CWE:
 

Topic
Date
Author
Med.
Barco wePresent Authentication Bypass
21.11.2020
Jim Becher
Med.
ABUS Secvest Hybrid Module FUMO50110 Authentication Bypass
01.08.2020
Matthias Deeg
High
Seagate GoFlex Satellite Remote Telnet Default Password
19.12.2015
Matt Bergin
High
Linksys EA6100 Wireless Router Authentication Bypass
05.12.2015
Matt Bergin
Med.
Password Safe And Repository Enterprise 7.4.4 Build 2247 SQL Injection
13.10.2015
Matthias Deeg
High
BullGuard Internet Security 15.0.297 Authentication Bypass
08.05.2015
Matthias Deeg
High
BullGuard Antivirus 15.0.297 Authentication Bypass
07.05.2015
Matthias Deeg
High
BullGuard Premium Protection 15.0.297 Authentication Bypass
07.05.2015
Matthias Deeg
High
InFocus IN3128HD Projector Missing Authentication
28.04.2015
CORE
High
Panda Internet Security 2015 15.0.1 Authentication Bypass
15.04.2015
Matthias Deeg
High
Panda Gold Protection 2015 15.1.0 Authentication Bypass
15.04.2015
Matthias Deeg
High
Panda Global Protection 2015 15.1.0 Authentication Bypass
15.04.2015
Matthias Deeg
High
Panda Antivirus Pro 2015 15.1.0 Authentication Bypass
15.04.2015
Matthias Deeg
Med.
Linksys Access Bypass
17.08.2013
K Lovett & M Claunch


CVEMAP Search Results

CVE
Details
Description
2024-10-22
Waiting for details
CVE-2024-10002

Updating...
 

 
The Rover IDX plugin for WordPress is vulnerable to Authentication Bypass in versions up to, and including, 3.0.0.2905. This is due to insufficient validation and capability check on the 'rover_idx_refresh_social_callback' function. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to log in to administrator. The vulnerability is partially patched in version 3.0.0.2905 and fully patched in version 3.0.0.2906.

 
2024-10-20
Waiting for details
CVE-2024-49328

Updating...
 

 
Authentication Bypass Using an Alternate Path or Channel vulnerability in Vivek Tamrakar WP REST API FNS allows Authentication Bypass.This issue affects WP REST API FNS: from n/a through 1.0.0.

 
Waiting for details
CVE-2024-49604

Updating...
 

 
Authentication Bypass Using an Alternate Path or Channel vulnerability in Najeeb Ahmad Simple User Registration allows Authentication Bypass.This issue affects Simple User Registration: from n/a through 5.5.

 
2024-10-16
Waiting for details
CVE-2024-9893

Updating...
 

 
The Nextend Social Login Pro plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 3.1.14. This is due to insufficient verification on the user being returned by the social login token. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the email and the user does not have an already-existing account for the service returning the token.

 
Waiting for details
CVE-2024-49247

Updating...
 

 
: Authentication Bypass Using an Alternate Path or Channel vulnerability in sooskriszta, webforza BuddyPress Better Registration allows : Authentication Bypass.This issue affects BuddyPress Better Registration: from n/a through 1.6.

 
Waiting for details
CVE-2024-9105

Updating...
 

 
The UltimateAI plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.8.3. This is due to insufficient verification on the user being supplied in the 'ultimate_ai_register_or_login_with_google' function. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the email.

 
2024-10-11
Waiting for details
CVE-2024-9822

Updating...
 

 
The Pedalo Connector plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.0.5. This is due to insufficient restriction on the 'login_admin_user' function. This makes it possible for unauthenticated attackers to log to the first user, who is usually the administrator, or if it does not exist, then to the first administrator.

 
2024-10-10
Waiting for details
CVE-2024-9522

Updating...
 

 
The WP Users Masquerade plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.0.0. This is due to incorrect authentication and capability checking in the 'ajax_masq_login' function. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to log in as any existing user on the site, such as an administrator.

 
2024-10-08
Waiting for details
CVE-2024-46887

Updating...
 

 
The web server of affected devices do not properly authenticate user request to the '/ClientArea/RuntimeInfoData.mwsl' endpoint. This could allow an unauthenticated remote attacker to gain knowledge about current actual and configured maximum cycle times as well as about configured maximum communication load.

 
Waiting for details
CVE-2024-8943

Updating...
 

 
The LatePoint plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 5.0.12. This is due to insufficient verification on the user being supplied during the booking customer step. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the user id. Note that logging in as a WordPress user is only possible if the "Use WordPress users as customers" setting is enabled, which is disabled by default. The vulnerability is partially patched in version 5.0.12 and fully patched in version 5.0.13.

 

 


Copyright 2024, cxsecurity.com

 

Back to Top