Common Weakness Enumeration

CWE-288

Allowed

Authentication Bypass Using an Alternate Path or Channel

Abstraction: Base · Status: Incomplete

The product requires authentication, but the product has an alternate path or channel that does not require authentication.

1072 vulnerabilities reference this CWE, most recent first.

GHSA-HH8J-C7WJ-QPFJ

Vulnerability from github – Published: 2024-06-17 21:31 – Updated: 2024-07-03 18:45
VLAI
Details

An issue in JLINK Unionman Technology Co. Ltd Jlink AX1800 v.1.0 allows a remote attacker to execute arbitrary code via the router's authentication mechanism.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-37057"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-288"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-06-17T21:15:50Z",
    "severity": "CRITICAL"
  },
  "details": "An issue in JLINK Unionman Technology Co. Ltd Jlink AX1800 v.1.0 allows a remote attacker to execute arbitrary code via the router\u0027s authentication mechanism.",
  "id": "GHSA-hh8j-c7wj-qpfj",
  "modified": "2024-07-03T18:45:43Z",
  "published": "2024-06-17T21:31:10Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-37057"
    },
    {
      "type": "WEB",
      "url": "https://github.com/ri5c/Jlink-Router-RCE"
    },
    {
      "type": "WEB",
      "url": "https://jlink-global.com"
    },
    {
      "type": "WEB",
      "url": "http://jlink.com"
    },
    {
      "type": "WEB",
      "url": "http://www.unionman.com.cn/en/contact.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-HHGG-847R-8X22

Vulnerability from github – Published: 2025-02-07 03:32 – Updated: 2025-02-07 03:32
VLAI
Details

The Nextend Social Login Pro plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.1.16. This is due to insufficient verification on the user being supplied during the Apple OAuth authenticate request through the plugin. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the email.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-1061"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-288"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-02-07T02:15:29Z",
    "severity": "CRITICAL"
  },
  "details": "The Nextend Social Login Pro plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.1.16. This is due to insufficient verification on the user being supplied during the Apple OAuth authenticate request through the plugin. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the email.",
  "id": "GHSA-hhgg-847r-8x22",
  "modified": "2025-02-07T03:32:03Z",
  "published": "2025-02-07T03:32:03Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-1061"
    },
    {
      "type": "WEB",
      "url": "https://nextendweb.com/nextend-social-login-docs/pro-addon-changelog"
    },
    {
      "type": "WEB",
      "url": "https://nextendweb.com/nextend-social-login-docs/provider-apple"
    },
    {
      "type": "WEB",
      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6494e54c-db04-41f9-8b91-6ad12528cf01?source=cve"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-HJ28-PCFP-R5V3

Vulnerability from github – Published: 2026-05-26 21:31 – Updated: 2026-05-27 21:31
VLAI
Details

Easyelife App lock (aka Fingerprint,Applock or locker.app.safe.applocker) 1.9.2 for Android allows a local attacker with physical access to bypass the PIN lock. The lock is implemented as an overlay rather than by using Android's secure authentication APIs. By navigating cascading interface flows - insecure navigation through exposed routes facilitates app control evasion {I.N.T.E.R.F.A.C.E] via advertisement or browser intents - an attacker can evade lockscreen verification and access protected apps (e.g., Chrome), resulting in information disclosure and privilege escalation.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-68710"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-288"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-05-26T20:16:16Z",
    "severity": "LOW"
  },
  "details": "Easyelife App lock (aka Fingerprint,Applock or locker.app.safe.applocker) 1.9.2 for Android allows a local attacker with physical access to bypass the PIN lock. The lock is implemented as an overlay rather than by using Android\u0027s secure authentication APIs. By navigating cascading interface flows - insecure navigation through exposed routes facilitates app control evasion {I.N.T.E.R.F.A.C.E] via advertisement or browser intents - an attacker can evade lockscreen verification and access protected apps (e.g., Chrome), resulting in information disclosure and privilege escalation.",
  "id": "GHSA-hj28-pcfp-r5v3",
  "modified": "2026-05-27T21:31:19Z",
  "published": "2026-05-26T21:31:59Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68710"
    },
    {
      "type": "WEB",
      "url": "https://github.com/actuator/locker.app.safe.applocker"
    },
    {
      "type": "WEB",
      "url": "https://github.com/actuator/locker.app.safe.applocker/blob/main/CVE-2025-68710"
    },
    {
      "type": "WEB",
      "url": "https://play.google.com/store/apps/details?id=locker.app.safe.applocker"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-HJ78-P4H7-M5FV

