CWE-288
AllowedAuthentication Bypass Using an Alternate Path or Channel
Abstraction: Base · Status: Incomplete
The product requires authentication, but the product has an alternate path or channel that does not require authentication.
1073 vulnerabilities reference this CWE, most recent first.
GHSA-GRHJ-GGHX-XQ87
Vulnerability from github – Published: 2025-07-18 09:30 – Updated: 2025-07-18 09:30The LoginPress Pro plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 5.0.1. This is due to insufficient verification on the user being returned by the social login token. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the email and the user does not have an already-existing account for the service returning the token.
{
"affected": [],
"aliases": [
"CVE-2025-7444"
],
"database_specific": {
"cwe_ids": [
"CWE-288"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-07-18T09:15:27Z",
"severity": "CRITICAL"
},
"details": "The LoginPress Pro plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 5.0.1. This is due to insufficient verification on the user being returned by the social login token. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the email and the user does not have an already-existing account for the service returning the token.",
"id": "GHSA-grhj-gghx-xq87",
"modified": "2025-07-18T09:30:32Z",
"published": "2025-07-18T09:30:32Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-7444"
},
{
"type": "WEB",
"url": "https://loginpress.pro/changelog"
},
{
"type": "WEB",
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/80fcb3af-0b27-4442-aca0-58626b68f0d9?source=cve"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-GWXM-W4M8-M6MP
Vulnerability from github – Published: 2026-03-25 18:31 – Updated: 2026-03-25 18:31GitLab has remediated an issue in GitLab CE/EE affecting all versions from 7.11 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that could have allowed an unauthenticated user to bypass WebAuthn two-factor authentication and gain unauthorized access to user accounts due to inconsistent input validation in the authentication process.
{
"affected": [],
"aliases": [
"CVE-2026-2745"
],
"database_specific": {
"cwe_ids": [
"CWE-288"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-03-25T17:16:57Z",
"severity": "MODERATE"
},
"details": "GitLab has remediated an issue in GitLab CE/EE affecting all versions from 7.11 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that could have allowed an unauthenticated user to bypass WebAuthn two-factor authentication and gain unauthorized access to user accounts due to inconsistent input validation in the authentication process.",
"id": "GHSA-gwxm-w4m8-m6mp",
"modified": "2026-03-25T18:31:53Z",
"published": "2026-03-25T18:31:53Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2745"
},
{
"type": "WEB",
"url": "https://hackerone.com/reports/3557844"
},
{
"type": "WEB",
"url": "https://about.gitlab.com/releases/2026/03/25/patch-release-gitlab-18-10-1-released"
},
{
"type": "WEB",
"url": "https://gitlab.com/gitlab-org/gitlab/-/work_items/590810"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-GXMJ-PR3W-6WMH
Vulnerability from github – Published: 2026-02-26 21:31 – Updated: 2026-02-27 21:31SPIP versions prior to 4.4.10 contain an authentication bypass vulnerability caused by PHP type juggling that allows unauthenticated attackers to access protected information. Attackers can exploit loose type comparisons in authentication logic to bypass login verification and retrieve sensitive internal data.
{
"affected": [],
"aliases": [
"CVE-2026-22205"
],
"database_specific": {
"cwe_ids": [
"CWE-288"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-02-26T21:28:52Z",
"severity": "HIGH"
},
"details": "SPIP versions prior to 4.4.10 contain an authentication bypass vulnerability caused by PHP type juggling that allows unauthenticated attackers to access protected information. Attackers can exploit loose type comparisons in authentication logic to bypass login verification and retrieve sensitive internal data.",
"id": "GHSA-gxmj-pr3w-6wmh",
"modified": "2026-02-27T21:31:21Z",
"published": "2026-02-26T21:31:31Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22205"
},
{
"type": "WEB",
"url": "https://blog.spip.net/Mise-a-jour-de-securite-sortie-de-SPIP-4-4-10.html"
},
{
"type": "WEB",
"url": "https://git.spip.net/spip/spip"
},
{
"type": "WEB",
"url": "https://www.vulncheck.com/advisories/spip-sql-injection-rce-via-union-php-tags"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-H248-F3PX-X6HG
Vulnerability from github – Published: 2025-09-06 03:30 – Updated: 2025-09-06 03:30The AdForest theme for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 6.0.9. This is due to the plugin not properly verifying a user's identity prior to authenticating them. This makes it possible for unauthenticated attackers to log in as other users, including administrators, without access to a password.
