.2. This is due to the plugin not properly validating a user's identity through the alloggio_membership_init_rest_api_facebook_login and alloggio_membership_init_rest_api_google_login functions. This makes it possible for unauthenticated attackers to log in as any user, including administrators, without knowing a password. | |
| CVE-2025-1564 | Cri | 0.64 | 9.8 | 0.00 | Mar 1, 2025 | The SetSail Membership plugin for WordPress is vulnerable to in all versions up to, and including, 1.0.3. This is due to the plugin not properly verifying a users identity through the social login. This makes it possible for unauthenticated attackers to log in as any user, including administrators and take over access to their account. | |
| CVE-2025-26966 | Cri | 0.64 | 9.8 | 0.00 | Feb 25, 2025 | Authentication Bypass Using an Alternate Path or Channel vulnerability in Aldo Latino PrivateContent private-content.This issue affects PrivateContent: from n/a through <= 8.11.5. | |
| CVE-2024-13182 | Cri | 0.64 | 9.8 | 0.00 | Feb 13, 2025 | The WP Directorybox Manager plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 2.5. This is due to incorrect authentication in the 'wp_dp_parse_request' function. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator. | |
| CVE-2025-0181 | Cri | 0.64 | 9.8 | 0.00 | Feb 11, 2025 | The WP Foodbakery plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 4.8. This is due to the plugin not properly validating a user's identity prior to setting the current user and their authentication cookie. This makes it possible for unauthenticated attackers to gain access to a target user's (e.g. administrators) account. | |
| CVE-2025-0316 | Cri | 0.64 | 9.8 | 0.00 | Feb 8, 2025 | The WP Directorybox Manager plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.5. This is due to incorrect authentication in the 'wp_dp_enquiry_agent_contact_form_submit_callback' function. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the username. |