Vulnerabilities > Missing Authentication for Critical Function
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-10-20 | CVE-2024-49328 | Missing Authentication for Critical Function vulnerability in Vivektamrakar WP Rest API FNS Authentication Bypass Using an Alternate Path or Channel vulnerability in Vivek Tamrakar WP REST API FNS allows Authentication Bypass.This issue affects WP REST API FNS: from n/a through 1.0.0. | 9.8 |
| 2024-10-20 | CVE-2024-49604 | Missing Authentication for Critical Function vulnerability in Najeebmedia Simple User Registration Authentication Bypass Using an Alternate Path or Channel vulnerability in Najeeb Ahmad Simple User Registration allows Authentication Bypass.This issue affects Simple User Registration: from n/a through 5.5. | 9.8 |
| 2024-10-17 | CVE-2024-9861 | Missing Authentication for Critical Function vulnerability in Miniorange OTP Verification With Firebase The Miniorange OTP Verification with Firebase plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.6.0. | 8.1 |
| 2024-10-15 | CVE-2024-9984 | Missing Authentication for Critical Function vulnerability in Ragic Enterprise Cloud Database Enterprise Cloud Database from Ragic does not authenticate access to specific functionality, allowing unauthenticated remote attackers to use this functionality to obtain any user's session cookie. | 9.8 |
| 2024-10-10 | CVE-2024-9522 | Missing Authentication for Critical Function vulnerability in Lagunaisw WP Users Masquerade The WP Users Masquerade plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.0.0. | 8.8 |
| 2024-10-02 | CVE-2024-35294 | An unauthenticated remote attacker may use the devices traffic capture without authentication to grab plaintext administrative credentials. | 6.5 |
| 2024-10-02 | CVE-2024-35293 | An unauthenticated remote attacker may use a missing authentication for critical function vulnerability to reboot or erase the affected devices resulting in data loss and/or a DoS. | 9.1 |
| 2024-10-01 | CVE-2024-9289 | Missing Authentication for Critical Function vulnerability in Redefiningtheweb Affiliate PRO The WordPress & WooCommerce Affiliate Program plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 8.4.1. | 9.8 |
| 2024-09-30 | CVE-2024-8456 | Missing Authentication for Critical Function vulnerability in Planet Gs-4210-24P2S Firmware and Gs-4210-24Pl4C Firmware Certain switch models from PLANET Technology lack proper access control in firmware upload and download functionality, allowing unauthenticated remote attackers to download and upload firmware and system configurations, ultimately gaining full control of the devices. | 9.8 |
| 2024-09-26 | CVE-2024-47130 | Missing Authentication for Critical Function vulnerability in Gotenna PRO The goTenna Pro App allows unauthenticated attackers to remotely update the local public keys used for P2P and group messages. | 6.5 |