Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2025-62064

Summary
Assigner-Patchstack
Assigner Org ID-21595511-bba5-4825-b968-b78d1f9984a3
Published At-06 Nov, 2025 | 15:55
Updated At-20 Jan, 2026 | 14:28
Rejected At-
Credits

WordPress Search & Go theme <= 2.7 - Broken Authentication vulnerability

Authentication Bypass Using an Alternate Path or Channel vulnerability in Elated-Themes Search & Go search-and-go allows Password Recovery Exploitation.This issue affects Search & Go: from n/a through <= 2.7.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:Patchstack
Assigner Org ID:21595511-bba5-4825-b968-b78d1f9984a3
Published At:06 Nov, 2025 | 15:55
Updated At:20 Jan, 2026 | 14:28
Rejected At:
â–¼CVE Numbering Authority (CNA)
WordPress Search & Go theme <= 2.7 - Broken Authentication vulnerability

Authentication Bypass Using an Alternate Path or Channel vulnerability in Elated-Themes Search & Go search-and-go allows Password Recovery Exploitation.This issue affects Search & Go: from n/a through <= 2.7.

Affected Products
Vendor
Elated-Themes
Product
Search & Go
Collection URL
https://wordpress.org/plugins
Package Name
search-and-go
Default Status
unaffected
Versions
Affected
  • From n/a through <= 2.7 (custom)
    • -> unaffectedfrom2.8
Problem Types
TypeCWE IDDescription
CWECWE-288Authentication Bypass Using an Alternate Path or Channel
Type: CWE
CWE ID: CWE-288
Description: Authentication Bypass Using an Alternate Path or Channel
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
CAPEC-50Password Recovery Exploitation
CAPEC ID: CAPEC-50
Description: Password Recovery Exploitation
Solutions
Configurations
Workarounds
Exploits
Credits
finder
Tran Nguyen Bao Khanh (VCI - VNPT Cyber Immunity) | Patchstack Bug Bounty Program
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://patchstack.com/database/Wordpress/Theme/search-and-go/vulnerability/wordpress-search-go-theme-2-7-broken-authentication-vulnerability?_s_id=cve
vdb-entry
Hyperlink: https://patchstack.com/database/Wordpress/Theme/search-and-go/vulnerability/wordpress-search-go-theme-2-7-broken-authentication-vulnerability?_s_id=cve
Resource:
vdb-entry
â–¼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
3.19.8CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Version: 3.1
Base score: 9.8
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:audit@patchstack.com
Published At:06 Nov, 2025 | 16:16
Updated At:20 Jan, 2026 | 15:17

Authentication Bypass Using an Alternate Path or Channel vulnerability in Elated-Themes Search & Go search-and-go allows Password Recovery Exploitation.This issue affects Search & Go: from n/a through <= 2.7.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.19.8CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 9.8
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-288Secondaryaudit@patchstack.com
CWE ID: CWE-288
Type: Secondary
Source: audit@patchstack.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://patchstack.com/database/Wordpress/Theme/search-and-go/vulnerability/wordpress-search-go-theme-2-7-broken-authentication-vulnerability?_s_id=cveaudit@patchstack.com
N/A
Hyperlink: https://patchstack.com/database/Wordpress/Theme/search-and-go/vulnerability/wordpress-search-go-theme-2-7-broken-authentication-vulnerability?_s_id=cve
Source: audit@patchstack.com
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

171Records found
CVE-2025-1671
Matching Score-10
Assigner-Wordfence
ShareView Details
Matching Score-10
Assigner-Wordfence
CVSS Score-9.8||CRITICAL
EPSS-0.48% / 64.61%
||
7 Day CHG~0.00%
Published-01 Mar, 2025 | 07:24
Updated-03 Mar, 2025 | 20:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Academist Membership <= 1.1.6 - Authentication Bypass via Account Takeover

The Academist Membership plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.1.6. This is due to the academist_membership_check_facebook_user() function not properly verifying a user's identity prior to authenticating them. This makes it possible for unauthenticated attackers to log in as any user, including site administrators.

Action-Not Available
Vendor-Elated-Themes
Product-Academist Membership
CWE ID-CWE-288
Authentication Bypass Using an Alternate Path or Channel
CVE-2025-11522
Matching Score-10
Assigner-Wordfence
ShareView Details
Matching Score-10
Assigner-Wordfence
CVSS Score-9.8||CRITICAL
EPSS-0.38% / 58.61%
||
7 Day CHG~0.00%
Published-09 Oct, 2025 | 07:23
Updated-09 Oct, 2025 | 15:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Search & Go - Directory WordPress Theme <= 2.7 - Authentication Bypass to Privilege Escalation via Account Takeover

The Search & Go - Directory WordPress Theme theme for WordPress is vulnerable to Authentication Bypass via account takeover in all versions up to, and including, 2.7. This is due to insufficient user validation in the search_and_go_elated_check_facebook_user() function This makes it possible for unauthenticated attackers to gain access to other user's accounts, including administrators, when Facebook login is enabled.

Action-Not Available
Vendor-Elated-Themes
Product-Search & Go - Directory WordPress Theme
CWE ID-CWE-288
Authentication Bypass Using an Alternate Path or Channel
CVE-2025-67920
Matching Score-8
Assigner-Patchstack
ShareView Details
Matching Score-8
Assigner-Patchstack
CVSS Score-9.8||CRITICAL
EPSS-0.17% / 37.46%
||
7 Day CHG~0.00%
Published-08 Jan, 2026 | 09:17
Updated-20 Jan, 2026 | 15:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Neo Ocular theme < 1.2 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Elated-Themes Neo Ocular neoocular allows PHP Local File Inclusion.This issue affects Neo Ocular: from n/a through < 1.2.

Action-Not Available
Vendor-Elated-Themes
Product-Neo Ocular
CWE ID-CWE-98
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
CVE-2025-10484
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-9.8||CRITICAL
EPSS-0.42% / 61.55%
||
7 Day CHG+0.13%
Published-17 Jan, 2026 | 08:24
Updated-26 Jan, 2026 | 15:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Registration & Login with Mobile Phone Number for WooCommerce <= 1.3.1 - Authentication Bypass

The Registration & Login with Mobile Phone Number for WooCommerce plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 1.3.1. This is due to the plugin not properly verifying a users identity prior to authenticating them via the fma_lwp_set_session_php_fun() function. This makes it possible for unauthenticated attackers to authenticate as any user on the site, including administrators, without a valid password.

Action-Not Available
Vendor-FmeAddons
Product-Registration & Login with Mobile Phone Number for WooCommerce
CWE ID-CWE-288
Authentication Bypass Using an Alternate Path or Channel
CVE-2024-9931
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-9.8||CRITICAL
EPSS-0.09% / 24.77%
||
7 Day CHG~0.00%
Published-26 Oct, 2024 | 01:58
Updated-28 Oct, 2024 | 19:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Wux Blog Editor <= 3.0.0 - Authentication Bypass to Administrator

The Wux Blog Editor plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.0.0. This is due to missing validation on the token being supplied during the autologin through the plugin. This makes it possible for unauthenticated attackers to log in to the first administrator user.