Vulnerability from github – Published: 2025-01-28 19:15 – Updated: 2025-03-17 20:23
VLAI
Summary
TYPO3-EXT-SA-2025-001: Account Takeover in extension "OpenID Connect Authentication" (oidc)
Details

Problem Description

A vulnerability in the account linking logic of the extension allows a pre-hijacking attack leading to Account Takeover. The attack can only be exploited if the following requirements are met:

  • An attacker can anticipate the email address of the user.
  • An attacker can register a public frontend user account using that email address before the user's first OIDC login.
  • The IDP returns the field email containing the email address of the user

Solution

An updated versions 4.0.0 is available from the TYPO3 extension manager, packagist and at https://extensions.typo3.org/extension/download/oidc/4.0.0/zip

Users of the extension are advised to update the extension as soon as possible.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "causal/oidc"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "3.0.0"
            },
            {
              "fixed": "4.0.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2025-24856"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-288",
      "CWE-348",
      "CWE-639"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-01-28T19:15:44Z",
    "nvd_published_at": "2025-03-16T04:15:14Z",
    "severity": "MODERATE"
  },
  "details": "## Problem Description\nA vulnerability in the account linking logic of the extension allows a pre-hijacking attack leading to Account Takeover. The attack can only be exploited if the following requirements are met:\n\n- An attacker can anticipate the email address of the user.\n- An attacker can register a public frontend user account using that email address before the user\u0027s first OIDC login.\n- The IDP returns the field email containing the email address of the user\n\n## Solution\nAn updated versions 4.0.0 is available from the TYPO3 extension manager, packagist and at \nhttps://extensions.typo3.org/extension/download/oidc/4.0.0/zip\n\nUsers of the extension are advised to update the extension as soon as possible.",
  "id": "GHSA-hj78-p4h7-m5fv",
  "modified": "2025-03-17T20:23:43Z",
  "published": "2025-01-28T19:15:44Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24856"
    },
    {
      "type": "WEB",
      "url": "https://github.com/xperseguers/t3ext-oidc/commit/877e09f6faf4c87bbb41233112ec7e30d3c902b3"
    },
    {
      "type": "WEB",
      "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/causal/oidc/CVE-2025-24856.yaml"
    },
    {
      "type": "WEB",
      "url": "https://typo3.org/security/advisory/typo3-ext-sa-2025-001"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "TYPO3-EXT-SA-2025-001: Account Takeover in extension \"OpenID Connect Authentication\" (oidc)"
}

GHSA-HMC6-QJJC-3RJM

Vulnerability from github – Published: 2026-03-25 18:31 – Updated: 2026-03-26 21:31
VLAI
Details

Authentication Bypass Using an Alternate Path or Channel vulnerability in Dokan, Inc. Dokan dokan-lite allows Authentication Abuse.This issue affects Dokan: from n/a through <= 4.2.4.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-24359"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-288"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-03-25T17:16:36Z",
    "severity": "HIGH"
  },
  "details": "Authentication Bypass Using an Alternate Path or Channel vulnerability in Dokan, Inc. Dokan dokan-lite allows Authentication Abuse.This issue affects Dokan: from n/a through \u003c= 4.2.4.",
  "id": "GHSA-hmc6-qjjc-3rjm",
  "modified": "2026-03-26T21:31:24Z",
  "published": "2026-03-25T18:31:49Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24359"
    },
    {
      "type": "WEB",
      "url": "https://patchstack.com/database/Wordpress/Plugin/dokan-lite/vulnerability/wordpress-dokan-plugin-4-2-4-broken-authentication-vulnerability?_s_id=cve"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-HMFH-W3MX-W6J4

