Vulnerabilities > Authentication Bypass Using an Alternate Path or Channel

DATE CVE VULNERABILITY TITLE RISK
2024-12-21 CVE-2024-11349 The AdForest theme for WordPress is vulnerable to authentication bypass in all versions up to, and including, 5.1.6.
network
low complexity
CWE-288
critical
9.8
2024-12-03 CVE-2024-25036 Authentication Bypass Using an Alternate Path or Channel vulnerability in IBM Cognos Controller 11.0.0/11.0.1
IBM Cognos Controller 11.0.0 and 11.0.1 could allow an authenticated user with local access to bypass security allowing users to circumvent restrictions imposed on input fields.
local
low complexity
ibm CWE-288
3.3
2024-11-12 CVE-2024-10245 The Relais 2FA plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.0.
network
low complexity
CWE-288
critical
9.8
2024-10-29 CVE-2024-9988 Authentication Bypass Using an Alternate Path or Channel vulnerability in Odude Crypto Tool
The Crypto plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.15.
network
low complexity
odude CWE-288
critical
9.8
2024-10-29 CVE-2024-9989 Authentication Bypass Using an Alternate Path or Channel vulnerability in Odude Crypto Tool
The Crypto plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.15.
network
low complexity
odude CWE-288
critical
9.8
2024-10-29 CVE-2024-50334 Authentication Bypass Using an Alternate Path or Channel vulnerability in Erudika Scoold
Scoold is a Q&A and a knowledge sharing platform for teams.
network
low complexity
erudika CWE-288
5.3
2024-10-28 CVE-2024-10438 Authentication Bypass Using an Alternate Path or Channel vulnerability in Sun.Net Ehdr Ctms
The eHRD CTMS from Sunnet has an Authentication Bypass vulnerability, allowing unauthenticated remote attackers to bypass authentication by satisfying specific conditions in order to access certain functionalities.
network
low complexity
sun-net CWE-288
7.5
2024-10-26 CVE-2024-9501 The Wp Social Login and Register Social Counter plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 3.0.7.
network
low complexity
CWE-288
critical
9.8
2024-10-26 CVE-2024-9890 The User Toolkit plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.2.3.
network
low complexity
CWE-288
8.8
2024-10-26 CVE-2024-9930 The Extensions by HocWP Team plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 0.2.3.2.
network
low complexity
CWE-288
critical
9.8