Action-Not Available
Vendor-jurredeklijnjurre_de_klijn
Product-Wux Blog Editorwux_blog_editor
CWE ID-CWE-288
Authentication Bypass Using an Alternate Path or Channel
CVE-2024-9930
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-9.8||CRITICAL
EPSS-0.16% / 36.79%
||
7 Day CHG~0.00%
Published-26 Oct, 2024 | 01:58
Updated-28 Oct, 2024 | 19:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Extensions by HocWP Team <= 0.2.3.2 - Authentication Bypass

The Extensions by HocWP Team plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 0.2.3.2. This is due to missing validation on the user being supplied in the 'verify_email' action. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator. The vulnerability is in the Account extension.

Action-Not Available
Vendor-skylarkcobhocwp
Product-Extensions by HocWP Teamextensions
CWE ID-CWE-288
Authentication Bypass Using an Alternate Path or Channel
CVE-2024-9822
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-9.8||CRITICAL
EPSS-11.31% / 93.37%
||
7 Day CHG~0.00%
Published-11 Oct, 2024 | 02:32
Updated-15 Nov, 2024 | 16:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Pedalo Connector <= 2.0.5 - Authentication Bypass to Administrator

The Pedalo Connector plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.0.5. This is due to insufficient restriction on the 'login_admin_user' function. This makes it possible for unauthenticated attackers to log to the first user, who is usually the administrator, or if it does not exist, then to the first administrator.

Action-Not Available
Vendor-pedalopedaloagencypedalo
Product-pedalo_connectorPedalo Connectorpedalo_connector
CWE ID-CWE-288
Authentication Bypass Using an Alternate Path or Channel
CVE-2025-0364
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-9.8||CRITICAL
EPSS-25.63% / 96.11%
||
7 Day CHG~0.00%
Published-04 Feb, 2025 | 17:51
Updated-19 Nov, 2025 | 20:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
BigAntSoft BigAnt Server Account Registration Bypass to File Upload RCE

BigAntSoft BigAnt Server, up to and including version 5.6.06, is vulnerable to unauthenticated remote code execution via account registration. An unauthenticated remote attacker can create an administrative user through the default exposed SaaS registration mechanism. Once an administrator, the attacker can upload and execute arbitrary PHP code using the "Cloud Storage Addin," leading to unauthenticated code execution.

Action-Not Available
Vendor-bigantsoftBigAntSoft
Product-bigant_serverBigAnt Server
CWE ID-CWE-288
Authentication Bypass Using an Alternate Path or Channel
CVE-2024-9893
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-9.8||CRITICAL
EPSS-0.54% / 67.03%
||
7 Day CHG~0.00%
Published-16 Oct, 2024 | 13:56
Updated-19 Feb, 2025 | 17:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Nextend Social Login Pro <= 3.1.14 - Authentication Bypass via WordPress.com OAuth provider

The Nextend Social Login Pro plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 3.1.14. This is due to insufficient verification on the user being returned by the social login token. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the email and the user does not have an already-existing account for the service returning the token.

Action-Not Available
Vendor-nextendwebnextendweb
Product-Nextend Social Login Pronextend_social_login_pro
CWE ID-CWE-288
Authentication Bypass Using an Alternate Path or Channel
CVE-2024-7503
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-9.8||CRITICAL
EPSS-1.32% / 79.58%
||
7 Day CHG~0.00%
Published-10 Aug, 2024 | 02:01
Updated-07 Feb, 2025 | 16:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WooCommerce - Social Login <= 2.7.5 - Authentication Bypass to Account Takeover

The WooCommerce - Social Login plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.7.5. This is due to the use of loose comparison of the activation code in the 'woo_slg_confirm_email_user' function. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the userID. This requires the email module to be enabled.

Action-Not Available
Vendor-WPWeb Elite
Product-woocommerce_social_loginWooCommerce - Social Loginwoocommerce_social_login
CWE ID-CWE-288
Authentication Bypass Using an Alternate Path or Channel
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2024-8277
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-9.8||CRITICAL
EPSS-52.14% / 97.84%
||
7 Day CHG~0.00%
Published-11 Sep, 2024 | 08:31
Updated-26 Sep, 2024 | 14:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WooCommerce Photo Reviews Premium <= 1.3.13.2 - Authentication Bypass to Account Takeover and Privilege Escalation

The WooCommerce Photo Reviews Premium plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 1.3.13.2. This is due to the plugin not properly validating what user transient is being used in the login() function and not properly verifying the user's identity. This makes it possible for unauthenticated attackers to log in as user that has dismissed an admin notice in the past 30 days, which is often an administrator. Alternatively, a user can log in as any user with any transient that has a valid user_id as the value, though it would be more difficult to exploit this successfully.

Action-Not Available
Vendor-VillaTheme
Product-woocommerce_photo_reviewsWooCommerce Photo Reviews Premium
CWE ID-CWE-288
Authentication Bypass Using an Alternate Path or Channel
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2024-7314
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-9.8||CRITICAL
EPSS-70.10% / 98.63%
||
7 Day CHG~0.00%
Published-02 Aug, 2024 | 16:33
Updated-22 Nov, 2025 | 12:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
anji-plus AJ-Report Authentication Bypass

anji-plus AJ-Report is affected by an authentication bypass vulnerability. A remote and unauthenticated attacker can append ";swagger-ui" to HTTP requests to bypass authentication and execute arbitrary Java on the victim server. Exploitation evidence was observed by the Shadowserver Foundation on 2025-02-05 UTC.

Action-Not Available
Vendor-anji-plusanji-plusanji-plus
Product-reportAJ-Reportreport
CWE ID-CWE-288
Authentication Bypass Using an Alternate Path or Channel
CVE-2023-42793
Matching Score-4
Assigner-JetBrains s.r.o.
ShareView Details
Matching Score-4
Assigner-JetBrains s.r.o.
CVSS Score-9.8||CRITICAL
EPSS-92.91% / 99.77%
||
7 Day CHG~0.00%
Published-19 Sep, 2023 | 16:57
Updated-24 Oct, 2025 | 20:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2023-10-25||Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

In JetBrains TeamCity before 2023.05.4 authentication bypass leading to RCE on TeamCity Server was possible

Action-Not Available
Vendor-JetBrains s.r.o.
Product-teamcityTeamCityTeamCity
CWE ID-CWE-288
Authentication Bypass Using an Alternate Path or Channel
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2023-42770
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-10||CRITICAL
EPSS-0.14% / 34.34%
||
7 Day CHG~0.00%
Published-21 Nov, 2023 | 00:14
Updated-11 Jun, 2025 | 14:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Red Lion Controls Sixnet RTU Authentication Bypass Using An Alternative Path Or Channel

Red Lion SixTRAK and VersaTRAK Series RTUs with authenticated users enabled (UDR-A) any Sixnet UDR message will meet an authentication challenge over UDP/IP. When the same message is received over TCP/IP the RTU will simply accept the message with no authentication challenge.