Vulnerability from github – Published: 2024-10-29 18:30 – Updated: 2026-04-08 21:32
VLAI
Details

The Crypto plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.15. This is due a to limited arbitrary method call to 'crypto_connect_ajax_process::log_in' function in the 'crypto_connect_ajax_process' function. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the username.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-9989"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-288"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-10-29T17:15:05Z",
    "severity": "CRITICAL"
  },
  "details": "The Crypto plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.15. This is due a to limited arbitrary method call to \u0027crypto_connect_ajax_process::log_in\u0027 function in the \u0027crypto_connect_ajax_process\u0027 function. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the username.",
  "id": "GHSA-hmfh-w3mx-w6j4",
  "modified": "2026-04-08T21:32:55Z",
  "published": "2024-10-29T18:30:37Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-9989"
    },
    {
      "type": "WEB",
      "url": "https://plugins.trac.wordpress.org/browser/crypto/tags/2.10/includes/class-crypto_connect_ajax_register.php#L138"
    },
    {
      "type": "WEB",
      "url": "https://plugins.trac.wordpress.org/browser/crypto/tags/2.10/includes/class-crypto_connect_ajax_register.php#L33"
    },
    {
      "type": "WEB",
      "url": "https://plugins.trac.wordpress.org/changeset/3189945/crypto#file3"
    },
    {
      "type": "WEB",
      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e21bd924-1d96-4371-972a-5c99d67261cc?source=cve"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-HMQV-F2V5-FJFF

Vulnerability from github – Published: 2026-06-15 21:30 – Updated: 2026-06-15 21:30
VLAI
Details

Subscriber Broken Authentication in WP Full Stripe Free <= 8.4.1 versions.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-42378"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-288"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-06-15T21:16:53Z",
    "severity": "MODERATE"
  },
  "details": "Subscriber Broken Authentication in WP Full Stripe Free \u003c= 8.4.1 versions.",
  "id": "GHSA-hmqv-f2v5-fjff",
  "modified": "2026-06-15T21:30:46Z",
  "published": "2026-06-15T21:30:46Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42378"
    },
    {
      "type": "WEB",
      "url": "https://patchstack.com/database/wordpress/plugin/wp-full-stripe-free/vulnerability/wordpress-wp-full-stripe-free-plugin-8-4-1-broken-authentication-vulnerability?_s_id=cve"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-HPV5-JH7R-PXPV

Vulnerability from github – Published: 2025-10-31 09:30 – Updated: 2025-10-31 09:30
VLAI
Details

The Noo JobMonster theme for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 4.8.1. This is due to the check_login() function not properly verifying a user's identity prior to successfully authenticating them This makes it possible for unauthenticated attackers to bypass standard authentication and access administrative user accounts. Please note social login needs to be enabled in order for a site to be impacted by this vulnerability.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-5397"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-288"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-10-31T07:15:37Z",
    "severity": "CRITICAL"
  },
  "details": "The Noo JobMonster theme for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 4.8.1. This is due to the check_login() function not properly verifying a user\u0027s identity prior to successfully authenticating them  This makes it possible for unauthenticated attackers to bypass standard authentication and access administrative user accounts. Please note social login needs to be enabled in order for a site to be impacted by this vulnerability.",
  "id": "GHSA-hpv5-jh7r-pxpv",
  "modified": "2025-10-31T09:30:25Z",
  "published": "2025-10-31T09:30:25Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-5397"
    },
    {
      "type": "WEB",
      "url": "https://themeforest.net/item/jobmonster-job-board-wordpress-theme/10965446"
    },
    {
      "type": "WEB",
      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6fa4aa8d-d7f1-4e91-bb2c-c9f80a4bb216?source=cve"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-HQWR-J99J-R27H

Vulnerability from github – Published: 2024-07-01 21:31 – Updated: 2024-07-01 21:31
VLAI
Details

The N-central server is vulnerable to session rebinding of already authenticated users when using Entra SSO, which can lead to authentication bypass.