{
"affected": [],
"aliases": [
"CVE-2025-8359"
],
"database_specific": {
"cwe_ids": [
"CWE-288"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-09-06T03:15:41Z",
"severity": "CRITICAL"
},
"details": "The AdForest theme for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 6.0.9. This is due to the plugin not properly verifying a user\u0027s identity prior to authenticating them. This makes it possible for unauthenticated attackers to log in as other users, including administrators, without access to a password.",
"id": "GHSA-h248-f3px-x6hg",
"modified": "2025-09-06T03:30:22Z",
"published": "2025-09-06T03:30:22Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-8359"
},
{
"type": "WEB",
"url": "https://themeforest.net/item/adforest-classified-wordpress-theme/19481695"
},
{
"type": "WEB",
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/c080df50-1113-484b-80ed-09515982c585?source=cve"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-H2MM-JJ4P-HM2P
Vulnerability from github – Published: 2025-05-22 00:34 – Updated: 2026-01-23 21:30The Versa Concerto SD-WAN orchestration platform is vulnerable to an authentication bypass in the Traefik reverse proxy configuration, allowing at attacker to access administrative endpoints. The internal Actuator endpoint can be leveraged for access to heap dumps and trace logs.This issue is known to affect Concerto from 12.1.2 through 12.2.0. Additional versions may be vulnerable.
{
"affected": [],
"aliases": [
"CVE-2025-34026"
],
"database_specific": {
"cwe_ids": [
"CWE-287",
"CWE-288"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-05-21T22:15:50Z",
"severity": "CRITICAL"
},
"details": "The Versa Concerto SD-WAN orchestration platform is vulnerable to an authentication bypass in the Traefik reverse proxy configuration, allowing at attacker to access administrative endpoints. The internal Actuator endpoint can be leveraged for access to heap dumps and trace logs.This issue is known to affect Concerto from 12.1.2 through 12.2.0. Additional versions may be vulnerable.",
"id": "GHSA-h2mm-jj4p-hm2p",
"modified": "2026-01-23T21:30:35Z",
"published": "2025-05-22T00:34:03Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-34026"
},
{
"type": "WEB",
"url": "https://projectdiscovery.io/blog/versa-concerto-authentication-bypass-rce"
},
{
"type": "WEB",
"url": "https://security-portal.versa-networks.com/emailbulletins/6830f94328defa375486ff2e"
},
{
"type": "WEB",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-34026"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-H2WX-VC5M-FPHF
Vulnerability from github – Published: 2024-10-26 03:30 – Updated: 2024-10-26 03:30The Extensions by HocWP Team plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 0.2.3.2. This is due to missing validation on the user being supplied in the 'verify_email' action. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator. The vulnerability is in the Account extension.
{
"affected": [],
"aliases": [
"CVE-2024-9930"
],
"database_specific": {
"cwe_ids": [
"CWE-288"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-10-26T03:15:04Z",
"severity": "CRITICAL"
},
"details": "The Extensions by HocWP Team plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 0.2.3.2. This is due to missing validation on the user being supplied in the \u0027verify_email\u0027 action. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator. The vulnerability is in the Account extension.",
"id": "GHSA-h2wx-vc5m-fphf",
"modified": "2024-10-26T03:30:43Z",
"published": "2024-10-26T03:30:43Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-9930"
},
{
"type": "WEB",
"url": "https://plugins.trac.wordpress.org/browser/sb-core/trunk/ext/account.php?rev=2715527#L374"
},
{
"type": "WEB",
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/ca3775db-0722-4090-924e-81e38d5dce97?source=cve"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-H383-MJ26-VWH5
Vulnerability from github – Published: 2026-04-02 21:32 – Updated: 2026-04-02 21:32This issue was addressed through improved state management. This issue is fixed in macOS Sequoia 15.1. An attacker with physical access can input keyboard events to apps running on a locked device.
{
"affected": [],
"aliases": [
"CVE-2024-44286"
],
"database_specific": {
"cwe_ids": [
"CWE-288"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-04-02T19:18:36Z",
"severity": "HIGH"
},
"details": "This issue was addressed through improved state management. This issue is fixed in macOS Sequoia 15.1. An attacker with physical access can input keyboard events to apps running on a locked device.",
"id": "GHSA-h383-mj26-vwh5",
"modified": "2026-04-02T21:32:52Z",
"published": "2026-04-02T21:32:52Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-44286"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/121564"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-H3QC-GF9H-42G6
Vulnerability from github – Published: 2026-02-24 15:30 – Updated: 2026-06-30 03:35Mitigation bypass in the DOM: HTML Parser component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, and Firefox ESR < 140.8.
