CWE-288
Authentication Bypass Using an Alternate Path or Channel
Description
The product requires authentication, but the product has an alternate path or channel that does not require authentication.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-127 · CAPEC-665
CVEs mapped to this weakness (336)
page 5 of 17| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-43234 | Cri | 0.64 | 9.8 | 0.01 | Dec 16, 2024 | Authentication Bypass Using an Alternate Path or Channel vulnerability in WofficeIO Woffice woffice allows Authentication Bypass.This issue affects Woffice: from n/a through <= 5.4.14. | ||
| CVE-2024-54297 | Cri | 0.64 | 9.8 | 0.01 | Dec 13, 2024 | Authentication Bypass Using an Alternate Path or Channel vulnerability in extremeidea vBSSO-lite vbsso-lite allows Authentication Bypass.This issue affects vBSSO-lite: from n/a through <= 1.4.3. | ||
| CVE-2024-54296 | Cri | 0.64 | 9.8 | 0.01 | Dec 13, 2024 | Authentication Bypass Using an Alternate Path or Channel vulnerability in Codexpert, Inc CoSchool LMS coschool allows Authentication Bypass.This issue affects CoSchool LMS: from n/a through <= 1.4.3. | ||
| CVE-2024-54295 | Cri | 0.64 | 9.8 | 0.01 | Dec 13, 2024 | Authentication Bypass Using an Alternate Path or Channel vulnerability in FluxBuilder ListApp Mobile Manager listapp-mobile-manager allows Authentication Bypass.This issue affects ListApp Mobile Manager: from n/a through <= 1.7.7. | ||
| CVE-2024-54294 | Cri | 0.64 | 9.8 | 0.01 | Dec 13, 2024 | Authentication Bypass Using an Alternate Path or Channel vulnerability in Appgenix Infotech Firebase OTP Authentication authentication-via-otp-using-firebase allows Authentication Bypass.This issue affects Firebase OTP Authentication: from n/a through <= 1.0.1. | ||
| CVE-2024-11925 | Cri | 0.64 | 9.8 | 0.01 | Nov 28, 2024 | The JobSearch WP Job Board plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 2.6.7. This is due to the plugin not properly verifying a users identity when verifying an email address through the user_account_activation function. This… | ||
| CVE-2024-33610 | — | Cri | 0.64 | 9.1 | 0.45 | Nov 26, 2024 | "sessionlist.html" and "sys_trayentryreboot.html" are accessible with no authentication. "sessionlist.html" provides logged-in users' session information including session cookies, and "sys_trayentryreboot.html" allows to reboot the device. As for the details of affected product… | |
| CVE-2024-50503 | Cri | 0.64 | 9.8 | 0.01 | Oct 30, 2024 | Authentication Bypass Using an Alternate Path or Channel vulnerability in Deryck User Toolkit user-toolkit allows Authentication Bypass.This issue affects User Toolkit: from n/a through <= 1.2.3. | ||
| CVE-2024-9989 | Cri | 0.64 | 9.8 | 0.07 | Oct 29, 2024 | The Crypto plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.18. This is due to a limited arbitrary method call to 'crypto_connect_ajax_process::log_in' function in the 'crypto_connect_ajax_process' function. This makes it possible… | ||
| CVE-2024-50489 | Cri | 0.64 | 9.8 | 0.01 | Oct 28, 2024 | Authentication Bypass Using an Alternate Path or Channel vulnerability in realtyworkstation Realty Workstation realty-workstation allows Authentication Bypass.This issue affects Realty Workstation: from n/a through <= 1.0.45. | ||
| CVE-2024-50487 | Cri | 0.64 | 9.8 | 0.01 | Oct 28, 2024 | Authentication Bypass Using an Alternate Path or Channel vulnerability in Acnoo MaanStore API maanstore-api allows Authentication Bypass.This issue affects MaanStore API: from n/a through <= 1.0.1. | ||
