CWE-288

Authentication Bypass Using an Alternate Path or Channel

Parent: CWE-306 - Missing Authentication for Critical Function

The product requires authentication, but the product has an alternate path or channel that does not require authentication.

569 vulnerabilities with CWE-288

CVE-2024-9289 CRITICAL

WordPress WooCommerce Affiliate Program <= 8.4.1 - Authentication Bypass

CVSS 9.8

CVE-2024-9106 CRITICAL

Wechat Social login plugin <1.3.0 - Auth Bypass

CVSS 9.8

CVE-2024-7781 HIGH

Jupiter X Core < 4.7.8 - Unauthenticated Authentication Bypass via Social Login Widget

CVSS 8.1

CVE-2024-43692 CRITICAL

ProGauge MAGLINK LX CONSOLE - Privilege Escalation

CVSS 9.8

CVE-2024-8277 CRITICAL

WooCommerce Photo Reviews Premium <1.3.13.2 - Auth Bypass

CVSS 9.8

CVE-2024-8012 HIGH

Ivanti Workspace Control <2025.2 - Privilege Escalation

CVSS 7.8

CVE-2024-41173 HIGH

Beckhoff IPC-Diagnostics Package < 2.0.0.1 and TwinCAT/BSD < 14.1.2.0 - Local Authentication Bypass

CVSS 7.8

CVE-2024-7125 HIGH

Hitachi Ops Center Common Services 10.9.3-00-11.0.2-01 - Authentication Bypass

CVSS 7.8

CVE-2024-35151 MEDIUM

IBM OpenPages with Watson 8.3 and 9.0 - Authenticated Sensitive Information Exposure via API Authorization Bypass

CVSS 6.5

CVE-2024-35214 HIGH

CylanceOPTICS <3.3 - Privilege Escalation

CVE-2024-7628 HIGH

MStore API < 4.15.2 - Unauthenticated Authentication Bypass via Loose Comparison in verify_id_token

CVSS 8.1

CVE-2024-35124 HIGH

IBM OpenBMC fw1020.00-fw1020.60 - Unauthenticated Administrative Access via Default Password

CVSS 7.5

CVE-2024-7503 CRITICAL

WooCommerce - Social Login <= 2.7.5 - Unauthenticated Authentication Bypass via Loose Activation Code Comparison

CVSS 9.8

CVE-2024-6684 CRITICAL

GST Electronics inohom Nova Panel N7 <1.9.9.6 - Auth Bypass

CVE-2024-7350 CRITICAL

BookingPress 1.1.6-1.1.7 - Unauthenticated Authentication Bypass via Auto-Login

CVSS 9.8

CVE-2024-7314 CRITICAL

anji-plus report < 1.4.1 - Unauthenticated Authentication Bypass via Swagger UI Path

CVSS 9.8

CVE-2024-7007 CRITICAL

Positron TRA7005 Firmware v1.20 - Unauthenticated Authentication Bypass

CVSS 9.8

CVE-2024-7027 HIGH

WooCommerce - PDF Vouchers <4.9.3 - Auth Bypass

CVSS 7.3

CVE-2024-38437 CRITICAL

D-Link DSL-225 Firmware - Authentication Bypass via Alternate Path

CVSS 9.8

CVE-2024-6635 HIGH

WooCommerce - Social Login <2.7.3 - Auth Bypass

CVSS 7.3

CVE-2024-5620 MEDIUM

PruvaSoft Informatics Apinizer Management Console <2024.05.1 - Auth...

CVSS 6.5

CVE-2024-6328 CRITICAL

MStore API < 4.14.7 - Unauthenticated Authentication Bypass via Phone Parameter

CVSS 9.8

CVE-2024-6397 CRITICAL

InstaWP Connect <0.1.0.44 - Auth Bypass

CVSS 9.8

CVE-2024-39309 CRITICAL

Parse Server < 6.5.7 and 7.0.0-7.1.0 - SQL Injection via PostgreSQL Configuration

CVSS 9.8

CVE-2024-5322 CRITICAL

n-able n-central < 2024.3 - Authentication Bypass via Entra SSO Session Rebinding

CVSS 9.1

Details

Vulnerabilities 569

Links