{
"affected": [],
"aliases": [
"CVE-2026-2775"
],
"database_specific": {
"cwe_ids": [
"CWE-288"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-02-24T14:16:25Z",
"severity": "CRITICAL"
},
"details": "Mitigation bypass in the DOM: HTML Parser component. This vulnerability affects Firefox \u003c 148, Firefox ESR \u003c 115.33, and Firefox ESR \u003c 140.8.",
"id": "GHSA-h3qc-gf9h-42g6",
"modified": "2026-06-30T03:35:44Z",
"published": "2026-02-24T15:30:31Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2775"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:3338"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:3982"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:3983"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:3984"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:4022"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:4152"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:4260"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:4432"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2026-2775"
},
{
"type": "WEB",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2015199"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442314"
},
{
"type": "WEB",
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-2775.json"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2026-13"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2026-14"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2026-15"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2026-16"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2026-17"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:3339"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:3361"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:3491"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:3492"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:3493"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:3494"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:3495"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:3496"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:3497"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:3515"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:3516"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:3517"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:3976"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:3978"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:3979"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:3980"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:3981"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-H4VH-MHXH-6RRR
Vulnerability from github – Published: 2025-03-24 21:30 – Updated: 2025-11-05 00:31An authentication bypass vulnerability in Kentico Xperience allows authentication bypass via the Staging Sync Server password handling of empty SHA1 usernames in digest authentication. Authentication bypass allows an attacker to control administrative objects.This issue affects Xperience through 13.0.172.
{
"affected": [],
"aliases": [
"CVE-2025-2746"
],
"database_specific": {
"cwe_ids": [
"CWE-287",
"CWE-288"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-03-24T19:15:51Z",
"severity": "CRITICAL"
},
"details": "An authentication bypass vulnerability in Kentico Xperience allows authentication bypass via the Staging Sync Server password handling of empty SHA1 usernames in digest authentication. Authentication bypass allows an attacker to control administrative objects.This issue affects Xperience through 13.0.172.",
"id": "GHSA-h4vh-mhxh-6rrr",
"modified": "2025-11-05T00:31:17Z",
"published": "2025-03-24T21:30:33Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-2746"
},
{
"type": "WEB",
"url": "https://devnet.kentico.com/download/hotfixes"
},
{
"type": "WEB",
"url": "https://github.com/watchtowrlabs/kentico-xperience13-AuthBypass-wt-2025-0011"
},
{
"type": "WEB",
"url": "https://labs.watchtowr.com/bypassing-authentication-like-its-the-90s-pre-auth-rce-chain-s-in-kentico-xperience-cms"
},
{
"type": "WEB",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-2746"
},
{
"type": "WEB",
"url": "https://www.vulncheck.com/advisories/kentico-xperience-staging-sync-server-digest-password-authentication-bypass"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-H5HC-2G7F-GXGJ
Vulnerability from github – Published: 2026-04-21 15:32 – Updated: 2026-04-22 18:31Mitigation bypass in the Networking: Cookies component. This vulnerability was fixed in Firefox 150.
{
"affected": [],
"aliases": [
"CVE-2026-6760"
],
"database_specific": {
"cwe_ids": [
"CWE-288"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-04-21T13:16:21Z",
"severity": "CRITICAL"
},
"details": "Mitigation bypass in the Networking: Cookies component. This vulnerability was fixed in Firefox 150.",
"id": "GHSA-h5hc-2g7f-gxgj",
"modified": "2026-04-22T18:31:39Z",
"published": "2026-04-21T15:32:20Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6760"
},
{
"type": "WEB",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2016923"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2026-30"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2026-33"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation
Funnel all access through a single choke point to simplify how users can access a resource. For every access, perform a check to determine if the user has permissions to access the resource.
CAPEC-127: Directory Indexing
An adversary crafts a request to a target that results in the target listing/indexing the content of a directory as output. One common method of triggering directory contents as output is to construct a request containing a path that terminates in a directory name rather than a file name since many applications are configured to provide a list of the directory's contents when such a request is received. An adversary can use this to explore the directory tree on a target as well as learn the names of files. This can often end up revealing test files, backup files, temporary files, hidden files, configuration files, user accounts, script contents, as well as naming conventions, all of which can be used by an attacker to mount additional attacks.
CAPEC-665: Exploitation of Thunderbolt Protection Flaws
An adversary leverages a firmware weakness within the Thunderbolt protocol, on a computing device to manipulate Thunderbolt controller firmware in order to exploit vulnerabilities in the implementation of authorization and verification schemes within Thunderbolt protection mechanisms. Upon gaining physical access to a target device, the adversary conducts high-level firmware manipulation of the victim Thunderbolt controller SPI (Serial Peripheral Interface) flash, through the use of a SPI Programing device and an external Thunderbolt device, typically as the target device is booting up. If successful, this allows the adversary to modify memory, subvert authentication mechanisms, spoof identities and content, and extract data and memory from the target device. Currently 7 major vulnerabilities exist within Thunderbolt protocol with 9 attack vectors as noted in the Execution Flow.