CWE-288
Authentication Bypass Using an Alternate Path or Channel
The product requires authentication, but the product has an alternate path or channel that does not require authentication.
569 vulnerabilities with CWE-288
CVE-2024-50486
CRITICAL
Acnoo Flutter API <= 1.0.5 - Authentication Bypass
CVSS 9.8
CVE-2024-50477
CRITICAL
Stacks Mobile App Builder <= 5.2.3 - Authentication Bypass
CVSS 9.8
CVE-2024-10438
HIGH
eHRD CTMS < 10.14 - Unauthenticated Authentication Bypass
CVSS 7.5
CVE-2024-9501
CRITICAL
Wp Social Login and Register Social Counter <3.0.7 - Auth Bypass
CVSS 9.8
CVE-2024-9933
CRITICAL
WatchTowerHQ <= 3.10.1 - Unauthenticated Authentication Bypass via Empty OTA Token
CVSS 9.8
CVE-2024-9931
CRITICAL
Wux Blog Editor <3.0.0 - Auth Bypass
CVSS 9.8
CVE-2024-9930
CRITICAL
HocWP Team WordPress <0.2.3.2 - Auth Bypass
CVSS 9.8
CVE-2024-9890
HIGH
WordPress User Toolkit <1.2.3 - Auth Bypass
CVSS 8.8
CVE-2024-10381
CRITICAL
Matrix Door Controller Cosec Vega FAXQ - RCE
CVSS 9.8
CVE-2024-47406
CRITICAL
Sharp and Toshiba Tec MFPs - Auth Bypass
CVSS 9.1
CVE-2024-9488
CRITICAL
Comments - wpDiscuz <= 7.6.24 - Unauthenticated Authentication Bypass via Social Login Token
CVSS 9.8
CVE-2024-49675
HIGH
iBryl Switch User <1.0.1 - Auth Bypass
CVSS 8.8
CVE-2024-10002
HIGH
Rover IDX <3.0.0.2906 - Auth Bypass
CVSS 8.8
CVE-2024-49604
CRITICAL
Najeeb Ahmad Simple User Registration <5.5 - Auth Bypass
CVSS 9.8
CVE-2024-49328
CRITICAL
WP REST API FNS <= 1.0.0 - Authentication Bypass
CVSS 9.8
CVE-2024-9861
HIGH
Miniorange OTP Verification with Firebase <= 3.6.0 - Unauthenticated Authentication Bypass via OTP Login Token
CVSS 8.1
CVE-2024-9893
CRITICAL
Nextend Social Login Pro <3.1.14 - Auth Bypass
CVSS 9.8
CVE-2024-49247
CRITICAL
BuddyPress Better Registration <= 1.6 - Authentication Bypass
CVSS 9.8
CVE-2024-9105
CRITICAL
UltimateAI plugin <2.8.3 - Auth Bypass
CVSS 9.8
CVE-2024-9822
CRITICAL
Pedalo Connector <= 2.0.5 - Unauthenticated Authentication Bypass via login_admin_user Function
CVSS 9.8
CVE-2024-9522
HIGH
WP Users Masquerade <= 2.0.0 - Authenticated Authentication Bypass via ajax_masq_login Function
CVSS 8.8
CVE-2024-47010
HIGH
Ivanti Avalanche <6.4.5 - Path Traversal
CVSS 7.3
CVE-2024-47009
HIGH
Ivanti Avalanche <6.4.5 - Path Traversal
CVSS 7.3
CVE-2024-8943
CRITICAL
LatePoint Plugin <= 5.0.12 - Unauthenticated Authentication Bypass via User ID
CVSS 9.8
CVE-2024-46887
MEDIUM
SIMATIC Drive Controller and ET 200SP CPU < V3.1.4 - Unauthenticated Information Disclosure via RuntimeInfoData Endpoint
CVSS 5.3
Details
Vulnerabilities
569