This vulnerability is present in all Entra-supported deployments of N-central prior to 2024.3.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-5322"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-288"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-07-01T21:15:04Z",
    "severity": "CRITICAL"
  },
  "details": "The N-central server is vulnerable to session rebinding of already authenticated users when using Entra SSO, which can lead to authentication bypass.\n \nThis vulnerability is present in all Entra-supported deployments of N-central prior to 2024.3.",
  "id": "GHSA-hqwr-j99j-r27h",
  "modified": "2024-07-01T21:31:16Z",
  "published": "2024-07-01T21:31:16Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-5322"
    },
    {
      "type": "WEB",
      "url": "https://documentation.n-able.com/N-central/Release_Notes/GA/Content/2024.3%20Release%20Notes.htm"
    },
    {
      "type": "WEB",
      "url": "https://me.n-able.com/s/security-advisory/aArVy0000000BgDKAU/cve20245322-ncentral-authentication-bypass-via-session-rebinding"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-HVW4-2W6X-44G7

Vulnerability from github – Published: 2026-06-20 15:32 – Updated: 2026-06-20 15:32
VLAI
Details

WordPress Ultimate Addons for Beaver Builder 1.2.4.1 contains an authentication bypass vulnerability that allows attackers to gain unauthorized access by exploiting the social media login form functionality. Attackers can submit a POST request to the admin-ajax.php endpoint with the uabb-lf-google-submit action, a valid administrator email address, and a valid nonce to obtain session cookies and authenticate as that user.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2019-25763"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-288"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-06-20T14:16:17Z",
    "severity": "CRITICAL"
  },
  "details": "WordPress Ultimate Addons for Beaver Builder 1.2.4.1 contains an authentication bypass vulnerability that allows attackers to gain unauthorized access by exploiting the social media login form functionality. Attackers can submit a POST request to the admin-ajax.php endpoint with the uabb-lf-google-submit action, a valid administrator email address, and a valid nonce to obtain session cookies and authenticate as that user.",
  "id": "GHSA-hvw4-2w6x-44g7",
  "modified": "2026-06-20T15:32:26Z",
  "published": "2026-06-20T15:32:26Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-25763"
    },
    {
      "type": "WEB",
      "url": "https://www.exploit-db.com/exploits/47832"
    },
    {
      "type": "WEB",
      "url": "https://www.ultimatebeaver.com"
    },
    {
      "type": "WEB",
      "url": "https://www.vulncheck.com/advisories/wordpress-ultimate-addons-for-beaver-builder-authentication-bypass"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

Mitigation
Architecture and Design

Funnel all access through a single choke point to simplify how users can access a resource. For every access, perform a check to determine if the user has permissions to access the resource.

CAPEC-127: Directory Indexing

An adversary crafts a request to a target that results in the target listing/indexing the content of a directory as output. One common method of triggering directory contents as output is to construct a request containing a path that terminates in a directory name rather than a file name since many applications are configured to provide a list of the directory's contents when such a request is received. An adversary can use this to explore the directory tree on a target as well as learn the names of files. This can often end up revealing test files, backup files, temporary files, hidden files, configuration files, user accounts, script contents, as well as naming conventions, all of which can be used by an attacker to mount additional attacks.

CAPEC-665: Exploitation of Thunderbolt Protection Flaws

An adversary leverages a firmware weakness within the Thunderbolt protocol, on a computing device to manipulate Thunderbolt controller firmware in order to exploit vulnerabilities in the implementation of authorization and verification schemes within Thunderbolt protection mechanisms. Upon gaining physical access to a target device, the adversary conducts high-level firmware manipulation of the victim Thunderbolt controller SPI (Serial Peripheral Interface) flash, through the use of a SPI Programing device and an external Thunderbolt device, typically as the target device is booting up. If successful, this allows the adversary to modify memory, subvert authentication mechanisms, spoof identities and content, and extract data and memory from the target device. Currently 7 major vulnerabilities exist within Thunderbolt protocol with 9 attack vectors as noted in the Execution Flow.