Action-Not Available
Vendor-redlioncontrolsRed Lion Controls
Product-vt-ipm2m-113-d_firmwarevt-mipm-245-d_firmwarevt-ipm2m-213-dvt-mipm-135-d_firmwarevt-mipm-135-dst-ipm-6350st-ipm-6350_firmwarest-ipm-8460_firmwarevt-mipm-245-dvt-ipm2m-213-d_firmwarest-ipm-8460vt-ipm2m-113-dVT-mIPm-135-DVT-IPm2m-213-DST-IPm-8460ST-IPm-6350VT-IPm2m-113-DVT-mIPm-245-D
CWE ID-CWE-288
Authentication Bypass Using an Alternate Path or Channel
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2024-55591
Matching Score-4
Assigner-Fortinet, Inc.
ShareView Details
Matching Score-4
Assigner-Fortinet, Inc.
CVSS Score-9.6||CRITICAL
EPSS-94.16% / 99.91%
||
7 Day CHG~0.00%
Published-14 Jan, 2025 | 14:08
Updated-24 Oct, 2025 | 12:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2025-01-21||Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] affecting FortiOS version 7.0.0 through 7.0.16 and FortiProxy version 7.0.0 through 7.0.19 and 7.2.0 through 7.2.12 allows a remote attacker to gain super-admin privileges via crafted requests to Node.js websocket module.

Action-Not Available
Vendor-Fortinet, Inc.
Product-fortiproxyfortiosFortiOSFortiProxyFortiOS and FortiProxy
CWE ID-CWE-288
Authentication Bypass Using an Alternate Path or Channel
CVE-2023-41351
Matching Score-4
Assigner-TWCERT/CC
ShareView Details
Matching Score-4
Assigner-TWCERT/CC
CVSS Score-9.8||CRITICAL
EPSS-0.09% / 24.75%
||
7 Day CHG~0.00%
Published-03 Nov, 2023 | 05:41
Updated-04 Sep, 2024 | 20:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Chunghwa Telecom NOKIA G-040W-Q - Broken Access Control

Chunghwa Telecom NOKIA G-040W-Q has a vulnerability of authentication bypass, which allows an unauthenticated remote attacker to bypass the authentication mechanism to log in to the device by an alternative URL. This makes it possible for unauthenticated remote attackers to log in as any existing users, such as an administrator, to perform arbitrary system operations or disrupt service.

Action-Not Available
Vendor-Chunghwa TelecomNokia Corporation
Product-g-040w-qg-040w-q_firmwareNOKIA G-040W-Qg-040w-q_firmware
CWE ID-CWE-288
Authentication Bypass Using an Alternate Path or Channel
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2023-39930
Matching Score-4
Assigner-Ping Identity Corporation
ShareView Details
Matching Score-4
Assigner-Ping Identity Corporation
CVSS Score-7.5||HIGH
EPSS-0.04% / 13.08%
||
7 Day CHG~0.00%
Published-24 Oct, 2023 | 20:54
Updated-17 Sep, 2024 | 14:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PingFederate PingID Radius PCV Authentication Bypass

A first-factor authentication bypass vulnerability exists in the PingFederate with PingID Radius PCV when a MSCHAP authentication request is sent via a maliciously crafted RADIUS client request.

Action-Not Available
Vendor-Ping Identity Corp.
Product-pingid_radius_pcvPingID Radius PCV
CWE ID-CWE-288
Authentication Bypass Using an Alternate Path or Channel
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2024-54296
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.8||CRITICAL
EPSS-0.29% / 51.94%
||
7 Day CHG~0.00%
Published-13 Dec, 2024 | 14:25
Updated-13 Dec, 2024 | 15:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress CoSchool LMS plugin <= 1.2 - Account Takeover vulnerability

Authentication Bypass Using an Alternate Path or Channel vulnerability in Codexpert, Inc CoSchool LMS allows Authentication Bypass.This issue affects CoSchool LMS: from n/a through 1.2.

Action-Not Available
Vendor-Codexpert, Inc
Product-CoSchool LMS
CWE ID-CWE-288
Authentication Bypass Using an Alternate Path or Channel
CVE-2026-24858
Matching Score-4
Assigner-Fortinet, Inc.
ShareView Details
Matching Score-4
Assigner-Fortinet, Inc.
CVSS Score-9.4||CRITICAL
EPSS-3.21% / 86.72%
||
7 Day CHG-0.20%
Published-27 Jan, 2026 | 19:18
Updated-17 Feb, 2026 | 16:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2026-01-30||Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.5, FortiAnalyzer 7.4.0 through 7.4.9, FortiAnalyzer 7.2.0 through 7.2.11, FortiAnalyzer 7.0.0 through 7.0.15, FortiManager 7.6.0 through 7.6.5, FortiManager 7.4.0 through 7.4.9, FortiManager 7.2.0 through 7.2.11, FortiManager 7.0.0 through 7.0.15, FortiOS 7.6.0 through 7.6.5, FortiOS 7.4.0 through 7.4.10, FortiOS 7.2.0 through 7.2.12, FortiOS 7.0.0 through 7.0.18, FortiProxy 7.6.0 through 7.6.4, FortiProxy 7.4.0 through 7.4.12, FortiProxy 7.2.0 through 7.2.15, FortiProxy 7.0.0 through 7.0.22, FortiWeb 8.0.0 through 8.0.3, FortiWeb 7.6.0 through 7.6.6, FortiWeb 7.4.0 through 7.4.11 may allow an attacker with a FortiCloud account and a registered device to log into other devices registered to other accounts, if FortiCloud SSO authentication is enabled on those devices.

Action-Not Available
Vendor-Fortinet, Inc.
Product-fortiproxyfortiwebfortimanagerfortianalyzerfortiosFortiProxyFortiOSFortiWebFortiAnalyzerFortiManagerMultiple Products
CWE ID-CWE-288
Authentication Bypass Using an Alternate Path or Channel
CVE-2026-23760
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-9.3||CRITICAL
EPSS-55.75% / 98.02%
||
7 Day CHG+0.23%
Published-22 Jan, 2026 | 14:35
Updated-27 Jan, 2026 | 16:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2026-02-16||Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
SmarterTools SmarterMail < Build 9511 Authentication Bypass via Password Reset API

SmarterTools SmarterMail versions prior to build 9511 contain an authentication bypass vulnerability in the password reset API. The force-reset-password endpoint permits anonymous requests and fails to verify the existing password or a reset token when resetting system administrator accounts. An unauthenticated attacker can supply a target administrator username and a new password to reset the account, resulting in full administrative compromise of the SmarterMail instance. NOTE: SmarterMail system administrator privileges grant the ability to execute operating system commands via built-in management functionality, effectively providing administrative (SYSTEM or root) access on the underlying host.

Action-Not Available
Vendor-smartertoolsSmarterToolsSmarterTools
Product-smartermailSmarterMailSmarterMail
CWE ID-CWE-288
Authentication Bypass Using an Alternate Path or Channel
CVE-2023-37057
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-3.88% / 87.97%
||
7 Day CHG-3.35%
Published-17 Jun, 2024 | 00:00
Updated-14 Mar, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue in JLINK Unionman Technology Co. Ltd Jlink AX1800 v.1.0 allows a remote attacker to execute arbitrary code via the router's authentication mechanism.