| CVE-2024-50486 | Cri | 0.64 | 9.8 | 0.01 | Oct 28, 2024 | Authentication Bypass Using an Alternate Path or Channel vulnerability in Acnoo Acnoo Flutter API acnoo-flutter-api allows Authentication Bypass.This issue affects Acnoo Flutter API: from n/a through <= 1.0.5. | ||
| CVE-2024-9931 | Cri | 0.64 | 9.8 | 0.01 | Oct 26, 2024 | The Wux Blog Editor plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.0.0. This is due to missing validation on the token being supplied during the autologin through the plugin. This makes it possible for unauthenticated attackers to… | ||
| CVE-2024-9930 | Cri | 0.64 | 9.8 | 0.01 | Oct 26, 2024 | The Extensions by HocWP Team plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 0.2.3.2. This is due to missing validation on the user being supplied in the 'verify_email' action. This makes it possible for unauthenticated attackers to… | ||
| CVE-2024-49604 | Cri | 0.64 | 9.8 | 0.01 | Oct 20, 2024 | Authentication Bypass Using an Alternate Path or Channel vulnerability in N-Media Simple User Registration wp-registration allows Authentication Bypass.This issue affects Simple User Registration: from n/a through <= 6.7. | ||
| CVE-2024-9893 | Cri | 0.64 | 9.8 | 0.01 | Oct 16, 2024 | The Nextend Social Login Pro plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 3.1.14. This is due to insufficient verification on the user being returned by the social login token. This makes it possible for unauthenticated… | ||
| CVE-2024-49247 | Cri | 0.64 | 9.8 | 0.01 | Oct 16, 2024 | Authentication Bypass Using an Alternate Path or Channel vulnerability in SK BuddyPress Better Registration better-bp-registration allows Authentication Bypass.This issue affects BuddyPress Better Registration: from n/a through <= 1.6. | ||
| CVE-2024-9105 | Cri | 0.64 | 9.8 | 0.01 | Oct 16, 2024 | The UltimateAI plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.8.3. This is due to insufficient verification on the user being supplied in the 'ultimate_ai_register_or_login_with_google' function. This makes it possible for… | ||
| CVE-2024-6684 | Cri | 0.64 | — | 0.01 | Aug 12, 2024 | Authentication Bypass Using an Alternate Path or Channel vulnerability in GST Electronics inohom Nova Panel N7 allows Authentication Bypass. This issue affects inohom Nova Panel N7: through 1.9.9.6. NOTE: The vendor was contacted and it was learned that the product is not… | ||
| CVE-2024-5432 | Cri | 0.64 | 9.8 | 0.01 | Jun 20, 2024 | The Lifeline Donation plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.2.6. This is due to insufficient verification on the user being supplied during the checkout through the plugin. This makes it possible for unauthenticated… |
- risk 0.64cvss 9.8epss 0.01
Authentication Bypass Using an Alternate Path or Channel vulnerability in WofficeIO Woffice woffice allows Authentication Bypass.This issue affects Woffice: from n/a through <= 5.4.14.
- risk 0.64cvss 9.8epss 0.01
Authentication Bypass Using an Alternate Path or Channel vulnerability in extremeidea vBSSO-lite vbsso-lite allows Authentication Bypass.This issue affects vBSSO-lite: from n/a through <= 1.4.3.
- risk 0.64cvss 9.8epss 0.01
Authentication Bypass Using an Alternate Path or Channel vulnerability in Codexpert, Inc CoSchool LMS coschool allows Authentication Bypass.This issue affects CoSchool LMS: from n/a through <= 1.4.3.
- risk 0.64cvss 9.8epss 0.01
Authentication Bypass Using an Alternate Path or Channel vulnerability in FluxBuilder ListApp Mobile Manager listapp-mobile-manager allows Authentication Bypass.This issue affects ListApp Mobile Manager: from n/a through <= 1.7.7.
