CWE-288

Authentication Bypass Using an Alternate Path or Channel

Parent: CWE-306 - Missing Authentication for Critical Function

The product requires authentication, but the product has an alternate path or channel that does not require authentication.

569 vulnerabilities with CWE-288
CVE-2024-54294 CRITICAL
appgenixinfotech Firebase OTP Auth <1.0.1 - Auth Bypass
CVSS 9.8
CVE-2024-11639 CRITICAL
Ivanti Cloud Services Appliance < 5.0.3 - Unauthenticated Authentication Bypass in Admin Web Console
CVSS 10.0
CVE-2024-52586 MEDIUM
elabftw 4.6.0-5.1.8 - Multifactor Authentication Bypass via Local Authentication
CVSS 5.4
CVE-2024-11178 HIGH
Login With OTP plugin <1.4.2 - Auth Bypass
CVSS 8.1
CVE-2024-25036 MEDIUM
IBM Cognos Controller <11.0.1 - Auth Bypass
CVSS 4.3
CVE-2024-10490 HIGH
B&R mapp Services <6.0 - Auth Bypass
CVE-2024-11981 HIGH
Billion Electric Router - Auth Bypass
CVSS 7.5
CVE-2024-52475 CRITICAL
Wawp < 3.0.18 - Authentication Bypass
CVSS 9.8
CVE-2024-11925 CRITICAL
JobSearch WP Job Board <2.6.7 - Privilege Escalation
CVSS 9.8
CVE-2024-33610 CRITICAL
Unauthenticated Access - Info Disclosure
CVSS 9.1
CVE-2024-10961 CRITICAL
Social Login < 5.9.0 - Unauthenticated Authentication Bypass via Social Login Token
CVSS 9.8
CVE-2024-10311 HIGH
WordPress External Database Based Actions <0.1 - Auth Bypass
CVSS 7.5
CVE-2024-10924 CRITICAL
WordPress Really Simple SSL Plugin Authentication Bypass to RCE
CVSS 9.8
CVE-2024-47574 HIGH
Fortinet FortiClientWindows <7.4.0 - Privilege Escalation
CVSS 7.8
CVE-2024-11028 CRITICAL
MultiManager WP < 1.0.5 - Unauthenticated Authentication Bypass via User Impersonation Feature
CVSS 9.8
CVE-2024-10245 CRITICAL
Relais 2FA plugin <1.0 - Auth Bypass
CVSS 9.8
CVE-2024-10284 CRITICAL
CE21 Suite plugin <2.2.0 - Auth Bypass
CVSS 9.8
CVE-2024-10081 CRITICAL
CodeChecker <= 6.24.1 - Authentication Bypass via API URL Ending with Authentication
CVSS 10.0
CVE-2024-50503 CRITICAL
Deryck Oñate User Toolkit <1.2.3 - Auth Bypass
CVSS 9.8
CVE-2024-9989 CRITICAL
WordPress Crypto <2.15 - Auth Bypass
CVSS 9.8
CVE-2024-9988 CRITICAL
WordPress Crypto <2.15 - Auth Bypass
CVSS 9.8
CVE-2024-50334 MEDIUM
Scoold < 1.64.0 - Unauthenticated Authentication Bypass and File Read via Semicolon Path Injection
CVSS 5.3
CVE-2024-50488 HIGH
Token Login <= 1.0.3 - Authentication Bypass
CVSS 8.8
CVE-2024-50489 CRITICAL
Realty Workstation <= 1.0.45 - Authentication Bypass
CVSS 9.8
CVE-2024-50487 CRITICAL
MaanStore API <= 1.0.1 - Authentication Bypass
CVSS 9.8
Details
Vulnerabilities 569
Links
MITRE CWE Entry Search this CWE With Exploits