Action-Not Available
Vendor-n/ajlink
Product-n/aax1800
CWE ID-CWE-288
Authentication Bypass Using an Alternate Path or Channel
CVE-2026-2095
Matching Score-4
Assigner-TWCERT/CC
ShareView Details
Matching Score-4
Assigner-TWCERT/CC
CVSS Score-9.3||CRITICAL
EPSS-0.48% / 64.46%
||
7 Day CHG+0.31%
Published-10 Feb, 2026 | 06:53
Updated-13 Feb, 2026 | 20:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Flowring|Agentflow - Authentication Bypass

Agentflow developed by Flowring has an Authentication Bypass vulnerability, allowing unauthenticated remote attackers to exploit a specific functionality to obtain arbitrary user authentication token and log into the system as any user.

Action-Not Available
Vendor-flowringFlowring
Product-agentflowAgentflow
CWE ID-CWE-288
Authentication Bypass Using an Alternate Path or Channel
CVE-2026-2096
Matching Score-4
Assigner-TWCERT/CC
ShareView Details
Matching Score-4
Assigner-TWCERT/CC
CVSS Score-9.3||CRITICAL
EPSS-0.20% / 42.12%
||
7 Day CHG+0.07%
Published-10 Feb, 2026 | 06:59
Updated-13 Feb, 2026 | 20:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Flowring|Agentflow - Missing Authenticaton

Agentflow developed by Flowring has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to read, modify, and delete database contents by using a specific functionality.

Action-Not Available
Vendor-flowringFlowring
Product-agentflowAgentflow
CWE ID-CWE-288
Authentication Bypass Using an Alternate Path or Channel
CVE-2023-32002
Matching Score-4
Assigner-HackerOne
ShareView Details
Matching Score-4
Assigner-HackerOne
CVSS Score-9.8||CRITICAL
EPSS-0.04% / 13.91%
||
7 Day CHG+0.01%
Published-21 Aug, 2023 | 16:52
Updated-02 Jul, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The use of `Module._load()` can bypass the policy mechanism and require modules outside of the policy.json definition for a given module. This vulnerability affects all users using the experimental policy mechanism in all active release lines: 16.x, 18.x and, 20.x. Please note that at the time this CVE was issued, the policy is an experimental feature of Node.js.

Action-Not Available
Vendor-Node.js (OpenJS Foundation)
Product-node.jsNodenodejs
CWE ID-CWE-288
Authentication Bypass Using an Alternate Path or Channel
CVE-2024-52475
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.8||CRITICAL
EPSS-23.59% / 95.86%
||
7 Day CHG~0.00%
Published-28 Nov, 2024 | 10:34
Updated-29 Nov, 2024 | 18:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Wawp plugin < 3.0.18 - Account Takeover vulnerability

Authentication Bypass Using an Alternate Path or Channel vulnerability in Automation Web Platform Wawp allows Authentication Bypass.This issue affects Wawp: from n/a before 3.0.18.

Action-Not Available
Vendor-Automation Web Platformautomation_web_platform
Product-Wawpwawp
CWE ID-CWE-288
Authentication Bypass Using an Alternate Path or Channel
CVE-2025-9967
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-9.8||CRITICAL
EPSS-0.19% / 40.42%
||
7 Day CHG+0.04%
Published-15 Oct, 2025 | 08:26
Updated-16 Oct, 2025 | 15:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Orion SMS OTP Verification <= 1.1.7 - Authentication Bypass via Account Takeover

The Orion SMS OTP Verification plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.1.7. This is due to the plugin not properly validating a user's identity prior to updating their password. This makes it possible for unauthenticated attackers to change arbitrary user's password to a one-time password if the attacker knows the user's phone number

Action-Not Available
Vendor-gsayed786
Product-Orion SMS OTP Verification
CWE ID-CWE-288
Authentication Bypass Using an Alternate Path or Channel
CVE-2024-50477
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.8||CRITICAL
EPSS-81.88% / 99.17%
||
7 Day CHG~0.00%
Published-28 Oct, 2024 | 11:23
Updated-31 Oct, 2024 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Stacks Mobile App Builder plugin <= 5.2.3 - Account Takeover vulnerability

Authentication Bypass Using an Alternate Path or Channel vulnerability in Stacks Stacks Mobile App Builder stacks-mobile-app-builder allows Authentication Bypass.This issue affects Stacks Mobile App Builder: from n/a through 5.2.3.

Action-Not Available
Vendor-stacksmarketStacksstacks
Product-stacks_mobile_app_builderStacks Mobile App Builderstacks_mobile_app_builder
CWE ID-CWE-288
Authentication Bypass Using an Alternate Path or Channel
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2025-8359
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-9.8||CRITICAL
EPSS-0.53% / 66.51%
||
7 Day CHG+0.05%
Published-06 Sep, 2025 | 02:24
Updated-08 Sep, 2025 | 20:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
AdForest <= 6.0.9 - Authentication Bypass to Admin

The AdForest theme for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 6.0.9. This is due to the plugin not properly verifying a user's identity prior to authenticating them. This makes it possible for unauthenticated attackers to log in as other users, including administrators, without access to a password.

Action-Not Available
Vendor-ScriptsBundle
Product-AdForest
CWE ID-CWE-288
Authentication Bypass Using an Alternate Path or Channel
CVE-2025-8995
Matching Score-4
Assigner-Drupal.org
ShareView Details
Matching Score-4
Assigner-Drupal.org
CVSS Score-9.8||CRITICAL
EPSS-0.08% / 23.25%
||
7 Day CHG~0.00%
Published-15 Aug, 2025 | 16:27
Updated-21 Aug, 2025 | 19:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Authenticator Login - Highly critical - Access bypass - SA-CONTRIB-2025-096

Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal Authenticator Login allows Authentication Bypass.This issue affects Authenticator Login: from 0.0.0 before 2.1.4.

Action-Not Available
Vendor-authenticator_login_projectThe Drupal Association
Product-authenticator_loginAuthenticator Login
CWE ID-CWE-288
Authentication Bypass Using an Alternate Path or Channel
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2024-50489
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.8||CRITICAL
EPSS-0.34% / 56.13%
||
7 Day CHG~0.00%
Published-28 Oct, 2024 | 11:16
Updated-31 Oct, 2024 | 00:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Realty Workstation plugin <= 1.0.45 - Account Takeover vulnerability

Authentication Bypass Using an Alternate Path or Channel vulnerability in Realty Workstation allows Authentication Bypass.This issue affects Realty Workstation: from n/a through 1.0.45.

Action-Not Available
Vendor-realtyworkstationRealty Workstationrealty_workstation
Product-realty_workstationRealty Workstationrealty_workstation
CWE ID-CWE-288
Authentication Bypass Using an Alternate Path or Channel
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2025-7642
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-9.8||CRITICAL
EPSS-0.46% / 63.62%
||
7 Day CHG~0.00%
Published-23 Aug, 2025 | 04:25
Updated-25 Aug, 2025 | 20:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Simpler Checkout 0.7.0 - 1.1.9 - Authentication Bypass

The Simpler Checkout plugin for WordPress is vulnerable to Authentication Bypass in versions 0.7.0 to 1.1.9. This is due to the plugin not properly verifying a user's identity prior to logging them in as an admin through the simplerwc_woocommerce_order_created() function. This makes it possible for unauthenticated attackers to log in as other users based on their order ID, which can be an administrator if a site admin has placed a test order.

