CWE-288
Authentication Bypass Using an Alternate Path or Channel
BaseIncomplete
Description
The product requires authentication, but the product has an alternate path or channel that does not require authentication.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-127 · CAPEC-665
CVEs mapped to this weakness (254)
page 7 of 13| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-2704 | Cri | 0.64 | 9.8 | 0.00 | May 19, 2023 | The BP Social Connect plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.5. This is due to insufficient verification on the user being supplied during a Facebook login through the plugin. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the email. | |
| CVE-2023-2499 | Cri | 0.64 | 9.8 | 0.01 | May 16, 2023 | The RegistrationMagic plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 5.2.1.0. This is due to insufficient verification on the user being supplied during a Google social login through the plugin. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the email. | |
| CVE-2023-2027 | Cri | 0.64 | 9.8 | 0.00 | Apr 15, 2023 | The ZM Ajax Login & Register plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.0.2. This is due to insufficient verification on the user being supplied during a Facebook login through the plugin. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the username. | |
| CVE-2022-0992 | Cri | 0.64 | 9.8 | 0.04 | Apr 19, 2022 | The SiteGround Security plugin for WordPress is vulnerable to authentication bypass that allows unauthenticated users to log in as administrative users due to missing identity verification on initial 2FA set-up that allows unauthenticated and unauthorized users to configure 2FA for pending accounts. Upon successful configuration, the attacker is logged in as that user without access to a username/password pair which is the expected first form of authentication. This affects versions up to, and including, 1.2.5. | |
| CVE-2017-9944 | Cri | 0.64 | 9.8 | 0.03 | Dec 27, 2017 | A vulnerability has been identified in Siemens 7KT PAC1200 data manager (7KT1260) in all versions < V2.03. The integrated web server (port 80/tcp) of the affected devices could allow an unauthenticated remote attacker to perform administrative operations over the network. | |
| CVE-2025-10571 | Cri | 0.62 | 9.6 | 0.00 | Nov 20, 2025 | Authentication Bypass Using an Alternate Path or Channel vulnerability in ABB ABB Ability Edgenius.This issue affects ABB Ability Edgenius: 3.2.0.0, 3.2.1.1. | |
| CVE-2026-33950 | Cri | 0.61 | 9.4 | 0.00 | Apr 2, 2026 | Signal K Server is a server application that runs on a central hub in a boat. Prior to version 2.24.0-beta.4, there is a privilege escalation vulnerability by Admin Role Injection via /enableSecurity. An unauthenticated attacker can gain full Administrator access to the SignalK server at any time, allowing them to modify sensitive vessel routing data, alter server configurations, and access restricted endpoints. This issue has been patched in version 2.24.0-beta.4. | |
| CVE-2025-34143 | Cri | 0.61 | — | 0.02 | Jul 22, 2025 | An authentication bypass vulnerability exists in ETQ Reliance on the CG (legacy) platform. The application allowed login as the privileged internal SYSTEM user by manipulating the username field. The SYSTEM account does not require a password, enabling attackers with network access to the login page to obtain elevated access. Once authenticated, an attacker could achieve remote code execution by modifying Jython scripts within the application. This issue was resolved by introducing stricter validation logic to exclude internal accounts from public authentication workflows in version MP-4583. | |
| CVE-2025-9313 | Cri | 0.60 | — | 0.00 | Oct 28, 2025 | An unauthenticated user can connect to a publicly accessible database using arbitrary credentials. The system grants full access to the database by leveraging a previously authenticated connection through a "mmBackup" application. This flaw allows attackers to bypass authentication mechanisms and gain unauthorized access to database with sensitive data. This issue affects Asseco mMedica in versions before 11.9.5. | |
| CVE-2025-11534 | Cri | 0.60 | — | 0.00 | Oct 21, 2025 | The affected Raisecom devices allow SSH sessions to be established without completing user authentication. This could allow attackers to gain shell access without valid credentials. | |
| CVE-2025-2492 | Cri | 0.60 | — | 0.00 | Apr 18, 2025 | An improper authentication control vulnerability exists in AiCloud. This vulnerability can be triggered by a crafted request, potentially leading to unauthorized execution of functions. Refer to the 'ASUS Router AiCloud vulnerability' section on the ASUS Security Advisory for more information. | |
| CVE-2025-2080 | Cri | 0.60 | — | 0.00 | Mar 13, 2025 | Optigo Networks Visual BACnet Capture Tool and Optigo Visual Networks Capture Tool version 3.1.2rc11 contain an exposed web management service that could allow an attacker to bypass authentication measures and gain controls over utilities within the products. | |
| CVE-2026-40582 | Cri | 0.59 | — | 0.00 | Apr 18, 2026 | ChurchCRM is an open-source church management system. In versions prior to 7.2.0, the /api/public/user/login endpoint validates only the username and password before returning the user's API key, bypassing the normal authentication flow that enforces account lockout and two-factor authentication checks. An attacker with knowledge of a user's password can obtain API access even when the account is locked or has 2FA enabled, granting direct access to all protected API endpoints with that user's privileges. This issue has been fixed in version 7.2.0. Note: this issue had a duplicate, GHSA-472m-p3gf-46xp, which has been closed. | |
| CVE-2024-50488 | Hig | 0.59 | 8.8 | 0.26 | Oct 28, 2024 | Authentication Bypass Using an Alternate Path or Channel vulnerability in yespbs Token Login token-login allows Authentication Bypass.This issue affects Token Login: from n/a through <= 1.0.3. | |
| CVE-2024-34524 | Cri | 0.59 | 9.1 | 0.00 | May 6, 2024 | In XLANG OpenAgents through fe73ac4, the allowed_file protection mechanism can be bypassed by using an incorrect file extension for the nature of the file content. | |
| CVE-2024-9890 | Hig | 0.58 | 8.8 | 0.15 | Oct 26, 2024 | The User Toolkit plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.2.3. This is due to an improper capability check in the 'switchUser' function. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to log in as any existing user on the site, such as an administrator. CVE-2024-50503 may be a duplicate. | |
| CVE-2026-24359 | Hig | 0.57 | 8.8 | 0.00 | Mar 25, 2026 | Authentication Bypass Using an Alternate Path or Channel vulnerability in Dokan, Inc. Dokan dokan-lite allows Authentication Abuse.This issue affects Dokan: from n/a through <= 4.2.4. | |
| CVE-2026-27390 | Hig | 0.57 | 8.8 | 0.00 | Mar 5, 2026 | Authentication Bypass Using an Alternate Path or Channel vulnerability in designthemes WeDesignTech Ultimate Booking Addon wedesigntech-ultimate-booking-addon allows Authentication Abuse.This issue affects WeDesignTech Ultimate Booking Addon: from n/a through <= 1.0.1. | |
| CVE-2026-1241 | Hig | 0.57 | — | 0.00 | Feb 26, 2026 | The Pelco, Inc. Sarix Professional 3 Series Cameras are vulnerable to an authentication bypass issue in their web management interface. The flaw stems from inadequate enforcement of access controls, allowing certain functionality to be accessed without proper authentication. This weakness can lead to unauthorized viewing of live video streams, creating privacy concerns and operational risks for organizations relying on these cameras. Additionally, it may expose operators to regulatory and compliance challenges. | |
| CVE-2025-67998 | Hig | 0.57 | 8.8 | 0.00 | Feb 20, 2026 | Authentication Bypass Using an Alternate Path or Channel vulnerability in kamleshyadav Miraculous Elementor miraculous-el allows Authentication Abuse.This issue affects Miraculous Elementor: from n/a through <= 2.0.7. |