CWE-288: CWE-288

An authentication bypass vulnerability in Ivanti Neurons for ITSM on-premises deployments allows remote unauthenticated attackers to gain administrati...

The PeproDev Ultimate Profile Solutions WordPress plugin has an authentication bypass vulnerability that allows unauthenticated attackers to log in as...

The BuddyBoss Platform Pro WordPress plugin has an authentication bypass vulnerability that allows unauthenticated attackers to log in as any existing...

This vulnerability allows unauthenticated attackers to bypass authentication and take over any user account, including administrators, in the SMS Aler...

CVE-2025-31095 is an authentication bypass vulnerability in the Material Dashboard WordPress plugin that allows attackers to gain unauthorized access ...

An authentication bypass vulnerability in Kentico Xperience's Staging Sync Server allows attackers to bypass digest authentication by exploiting empty...

This vulnerability allows unauthenticated attackers to take over any user account, including administrators, in WordPress sites using the Service Find...

This vulnerability allows unauthenticated attackers to reset passwords for any user account in the Civi WordPress theme, including administrators, by ...

The WP JobHunt plugin for WordPress has an authentication bypass vulnerability that allows unauthenticated attackers to log into any user account, inc...

The Workreap WordPress plugin allows unauthenticated attackers to take over any user account, including administrators, by exploiting insufficient ide...

The InWave Jobs WordPress plugin has a privilege escalation vulnerability that allows unauthenticated attackers to reset passwords of any user, includ...

The WP Real Estate Manager WordPress plugin has an authentication bypass vulnerability that allows unauthenticated attackers to log in as any user, in...

The SetSail Membership plugin for WordPress has an authentication bypass vulnerability in social login functionality. Unauthenticated attackers can lo...

The Academist Membership WordPress plugin has an authentication bypass vulnerability that allows unauthenticated attackers to log in as any user, incl...

This vulnerability allows unauthenticated attackers to bypass authentication in the PrivateContent WordPress plugin, potentially gaining administrativ...

This vulnerability allows attackers to bypass authentication on Dingtian DT-R0 Series devices by directly accessing the main page without valid creden...

The WP Directorybox Manager WordPress plugin has an authentication bypass vulnerability that allows unauthenticated attackers to log in as any existin...

The WP Directorybox Manager plugin for WordPress has an authentication bypass vulnerability that allows unauthenticated attackers to log in as any exi...

The Nextend Social Login Pro WordPress plugin has an authentication bypass vulnerability that allows unauthenticated attackers to log in as any existi...

CVE-2025-0674 is an authentication bypass vulnerability affecting multiple Elber products that allows attackers to reset any user's password without a...

BigAntSoft BigAnt Server up to version 5.6.06 allows unauthenticated remote attackers to create administrative accounts through the default SaaS regis...

The AdForest WordPress theme has an authentication bypass vulnerability that allows unauthenticated attackers to log in as any user when OTP phone log...

This vulnerability allows remote attackers to bypass authentication and gain super-admin privileges on affected Fortinet devices by sending crafted re...

This vulnerability allows unauthenticated attackers to change any WordPress user's password, including administrators, through the Themes Coder plugin...

CVE-2024-56044 is an authentication bypass vulnerability in the WPLMS WordPress plugin that allows unauthenticated attackers to generate arbitrary use...

The AdForest WordPress theme contains an authentication bypass vulnerability that allows unauthenticated attackers to log in as any user, including ad...

This vulnerability allows unauthenticated attackers to bypass authentication mechanisms in the Woffice WordPress theme, potentially gaining administra...

This CVE describes an authentication bypass vulnerability in the Firebase OTP Authentication WordPress plugin by AppGenixInfotech. Attackers can bypas...

This CVE describes an authentication bypass vulnerability in Codexpert's CoSchool LMS WordPress plugin that allows attackers to gain unauthorized acce...

The JobSearch WP Job Board WordPress plugin has an authentication bypass vulnerability that allows unauthenticated attackers to log in as any user by ...

The Social Login WordPress plugin has an authentication bypass vulnerability that allows unauthenticated attackers to log in as any existing user, inc...

This vulnerability allows unauthenticated attackers to bypass authentication in the MultiManager WP WordPress plugin by generating impersonation links...

The Relais 2FA plugin for WordPress has an authentication bypass vulnerability that allows unauthenticated attackers to log in as any existing user, i...

The CE21 Suite WordPress plugin up to version 2.2.0 contains a hardcoded encryption key that allows unauthenticated attackers to bypass authentication...

This authentication bypass vulnerability in the Deryck Oñate User Toolkit WordPress plugin allows attackers to gain unauthorized access to user accou...

The Crypto plugin for WordPress has an authentication bypass vulnerability that allows unauthenticated attackers to log in as any existing user by exp...

This CVE describes an authentication bypass vulnerability in the Stacks Mobile App Builder WordPress plugin that allows attackers to gain unauthorized...

This CVE describes an authentication bypass vulnerability in the MaanStore API WordPress plugin that allows attackers to gain unauthorized access with...

The Wp Social Login and Register Social Counter WordPress plugin has an authentication bypass vulnerability that allows unauthenticated attackers to l...

This vulnerability allows unauthenticated attackers to bypass authentication in the Extensions by HocWP Team WordPress plugin. Attackers can log in as...

This vulnerability allows remote attackers to bypass authentication on Matrix Door Controller Cosec Vega FAXQ devices through improper session managem...

The wpDiscuz WordPress plugin has an authentication bypass vulnerability that allows unauthenticated attackers to log in as any existing user, includi...

This vulnerability allows attackers to bypass authentication in the Simple User Registration WordPress plugin, potentially gaining unauthorized access...

This vulnerability allows attackers to bypass authentication in the WP REST API FNS WordPress plugin, potentially gaining unauthorized access to admin...

The Nextend Social Login Pro WordPress plugin has an authentication bypass vulnerability that allows unauthenticated attackers to log in as any existi...

The UltimateAI WordPress plugin has an authentication bypass vulnerability that allows unauthenticated attackers to log in as any existing user by exp...

The Pedalo Connector WordPress plugin has an authentication bypass vulnerability that allows unauthenticated attackers to log in as the first user (ty...

The Wechat Social login plugin for WordPress versions up to 1.3.0 contains an authentication bypass vulnerability that allows unauthenticated attacker...

The WooCommerce Social Login plugin for WordPress has an authentication bypass vulnerability that allows unauthenticated attackers to log in as any ex...

The BookingPress WordPress plugin versions 1.1.6 to 1.1.7 contain an authentication bypass vulnerability that allows unauthenticated attackers to log ...