Action-Not Available
Vendor-simplercheckout
Product-Simpler Checkout
CWE ID-CWE-288
Authentication Bypass Using an Alternate Path or Channel
CVE-2024-50486
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.8||CRITICAL
EPSS-0.11% / 29.68%
||
7 Day CHG~0.00%
Published-28 Oct, 2024 | 11:19
Updated-29 Oct, 2024 | 16:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Acnoo Flutter API plugin <= 1.0.5 - Account Takeover vulnerability

Authentication Bypass Using an Alternate Path or Channel vulnerability in Acnoo Acnoo Flutter API allows Authentication Bypass.This issue affects Acnoo Flutter API: from n/a through 1.0.5.

Action-Not Available
Vendor-acnooAcnooacnoo
Product-flutter_apiAcnoo Flutter APIacnoo_flutter_api
CWE ID-CWE-288
Authentication Bypass Using an Alternate Path or Channel
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2024-50487
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.8||CRITICAL
EPSS-0.19% / 40.54%
||
7 Day CHG~0.00%
Published-28 Oct, 2024 | 11:17
Updated-31 Oct, 2024 | 00:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress MaanStore API plugin <= 1.0.1 - Account Takeover vulnerability

Authentication Bypass Using an Alternate Path or Channel vulnerability in MaanTheme MaanStore API allows Authentication Bypass.This issue affects MaanStore API: from n/a through 1.0.1.

Action-Not Available
Vendor-maanthemeMaanThememaantheme
Product-maanstore_apiMaanStore APImaanstore_api
CWE ID-CWE-288
Authentication Bypass Using an Alternate Path or Channel
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2025-68860
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.8||CRITICAL
EPSS-0.08% / 22.58%
||
7 Day CHG~0.00%
Published-29 Dec, 2025 | 21:08
Updated-20 Jan, 2026 | 15:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Mobile builder plugin <= 1.4.2 - Broken Authentication vulnerability

Authentication Bypass Using an Alternate Path or Channel vulnerability in Mobile Builder Mobile builder allows Authentication Abuse.This issue affects Mobile builder: from n/a through 1.4.2.

Action-Not Available
Vendor-Mobile Builder
Product-Mobile builder
CWE ID-CWE-288
Authentication Bypass Using an Alternate Path or Channel
CVE-2025-7444
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-9.8||CRITICAL
EPSS-0.53% / 66.66%
||
7 Day CHG~0.00%
Published-18 Jul, 2025 | 08:22
Updated-22 Jul, 2025 | 13:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
LoginPress Pro <= 5.0.1 - Authentication Bypass via WordPress.com OAuth provider

The LoginPress Pro plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 5.0.1. This is due to insufficient verification on the user being returned by the social login token. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the email and the user does not have an already-existing account for the service returning the token.

Action-Not Available
Vendor-LoginPress
Product-LoginPress Pro
CWE ID-CWE-288
Authentication Bypass Using an Alternate Path or Channel
CVE-2025-6895
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-9.8||CRITICAL
EPSS-0.67% / 70.80%
||
7 Day CHG~0.00%
Published-26 Jul, 2025 | 04:25
Updated-29 Jul, 2025 | 14:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
MelaPress Login Security 2.1.0 - 2.1.1 - Authentication Bypass to Privilege Escalation via get_valid_user_based_on_token Function

The Melapress Login Security plugin for WordPress is vulnerable to Authentication Bypass due to missing authorization within the get_valid_user_based_on_token() function in versions 2.1.0 to 2.1.1. This makes it possible for unauthenticated attackers who know an arbitrary user meta value to bypass authentication checks and log in as that user.

Action-Not Available
Vendor-melapress
Product-Melapress Login Security
CWE ID-CWE-288
Authentication Bypass Using an Alternate Path or Channel
CVE-2022-27510
Matching Score-4
Assigner-Citrix Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Citrix Systems, Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.55% / 67.32%
||
7 Day CHG~0.00%
Published-08 Nov, 2022 | 21:26
Updated-01 May, 2025 | 19:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Unauthorized access to Gateway user capabilities

Unauthorized access to Gateway user capabilities

Action-Not Available
Vendor-Citrix (Cloud Software Group, Inc.)
Product-gatewayapplication_delivery_controllerapplication_delivery_controller_firmwareCitrix Gateway, Citrix ADC
CWE ID-CWE-288
Authentication Bypass Using an Alternate Path or Channel
CWE ID-CWE-287
Improper Authentication
CVE-2022-26870
Matching Score-4
Assigner-Dell
ShareView Details
Matching Score-4
Assigner-Dell
CVSS Score-7||HIGH
EPSS-0.92% / 75.61%
||
7 Day CHG~0.00%
Published-21 Oct, 2022 | 18:05
Updated-07 May, 2025 | 15:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerStore versions 2.1.0.x contain an Authentication bypass vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability under specific configuration. An attacker would gain unauthorized access upon successful exploit.

Action-Not Available
Vendor-Dell Inc.
Product-powerstoreosPowerStore
CWE ID-CWE-288
Authentication Bypass Using an Alternate Path or Channel
CWE ID-CWE-287
Improper Authentication
CVE-2025-69101
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.8||CRITICAL
EPSS-0.07% / 21.20%
||
7 Day CHG~0.00%
Published-22 Jan, 2026 | 16:52
Updated-27 Jan, 2026 | 16:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Workreap Core plugin <= 3.4.0 - Account Takeover vulnerability

Authentication Bypass Using an Alternate Path or Channel vulnerability in AmentoTech Workreap Core workreap_core allows Authentication Abuse.This issue affects Workreap Core: from n/a through <= 3.4.0.

Action-Not Available
Vendor-AmentoTech
Product-Workreap Core
CWE ID-CWE-288
Authentication Bypass Using an Alternate Path or Channel
CVE-2024-49604
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.8||CRITICAL
EPSS-0.21% / 42.48%
||
7 Day CHG~0.00%
Published-20 Oct, 2024 | 07:56
Updated-23 Oct, 2024 | 15:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Simple User Registration plugin <= 5.5 - Account Takeover vulnerability

Authentication Bypass Using an Alternate Path or Channel vulnerability in Najeeb Ahmad Simple User Registration allows Authentication Bypass.This issue affects Simple User Registration: from n/a through 5.5.

Action-Not Available
Vendor-najeebmediaNajeeb Ahmadnajeeb_ahmad
Product-simple_user_registrationSimple User Registrationsimple_user_registration
CWE ID-CWE-288
Authentication Bypass Using an Alternate Path or Channel
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2025-7710
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-9.8||CRITICAL
EPSS-0.46% / 63.62%
||
7 Day CHG~0.00%
Published-02 Aug, 2025 | 11:23
Updated-04 Aug, 2025 | 15:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Brave Conversion Engine (PRO) <= 0.7.7 - Authentication Bypass to Administrator

The Brave Conversion Engine (PRO) plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 0.7.7. This is due to the plugin not properly restricting a claimed identity while authenticating with Facebook. This makes it possible for unauthenticated attackers to log in as other users, including administrators.

