Home
Bugtraq
Full List
Only Bugs
Only Tricks
Only Exploits
Only Dorks
Only CVE
Only CWE
Fake Notes
Ranking
CVEMAP
Full List
Show Vendors
Show Products
CWE Dictionary
Check CVE Id
Check CWE Id
Search
Bugtraq
CVEMAP
By author
CVE Id
CWE Id
By vendors
By products
RSS
Bugtraq
CVEMAP
CVE Products
Bugs
Exploits
Dorks
More
cIFrex
Facebook
Twitter
Donate
About
Submit
CWE
:
Topic
Date
Author
Med.
Barco wePresent Authentication Bypass
21.11.2020
Jim Becher
Med.
ABUS Secvest Hybrid Module FUMO50110 Authentication Bypass
01.08.2020
Matthias Deeg
High
Seagate GoFlex Satellite Remote Telnet Default Password
19.12.2015
Matt Bergin
High
Linksys EA6100 Wireless Router Authentication Bypass
05.12.2015
Matt Bergin
Med.
Password Safe And Repository Enterprise 7.4.4 Build 2247 SQL Injection
13.10.2015
Matthias Deeg
High
BullGuard Internet Security 15.0.297 Authentication Bypass
08.05.2015
Matthias Deeg
High
BullGuard Antivirus 15.0.297 Authentication Bypass
07.05.2015
Matthias Deeg
High
BullGuard Premium Protection 15.0.297 Authentication Bypass
07.05.2015
Matthias Deeg
High
InFocus IN3128HD Projector Missing Authentication
28.04.2015
CORE
High
Panda Internet Security 2015 15.0.1 Authentication Bypass
15.04.2015
Matthias Deeg
High
Panda Gold Protection 2015 15.1.0 Authentication Bypass
15.04.2015
Matthias Deeg
High
Panda Global Protection 2015 15.1.0 Authentication Bypass
15.04.2015
Matthias Deeg
High
Panda Antivirus Pro 2015 15.1.0 Authentication Bypass
15.04.2015
Matthias Deeg
Med.
Linksys Access Bypass
17.08.2013
K Lovett & M Claunch
CVEMAP Search Results
CVE
Details
Description
2024-10-22
CVE-2024-10002
Updating...
The Rover IDX plugin for WordPress is vulnerable to Authentication Bypass in versions up to, and including, 3.0.0.2905. This is due to insufficient validation and capability check on the 'rover_idx_refresh_social_callback' function. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to log in to administrator. The vulnerability is partially patched in version 3.0.0.2905 and fully patched in version 3.0.0.2906.
2024-10-20
CVE-2024-49328
Updating...
Authentication Bypass Using an Alternate Path or Channel vulnerability in Vivek Tamrakar WP REST API FNS allows Authentication Bypass.This issue affects WP REST API FNS: from n/a through 1.0.0.
CVE-2024-49604
Updating...
Authentication Bypass Using an Alternate Path or Channel vulnerability in Najeeb Ahmad Simple User Registration allows Authentication Bypass.This issue affects Simple User Registration: from n/a through 5.5.
2024-10-16
CVE-2024-9893
Updating...
The Nextend Social Login Pro plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 3.1.14. This is due to insufficient verification on the user being returned by the social login token. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the email and the user does not have an already-existing account for the service returning the token.
CVE-2024-49247
Updating...
: Authentication Bypass Using an Alternate Path or Channel vulnerability in sooskriszta, webforza BuddyPress Better Registration allows : Authentication Bypass.This issue affects BuddyPress Better Registration: from n/a through 1.6.
CVE-2024-9105
Updating...
The UltimateAI plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.8.3. This is due to insufficient verification on the user being supplied in the 'ultimate_ai_register_or_login_with_google' function. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the email.
2024-10-11
CVE-2024-9822
Updating...
The Pedalo Connector plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.0.5. This is due to insufficient restriction on the 'login_admin_user' function. This makes it possible for unauthenticated attackers to log to the first user, who is usually the administrator, or if it does not exist, then to the first administrator.
2024-10-10
CVE-2024-9522
Updating...
The WP Users Masquerade plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.0.0. This is due to incorrect authentication and capability checking in the 'ajax_masq_login' function. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to log in as any existing user on the site, such as an administrator.
2024-10-08
CVE-2024-46887
Updating...
The web server of affected devices do not properly authenticate user request to the '/ClientArea/RuntimeInfoData.mwsl' endpoint. This could allow an unauthenticated remote attacker to gain knowledge about current actual and configured maximum cycle times as well as about configured maximum communication load.
CVE-2024-8943
Updating...
The LatePoint plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 5.0.12. This is due to insufficient verification on the user being supplied during the booking customer step. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the user id. Note that logging in as a WordPress user is only possible if the "Use WordPress users as customers" setting is enabled, which is disabled by default. The vulnerability is partially patched in version 5.0.12 and fully patched in version 5.0.13.
Copyright
2024
, cxsecurity.com
Back to Top