- risk 0.64cvss 9.8epss 0.01
Authentication Bypass Using an Alternate Path or Channel vulnerability in Appgenix Infotech Firebase OTP Authentication authentication-via-otp-using-firebase allows Authentication Bypass.This issue affects Firebase OTP Authentication: from n/a through <= 1.0.1.
- risk 0.64cvss 9.8epss 0.01
The JobSearch WP Job Board plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 2.6.7. This is due to the plugin not properly verifying a users identity when verifying an email address through the user_account_activation function. This…
- risk 0.64cvss 9.1epss 0.45
"sessionlist.html" and "sys_trayentryreboot.html" are accessible with no authentication. "sessionlist.html" provides logged-in users' session information including session cookies, and "sys_trayentryreboot.html" allows to reboot the device. As for the details of affected product…
- risk 0.64cvss 9.8epss 0.01
Authentication Bypass Using an Alternate Path or Channel vulnerability in Deryck User Toolkit user-toolkit allows Authentication Bypass.This issue affects User Toolkit: from n/a through <= 1.2.3.
- risk 0.64cvss 9.8epss 0.07
The Crypto plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.18. This is due to a limited arbitrary method call to 'crypto_connect_ajax_process::log_in' function in the 'crypto_connect_ajax_process' function. This makes it possible…
- risk 0.64cvss 9.8epss 0.01
Authentication Bypass Using an Alternate Path or Channel vulnerability in realtyworkstation Realty Workstation realty-workstation allows Authentication Bypass.This issue affects Realty Workstation: from n/a through <= 1.0.45.
- risk 0.64cvss 9.8epss 0.01
Authentication Bypass Using an Alternate Path or Channel vulnerability in Acnoo MaanStore API maanstore-api allows Authentication Bypass.This issue affects MaanStore API: from n/a through <= 1.0.1.
- risk 0.64cvss 9.8epss 0.01
Authentication Bypass Using an Alternate Path or Channel vulnerability in Acnoo Acnoo Flutter API acnoo-flutter-api allows Authentication Bypass.This issue affects Acnoo Flutter API: from n/a through <= 1.0.5.
- risk 0.64cvss 9.8epss 0.01
The Wux Blog Editor plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.0.0. This is due to missing validation on the token being supplied during the autologin through the plugin. This makes it possible for unauthenticated attackers to…
- risk 0.64cvss 9.8epss 0.01
The Extensions by HocWP Team plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 0.2.3.2. This is due to missing validation on the user being supplied in the 'verify_email' action. This makes it possible for unauthenticated attackers to…
- risk 0.64cvss 9.8epss 0.01
Authentication Bypass Using an Alternate Path or Channel vulnerability in N-Media Simple User Registration wp-registration allows Authentication Bypass.This issue affects Simple User Registration: from n/a through <= 6.7.
- risk 0.64cvss 9.8epss 0.01
The Nextend Social Login Pro plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 3.1.14. This is due to insufficient verification on the user being returned by the social login token. This makes it possible for unauthenticated…
- risk 0.64cvss 9.8epss 0.01
Authentication Bypass Using an Alternate Path or Channel vulnerability in SK BuddyPress Better Registration better-bp-registration allows Authentication Bypass.This issue affects BuddyPress Better Registration: from n/a through <= 1.6.
- risk 0.64cvss 9.8epss 0.01
The UltimateAI plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.8.3. This is due to insufficient verification on the user being supplied in the 'ultimate_ai_register_or_login_with_google' function. This makes it possible for…
- risk 0.64cvss —epss 0.01
Authentication Bypass Using an Alternate Path or Channel vulnerability in GST Electronics inohom Nova Panel N7 allows Authentication Bypass. This issue affects inohom Nova Panel N7: through 1.9.9.6. NOTE: The vendor was contacted and it was learned that the product is not…
- risk 0.64cvss 9.8epss 0.01
The Lifeline Donation plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.2.6. This is due to insufficient verification on the user being supplied during the checkout through the plugin. This makes it possible for unauthenticated…