Action-Not Available
Vendor-Brave
Product-Brave Conversion Engine (PRO)
CWE ID-CWE-288
Authentication Bypass Using an Alternate Path or Channel
CVE-2025-6388
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-9.8||CRITICAL
EPSS-0.52% / 66.30%
||
7 Day CHG~0.00%
Published-03 Oct, 2025 | 08:23
Updated-06 Oct, 2025 | 14:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Spirit Framework <= 1.2.14 - Authentication Bypass to Account Takeover and Privilege Escalation

The Spirit Framework plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 1.2.14. This is due to the custom_actions() function not properly validating a user's identity prior to authenticating them to the site. This makes it possible for unauthenticated attackers to log in as any user, including administrators, granted they have access to the administrator's username.

Action-Not Available
Vendor-Theme-Spirit
Product-Spirit Framework
CWE ID-CWE-288
Authentication Bypass Using an Alternate Path or Channel
CVE-2022-24047
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-5.3||MEDIUM
EPSS-1.74% / 82.19%
||
7 Day CHG~0.00%
Published-18 Feb, 2022 | 19:51
Updated-03 Aug, 2024 | 03:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability allows remote attackers to bypass authentication on affected installations of BMC Track-It! 20.21.01.102. Authentication is not required to exploit this vulnerability. The specific flaw exists within the authorization of HTTP requests. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-14618.

Action-Not Available
Vendor-bmcBMC
Product-track-it\!Track-It!
CWE ID-CWE-288
Authentication Bypass Using an Alternate Path or Channel
CWE ID-CWE-287
Improper Authentication
CVE-2025-67915
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.8||CRITICAL
EPSS-0.08% / 22.58%
||
7 Day CHG~0.00%
Published-08 Jan, 2026 | 09:17
Updated-20 Jan, 2026 | 15:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Timetics plugin <= 1.0.46 - Broken Authentication vulnerability

Authentication Bypass Using an Alternate Path or Channel vulnerability in Arraytics Timetics timetics allows Authentication Abuse.This issue affects Timetics: from n/a through <= 1.0.46.

Action-Not Available
Vendor-Arraytics
Product-Timetics
CWE ID-CWE-288
Authentication Bypass Using an Alternate Path or Channel
CVE-2025-6688
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-9.8||CRITICAL
EPSS-0.39% / 59.45%
||
7 Day CHG~0.00%
Published-27 Jun, 2025 | 07:22
Updated-02 Jul, 2025 | 17:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Simple Payment 1.3.6 - 2.3.8 - Authentication Bypass to Admin

The Simple Payment plugin for WordPress is vulnerable to Authentication Bypass in versions 1.3.6 to 2.3.8. This is due to the plugin not properly verifying a user's identity prior to logging them in through the create_user() function. This makes it possible for unauthenticated attackers to log in as administrative users.

Action-Not Available
Vendor-idokdidokd
Product-simple_paymentSimple Payment
CWE ID-CWE-288
Authentication Bypass Using an Alternate Path or Channel
CVE-2024-47406
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-9.1||CRITICAL
EPSS-0.24% / 46.09%
||
7 Day CHG-0.15%
Published-25 Oct, 2024 | 06:18
Updated-05 Nov, 2024 | 19:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Sharp and Toshiba Tec MFPs improperly process HTTP authentication requests, resulting in an authentication bypass vulnerability.

