VYPR

CWE-290

Authentication Bypass by Spoofing

BaseIncomplete

Description

This attack-focused weakness is caused by incorrectly implemented authentication schemes that are subject to spoofing attacks.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-21 · CAPEC-22 · CAPEC-459 · CAPEC-461 · CAPEC-473 · CAPEC-476 · CAPEC-59 · CAPEC-60 · CAPEC-667 · CAPEC-94

CVEs mapped to this weakness (280)

page 9 of 14
  • CVE-2026-34025MedJun 15, 2026
    risk 0.34cvss epss 0.00

    The Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, contains an IP restriction bypass vulnerability in the login process. The application restricts user logins based on the IP address associated with a branch location, but the client IP address is derived from…

  • CVE-2026-32492MedMar 25, 2026
    risk 0.34cvss 5.3epss 0.00

    Authentication Bypass by Spoofing vulnerability in Joe Dolson My Tickets my-tickets allows Identity Spoofing.This issue affects My Tickets: from n/a through <= 2.1.1.

  • CVE-2025-58595MedNov 6, 2025
    risk 0.34cvss 5.3epss 0.00

    Authentication Bypass by Spoofing vulnerability in Saad Iqbal All In One Login change-wp-admin-login allows Identity Spoofing.This issue affects All In One Login: from n/a through <= 2.0.8.

  • CVE-2025-61783MedOct 9, 2025
    risk 0.34cvss epss 0.01

    Python Social Auth is a social authentication/registration mechanism. In versions prior to 5.6.0, upon authentication, the user could be associated by e-mail even if the `associate_by_email` pipeline was not included. This could lead to account compromise when a third-party…

  • CVE-2025-25055MedFeb 18, 2025
    risk 0.34cvss 5.3epss 0.00

    Authentication bypass by spoofing issue exists in FileMegane versions above 1.0.0.0 prior to 3.4.0.0, which may lead to user impersonation. If exploited, restricted file contents may be accessed.

  • CVE-2025-24628MedJan 27, 2025
    risk 0.34cvss 5.3epss 0.00

    Authentication Bypass by Spoofing vulnerability in bestwebsoft Google Captcha google-captcha allows Identity Spoofing.This issue affects Google Captcha: from n/a through <= 1.78.

  • CVE-2023-41133MedDec 13, 2024
    risk 0.34cvss 5.3epss 0.01

    Authentication Bypass by Spoofing vulnerability in Michal Novák Secure Admin IP allows Functionality Bypass.This issue affects Secure Admin IP: from n/a through 2.0.

  • CVE-2024-37430MedJul 9, 2024
    risk 0.34cvss 5.3epss 0.00

    Authentication Bypass by Spoofing vulnerability in patreon Patreon WordPress patreon-connect.This issue affects Patreon WordPress: from n/a through <= 1.9.0.

  • CVE-2023-52176MedJun 4, 2024
    risk 0.34cvss 5.3epss 0.00

    Authentication Bypass by Spoofing vulnerability in miniorange Malware Scanner allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Malware Scanner: from n/a through 4.7.1.

  • CVE-2023-51542MedJun 4, 2024
    risk 0.34cvss 5.3epss 0.00

    Authentication Bypass by Spoofing vulnerability in WPMU DEV Branda allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Branda: from n/a through 3.4.14.

  • CVE-2023-48753MedJun 4, 2024
    risk 0.34cvss 5.3epss 0.00

    Authentication Bypass by Spoofing vulnerability in 10up Restricted Site Access allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Restricted Site Access: from n/a through 7.4.1.

  • CVE-2023-48271MedJun 4, 2024
    risk 0.34cvss 5.3epss 0.00

    Authentication Bypass by Spoofing vulnerability in yonifre Maspik – Spam blacklist allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Maspik – Spam blacklist: from n/a through 0.10.3.

  • CVE-2023-41134MedJun 4, 2024
    risk 0.34cvss 5.3epss 0.00

    Authentication Bypass by Spoofing vulnerability in pluginkollektiv Antispam Bee allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Antispam Bee: from n/a through 2.11.3.

  • CVE-2024-32827MedMay 17, 2024
    risk 0.34cvss 5.3epss 0.00

    Authentication Bypass by Spoofing vulnerability in RafflePress Giveaways and Contests allows Functionality Bypass.This issue affects Giveaways and Contests: from n/a through 1.12.7.

  • CVE-2024-33917MedMay 17, 2024
    risk 0.34cvss 5.3epss 0.00

    Authentication Bypass by Spoofing vulnerability in webtechideas WTI Like Post allows Functionality Bypass.This issue affects WTI Like Post: from n/a through 1.4.6.

  • CVE-2024-30522MedMay 17, 2024
    risk 0.34cvss 5.3epss 0.00

    Authentication Bypass by Spoofing vulnerability in Stefano Lissa & The Newsletter Team Newsletter allows Functionality Bypass.This issue affects Newsletter: from n/a through 8.2.0.

  • CVE-2024-30479MedMay 17, 2024
    risk 0.34cvss 5.3epss 0.01

    Authentication Bypass by Spoofing vulnerability in LionScripts IP Blocker Lite allows Functionality Bypass.This issue affects IP Blocker Lite: from n/a through 11.1.1.

  • CVE-2024-21746MedMay 17, 2024
    risk 0.34cvss 5.3epss 0.00

    Authentication Bypass by Spoofing vulnerability in Roxnor Wp Ultimate Review wp-ultimate-review allows Identity Spoofing.This issue affects Wp Ultimate Review: from n/a through <= 2.3.6.

  • CVE-2024-34397MedMay 7, 2024
    risk 0.34cvss 5.2epss 0.01

    An issue was discovered in GNOME GLib before 2.78.5, and 2.79.x and 2.80.x before 2.80.1. When a GDBus-based client subscribes to signals from a trusted system service such as NetworkManager on a shared computer, other users of the same computer can send spoofed D-Bus signals…

  • CVE-2026-0385MedMar 16, 2026
    risk 0.33cvss 5.0epss 0.00

    Microsoft Edge (Chromium-based) for Android Spoofing Vulnerability