Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-288 (使用候选路径或通道进行的认证绕过) — Vulnerability Class 435

435 vulnerabilities classified as CWE-288 (使用候选路径或通道进行的认证绕过). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2024-9988 Crypto <= 2.19 - Authentication Bypass via register — Crypto Tool 9.8 Critical2024-10-29
CVE-2024-50334 Semicolon Path Injection on API /api;/config — scoold 7.5AIHighAI2024-10-29
CVE-2024-50488 WordPress Token Login plugin <= 1.0.3 - Broken Authentication vulnerability — Token Login 8.8 High2024-10-28
CVE-2024-50477 WordPress Stacks Mobile App Builder plugin <= 5.2.3 - Account Takeover vulnerability — Stacks Mobile App Builder 9.8 Critical2024-10-28
CVE-2024-50486 WordPress Acnoo Flutter API plugin <= 1.0.5 - Account Takeover vulnerability — Acnoo Flutter API 9.8 Critical2024-10-28
CVE-2024-50487 WordPress MaanStore API plugin <= 1.0.1 - Account Takeover vulnerability — MaanStore API 9.8 Critical2024-10-28
CVE-2024-50489 WordPress Realty Workstation plugin <= 1.0.45 - Account Takeover vulnerability — Realty Workstation 9.8 Critical2024-10-28
CVE-2024-10438 Sunnet eHRD CTMS - Authentication Bypass — eHRD CTMS 7.5 High2024-10-28
CVE-2024-9501 Wp Social Login and Register Social Counter <= 3.0.7 - Authentication Bypass via WordPress.com OAuth provider — Wp Social Login and Register Social Counter 9.8 Critical2024-10-26
CVE-2024-9930 Extensions by HocWP Team <= 0.2.3.2 - Authentication Bypass — Extensions by HocWP Team 9.8 Critical2024-10-26
CVE-2024-9890 User Toolkit <= 1.2.3 - Authenticated (Subscriber+) Authentication Bypass — User Toolkit 8.8 High2024-10-26
CVE-2024-9933 WatchTowerHQ <= 3.10.1 - Authentication Bypass to Administrator due to Missing Empty Value Check — WatchTowerHQ 9.8 Critical2024-10-26
CVE-2024-9931 Wux Blog Editor <= 3.0.0 - Authentication Bypass to Administrator — Wux Blog Editor 9.8 Critical2024-10-26
CVE-2024-10381 Authentication Bypass Vulnerability in Matrix Door Controller — Matrix Door Controller Cosec Vega FAXQ 9.8 -2024-10-25
CVE-2024-47406 Sharp MFP 安全漏洞 — Sharp Digital Full-color MFPs and Monochrome MFPs 9.1 Critical2024-10-25
CVE-2024-9488 Comments – wpDiscuz <= 7.6.24 - Authentication Bypass via WordPress.com OAuth provider — Comments – wpDiscuz 9.8 Critical2024-10-25
CVE-2024-49675 WordPress iBryl Switch User plugin <= 1.0.1 - Account Takeover vulnerability — iBryl Switch User 8.8 High2024-10-23
CVE-2024-10002 Rover IDX <= 3.0.0.2905 - Authenticated (Subscriber+) Authentication Bypass to Administrator — Rover IDX 8.8 High2024-10-22
CVE-2024-49328 WordPress WP REST API FNS Plugin plugin <= 1.0.0 - Account Takeover vulnerability — WP REST API FNS 9.8 Critical2024-10-20
CVE-2024-49604 WordPress Simple User Registration plugin <= 6.7 - Broken Authentication vulnerability — Simple User Registration 9.8 Critical2024-10-20
CVE-2024-9861 Miniorange OTP Verification with Firebase <= 3.6.0 - Authentication Bypass — Miniorange OTP Verification with Firebase 8.1 High2024-10-17
CVE-2024-9893 Nextend Social Login Pro <= 3.1.14 - Authentication Bypass via WordPress.com OAuth provider — Nextend Social Login Pro 9.8 Critical2024-10-16
CVE-2024-49247 WordPress BuddyPress Better Registration plugin <= 1.6 - Broken Authentication vulnerability — BuddyPress Better Registration 9.8 -2024-10-16
CVE-2024-9105 UltimateAI <= 2.8.3 - Authentication Bypass — Ultimate AI 9.8 Critical2024-10-16
CVE-2024-9822 Pedalo Connector <= 2.0.5 - Authentication Bypass to Administrator — Pedalo Connector 9.8 Critical2024-10-11
CVE-2024-9522 WP Users Masquerade <= 2.0.0 - Authenticated (Subscriber+) Authentication Bypass — WP Users Masquerade 8.8 High2024-10-10
CVE-2024-46887 Siemens SIMATIC S7-1500 CPU 安全漏洞 — SIMATIC Drive Controller CPU 1504D TF 5.3 Medium2024-10-08
CVE-2024-8943 LatePoint <= 5.0.12 - Authentication Bypass — LatePoint Plugin 9.8 Critical2024-10-08
CVE-2024-9289 WordPress & WooCommerce Affiliate Program <= 8.4.1 - Authentication Bypass to Account Takeover and Privilege Escalation — WordPress & WooCommerce Affiliate Program 9.8 Critical2024-10-01
CVE-2024-9106 Wechat Social login <= 1.3.0 - Authentication Bypass — Wechat Social login 微信QQ钉钉登录插件 9.8 Critical2024-10-01

Vulnerabilities classified as CWE-288 (使用候选路径或通道进行的认证绕过) represent 435 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.