Action-Not Available
Vendor-sharptoshibatecToshiba Tec CorporationSharp Corporationsharptoshibatec
Product-mx-m6050bp-c542wd_firmwaremx-5110n_firmwaremx-c381_firmwaremx-m6070_abp-b547wdmx-m365n_a_firmwaremx-3570n_firmwaremx-m6071_firmwarebp-60c36_firmwarebp-70m31bp-90c80bp-c533wd_firmwaremx-c400p_firmwaremx-3101nmx-4070n_a_firmwaremx-3070v_amx-m3571_firmwaremx-m3571mx-2651_firmwaremx-m464n_firmwaremx-m2651mx-5070v_firmwaremx-3111umx-b355wz_firmwaremx-4140nmx-4060v_firmwarebp-b550wdmx-5140n_firmwaremx-m5051mx-3050v_amx-b376w_firmwaremx-2600gmx-c303wh_firmwarebp-70c55_firmwaremx-2601nmx-m564n_amx-b376whmx-4071s_firmwaremx-3550v_firmwaremx-m3071_firmwaremx-b456whmx-m356uvmx-c311mx-m904bp-50c26mx-m753u_firmwaremx-m264ue-studio1058_firmwaremx-2640nrmx-m315nmx-b400pmx-2314nrbp-30c25z_firmwaremx-3550n_firmwaredx-c401_j_firmwaremx-m315u_firmwaremx-c303mx-2610nmx-m316nvmx-m314nmx-m4070_amx-b476wh_firmwaremx-m6070_firmwarebp-30m28t_firmwaremx-m4070mx-m453u_firmwaremx-m1206_firmwaremx-m265nv_firmwaremx-m3070_firmwaremx-3100gmx-m265ne_firmwaremx-c401_firmwaremx-m315uv_firmwaremx-3070v_firmwaremx-b355wt_firmwaremx-m1055bp-c535wrmx-m623umx-2610n_firmwaremx-m264u_firmwaremx-m314nr_firmwaremx-7040nmx-3571smx-m4071s_firmwaremx-m3551bp-70c55mx-m354n_firmwaremx-c312_firmwaremx-4111n_firmwaree-studio908_firmwaremx-c380mx-m265uvmx-c402sc_firmwarebp-90c80_firmwaredx-c400mx-b356whmx-m315ne_firmwaremx-1810umx-6050v_firmwaremx-4070v_firmwaremx-m754nmx-2615n_firmwarebp-70m75_firmwaremx-2615nmx-4071smx-5000nmx-c303w_firmwaredx-c400_firmwaremx-6580nmx-c304wh_firmwaremx-m365n_abp-50c65_firmwaremx-m7570mx-3060nmx-3610nrmx-b376wmx-7081_firmwarebp-70m36_firmwarebp-50c55_firmwaremx-3110nmx-m1205mx-b402pmx-m4050_firmwaremx-c382scmx-c310_firmwaremx-m503nmx-3115nmx-m565nmx-3070v_a_firmwaredx-2000u_firmwaremx-m1056mx-m3551_firmwaremx-m3051_firmwaremx-m264nr_firmwaremx-m453nmx-c303whmx-2630nmx-m6071mx-c380p_firmwaremx-3050n_abp-70c65bp-30c25tbp-60c31_firmwarebp-70c36_firmwaremx-4051mx-m364nmx-3061mx-5112nmx-b402scmx-7500n_firmwaremx-m356uv_firmwaremx-3101n_firmwaremx-b382p_firmwaremx-m3550_firmwaremx-4110n_firmwaremx-b382scmx-3116n_firmwaremx-m654nbp-b537wr_firmwaremx-m354ubp-50c36mx-2601n_firmwaremx-b382_firmwaremx-3640n_firmwaremx-m6070mx-5000n_firmwaremx-m3571s_firmwaremx-3070n_amx-3640nr_firmwaremx-m3071smx-m363n_firmwaremx-8090nmx-m315uvbp-30m31_firmwaremx-2640n_firmwaremx-3551_firmwaremx-b476w_firmwaremx-m314n_firmwaremx-6071_firmwaremx-m753umx-3110n_a_firmwaremx-b355wzmx-m503umx-m6051_firmwaremx-c301wmx-c381mx-5071mx-m2651_firmwaremx-5110ne-studio1208_firmwaremx-m265v_firmwaremx-m264nmx-m363nmx-c304whmx-2600n_firmwaremx-m365n_firmwaremx-m6070_a_firmwaremx-6050vdx-c381mx-m5050_firmwaremx-3110n_firmwaremx-2614nmx-b402_firmwaremx-b382pmx-m905mx-3610nr_firmwaremx-m3570_firmwarebp-50c31mx-3561mx-m1205_firmwaremx-2600nmx-4070n_amx-c382scb_firmwarebp-b537wrbp-70c31_firmwaremx-m465n_firmwaremx-5051_firmwaremx-b455wmx-c304wmx-5071s_firmwarebp-50m26mx-4141nbp-50m26_firmwaremx-3110n_abp-50m45mx-3570v_firmwaremx-m4070_a_firmwaremx-m265n_firmwaremx-m4071smx-2615_amx-m564nmx-b382bp-c542wdmx-m265umx-c303wmx-m364n_firmwaremx-m316nv_firmwarebp-70m45bp-70m75bp-c535wdmx-6070v_a_firmwaredx-c311_firmwarebp-30m35_firmwaremx-b476whmx-m503u_firmwaremx-m754n_ae-studio1058mx-3071s_firmwaremx-2310u_firmwaremx-m354nrmx-m3550mx-4061smx-4050n_firmwaremx-4060nmx-3561s_firmwarebp-60c31mx-7090n_firmwaremx-m314umx-c380_firmwaredx-c311j_firmwaremx-4071mx-7081mx-m565n_firmwaremx-m356u_firmwaremx-3140nmx-3561_firmwaremx-m453umx-b476wmx-b381dx-c311jmx-3560vmx-m363u_firmwaremx-b455wz_firmwaremx-2616nmx-4101nmx-m5071_firmwaremx-6070n_a_firmwaremx-4071_firmwaremx-2616n_firmwarebp-30c25_firmwaremx-m356nv_firmwaremx-m5050bp-70m65_firmwaremx-m265nvmx-m314nv_firmwaremx-m266nvdx-c310_firmwaremx-5111nmx-b400p_firmwarebp-30m35mx-8081_firmwaremx-3071_firmwarebp-30m31t_firmwaremx-6580n_firmwaremx-2640nr_firmwarebp-b540wrmx-m283nmx-m5070_firmwarebp-30m28tmx-8090n_firmwarebp-c545wdmx-m264nrmx-m316nbp-c533wdmx-1810u_firmwaremx-m3071s_firmwaremx-4050v_firmwarebp-30m31mx-b355wtmx-3114nmx-2314nmx-5071_firmwaremx-b402sc_firmwaremx-m465nmx-3111u_firmwaremx-c303_firmwaremx-m365nmx-4100n_firmwaremx-7500nmx-4101n_firmwarebp-70m90_firmwarebp-90c70mx-3050nbp-60c36mx-b455wt_firmwaremx-4060n_firmwaremx-3070vmx-3050v_a_firmwarebp-50c26_firmwaremx-3570vmx-c304w_firmwaremx-m754n_firmwaremx-m465n_amx-m3050mx-6050n_firmwaremx-3610n_firmwaremx-4110nmx-5070n_firmwaremx-4140n_amx-m5070dx-c401_jmx-m356ubp-50c45_firmwaremx-4061_firmwaremx-4112n_firmwaremx-c382scbmx-3061smx-m315umx-3070n_firmwaremx-m356nvmx-3571s_firmwaremx-3560v_firmwaremx-3061_firmwaremx-m266nv_firmwarebp-30c25mx-b402mx-b455w_firmwaredx-c311mx-3571mx-7580n_firmwaremx-m314u_firmwaremx-m315nvmx-m265vmx-3100nmx-m1206mx-7090nmx-c301w_firmwaremx-3114n_firmwaremx-2600g_firmwarebp-30c25ymx-5141nmx-m4051dx-2500nmx-c301bp-50c55mx-c381bmx-2614n_firmwaremx-4070n_firmwaremx-m3570mx-m654n_firmwarebp-55c26_firmwaremx-5050n_firmwaremx-5070vmx-3140n_a_firmwaremx-m5051_firmwaremx-6071s_firmwaremx-5051mx-c400_firmwaremx-4061s_firmwaremx-3051mx-b456wh_firmwaremx-5141n_firmwaremx-b456we-studio1208mx-m3070mx-m4071_firmwaremx-3060v_firmwaremx-6071mx-4111nmx-m464nbp-30m35t_firmwaremx-m4051_firmwaremx-m6071s_firmwaremx-3140nrmx-m5071mx-2615_a_firmwaremx-4050nbp-70c31mx-m3050_firmwaremx-m4070_firmwaremx-3061s_firmwaremx-m314nrmx-3640nrmx-3070nmx-m356nmx-c301_firmwarebp-b540wr_firmwaremx-m1204mx-4070v_amx-m266n_firmwarebp-70m65mx-c380pmx-c304mx-6500ndx-c401_firmwaremx-b356wh_firmwaremx-3115n_firmwaremx-3551mx-3050v_firmwaremx-2301nbp-70c36mx-3050n_firmwaremx-m6050_firmwaremx-m905_firmwaremx-3100n_firmwaremx-6240n_firmwaremx-b401_firmwaremx-m4071bp-c535wd_firmwaremx-c400pbp-50c45mx-m7570_firmwarebp-30m31tmx-m3571smx-4100nmx-8081mx-2630n_firmwaremx-b355w_firmwarebp-70m31_firmwaremx-4112nbp-50m31mx-m453n_firmwaremx-2301n_firmwaremx-3140n_firmwaremx-m654n_a_firmwaremx-m266nmx-6070n_firmwarebp-30c25y_firmwaremx-3570nbp-70m55bp-30m28_firmwaremx-m264nvmx-5050vmx-m654n_amx-4140n_firmwaremx-5071sbp-c533wrmx-b455wtmx-m3050_a_firmwaremx-3060vmx-5001nmx-c312mx-m265uv_firmwaremx-3140nr_firmwaremx-m753n_firmwaremx-m3071mx-4060vbp-55c26mx-3071smx-3560n_firmwaremx-b455wzmx-2310rmx-m465n_a_firmwarebp-c535wr_firmwaremx-m315vmx-m316n_firmwarebp-50c31_firmwaremx-5070nmx-m1056_firmwaremx-c304_firmwarebp-c545wd_firmwaremx-2310umx-m264nv_firmwarebp-50m36_firmwaredx-c401bp-70m90mx-3610nmx-7580nbp-b550wd_firmwaremx-4061dx-c310bp-50m45_firmwarebp-50m55_firmwaremx-6070v_amx-m363umx-b401mx-3140n_abp-30c25t_firmwaremx-2314nr_firmwaremx-2310r_firmwaremx-3560nbp-50m31_firmwaremx-b376wh_firmwarebp-70m45_firmwaremx-m354nmx-6050nmx-6500n_firmwaremx-4050vmx-m2630_a_firmwaremx-3050vmx-m315nv_firmwaremx-m753nbp-90c70_firmwaremx-c311_firmwaremx-5111n_firmwaremx-3571_firmwaremx-m1054_firmwaremx-c310mx-4070vmx-m754n_a_firmwaremx-m356n_firmwaremx-m265u_firmwaremx-m265nemx-m623u_firmwaremx-m2630_ae-studio908mx-2640nbp-30c25zmx-6240nmx-c401mx-m623n_firmwaremx-m3070_a_firmwaremx-m264n_firmwaremx-2010umx-3051_firmwaremx-6051mx-6070n_amx-b380p_firmwaremx-m3051mx-m5071s_firmwaremx-m4050mx-m2630_firmwarebp-b547wd_firmwaremx-m3070_amx-3071mx-m6051mx-m265nbp-50m55mx-m1055_firmwaremx-m354u_firmwarebp-70c65_firmwarebp-60c45mx-m1054mx-c382sc_firmwaremx-4140n_a_firmwaremx-6051_firmwarebp-50c36_firmwaremx-b456w_firmwaremx-5141n_abp-70c45bp-30m28mx-6071smx-4051_firmwaremx-m564n_firmwaremx-m315nemx-4141n_firmwaremx-4070v_a_firmwaremx-3100g_firmwaredx-2500n_firmwaredx-2000umx-b380pbp-50c65bp-50m50_firmwaremx-b356wmx-m503n_firmwaremx-b355wmx-5001n_firmwaremx-m314nvmx-m1204_firmwaremx-2314n_firmwaremx-5050nbp-70m55_firmwaremx-b381_firmwaremx-3550nmx-3070n_a_firmwaremx-3640nmx-2651mx-m2630mx-2010u_firmwarebp-70c45_firmwaremx-6070v_firmwaremx-4070nbp-30m35tmx-c400mx-5112n_firmwaremx-7040n_firmwarebp-60c45_firmwaremx-3550vmx-m3050_amx-5140nmx-b382sc_firmwaremx-c381b_firmwaremx-m6570_firmwaremx-b402p_firmwaremx-m283n_firmwaremx-b356w_firmwarebp-c533wr_firmwaredx-c381_firmwarebp-70m36mx-5141n_a_firmwaremx-5050v_firmwaremx-m564n_a_firmwaremx-6070vmx-m6570mx-c402scmx-3050n_a_firmwaremx-m315n_firmwaremx-m354nr_firmwaremx-3060n_firmwaremx-m5071sbp-50m50mx-m623nmx-m6071smx-6070nmx-m904_firmwarebp-50m36mx-3561smx-m315v_firmwaremx-3116ne-STUDIO 908Sharp Digital Full-color MFPs and Monochrome MFPse-STUDIO 1058e-STUDIO 1208mx-b455wz_firmwaremx-m1206_firmwaremx-m7570_firmwaremx-m6071s_firmwaremx-6071s_firmwaree-studio-1208_firmwaremx-6070v_firmwaremx-c304wh_firmwarebp-c545wd_firmwarebp-30c25_firmwarebp-70c65_firmwaremx-8090n_firmwarebp-70m65_firmwarebp-90c80_firmwaremx-7580n_firmwarebp-b550wd_firmwaree-studio-1058_firmwaremx-m905_firmwarebp-70m90_firmwaree-studio-908_firmwaremx-b476wh_firmwaremx-m6070_firmwaremx-8081_firmwarebp-30m35t_firmware
CWE ID-CWE-288
Authentication Bypass Using an Alternate Path or Channel
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2022-23767
Matching Score-4
Assigner-KrCERT/CC
ShareView Details
Matching Score-4
Assigner-KrCERT/CC
CVSS Score-8.8||HIGH
EPSS-0.56% / 67.65%
||
7 Day CHG~0.00%
Published-19 Sep, 2022 | 19:50
Updated-03 Jun, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SecureGate authentication bypass vulnerability

This vulnerability of SecureGate is SQL-Injection using login without password. A path traversal vulnerability is also identified during file transfer. An attacker can take advantage of these vulnerabilities to perform various attacks such as obtaining privileges and executing remote code, thereby taking over the victim’s system.

Action-Not Available
Vendor-hanssakHANSSAK Co.,LtdMicrosoft Corporation
Product-securegateweblinkwindowsSecureGateWebLink
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE ID-CWE-288
Authentication Bypass Using an Alternate Path or Channel
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-59367
Matching Score-4
Assigner-ASUSTeK Computer Incorporation
ShareView Details
Matching Score-4
Assigner-ASUSTeK Computer Incorporation
CVSS Score-9.3||CRITICAL
EPSS-0.31% / 53.96%
||
7 Day CHG~0.00%
Published-13 Nov, 2025 | 02:09
Updated-06 Feb, 2026 | 14:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An authentication bypass vulnerability has been identified in certain DSL series routers, may allow remote attackers to gain unauthorized access into the affected system. Refer to the 'Security Update for DSL Series Router' section on the ASUS Security Advisory for more information.

Action-Not Available
Vendor-ASUS (ASUSTeK Computer Inc.)
Product-dsl-n16_firmwaredsl-ac750_firmwaredsl-ac51_firmwaredsl-n16dsl-ac51dsl-ac750DSL-AC750DSL-AC51DSL-N16
CWE ID-CWE-288
Authentication Bypass Using an Alternate Path or Channel
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2025-57819
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-10||CRITICAL
EPSS-67.43% / 98.52%
||
7 Day CHG-6.79%
Published-28 Aug, 2025 | 16:45
Updated-13 Feb, 2026 | 21:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2025-09-19||Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
FreePBX Affected by Authentication Bypass Leading to SQL Injection and RCE

FreePBX is an open-source web-based graphical user interface. FreePBX 15, 16, and 17 endpoints are vulnerable due to insufficiently sanitized user-supplied data allowing unauthenticated access to FreePBX Administrator leading to arbitrary database manipulation and remote code execution. This issue has been patched in endpoint versions 15.0.66, 16.0.89, and 17.0.3.

Action-Not Available
Vendor-SangomaFreePBXSangoma Technologies Corp.
Product-freepbxendpointFreePBX
CWE ID-CWE-288
Authentication Bypass Using an Alternate Path or Channel
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-5821
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-9.8||CRITICAL
EPSS-0.46% / 63.62%
||
7 Day CHG~0.00%
Published-23 Aug, 2025 | 06:43
Updated-25 Aug, 2025 | 20:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Case Theme User <= 1.0.3 - Authentication Bypass via Social Login

The Case Theme User plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 1.0.3. This is due to the plugin not properly logging a user in with the data that was previously verified through the facebook_ajax_login_callback(). This makes it possible for unauthenticated attackers to log in as administrative users, as long as they have an existing account on the site, and access to the administrative user's email.

Action-Not Available
Vendor-Case-Themes
Product-Case Theme User
CWE ID-CWE-288
Authentication Bypass Using an Alternate Path or Channel
  • Previous
  • 1
  • 2
  • 3
  • 4
  • Next
Details not found