CWE-290 (使用欺骗进行的认证绕过) — Vulnerability Class 237

237 vulnerabilities classified as CWE-290 (使用欺骗进行的认证绕过). AI Chinese analysis included.

CVE ID	Title	CVSS	Severity	Published
CVE-2024-5812	Smart Rule Overwrite Bypass in BeyondInsight PasswordSafe — BeyondInsight PasswordSafe	3.3	Low	2024-06-11
CVE-2024-35749	WordPress Under Construction / Maintenance Mode from Acurax plugin <= 2.6 - IP Bypass vulnerability — Under Construction / Maintenance Mode from Acurax	3.7	Low	2024-06-10
CVE-2024-5037	Openshift/telemeter: iss check during jwt authentication can be bypassed	7.5	High	2024-06-05
CVE-2023-52176	WordPress Malware Scanner plugin <= 4.7.1 - IP Restriction Bypass vulnerability — Malware Scanner	5.3	Medium	2024-06-04
CVE-2023-51667	WordPress Rate my Post – WP Rating System plugin <= 3.4.2 - Broken Access Control vulnerability — Rate my Post – WP Rating System	5.3	Medium	2024-06-04
CVE-2023-51543	WordPress RegistrationMagic plugin <= 5.2.5.0 - IP Limit Bypass vulnerability — RegistrationMagic	5.3	Medium	2024-06-04
CVE-2023-51542	WordPress Branda plugin <= 3.4.14 - IP Restriction Bypass vulnerability — Branda	5.3	Medium	2024-06-04
CVE-2023-49741	WordPress Coming soon and Maintenance mode plugin <= 3.7.3 - IP Filtering Bypass vulnerability — Coming soon and Maintenance mode	3.7	Low	2024-06-04
CVE-2023-48753	WordPress Restricted Site Access plugin <= 7.4.1 - IP Restriction Bypass vulnerability — Restricted Site Access	5.3	Medium	2024-06-04
CVE-2023-48271	WordPress Maspik – Spam Blacklist plugin <= 0.10.3 - IP Filtering Bypass vulnerability — Maspik – Spam blacklist	5.3	Medium	2024-06-04
CVE-2023-47769	WordPress WP Maintenance plugin <= 6.1.3 - IP Filtering Bypass vulnerability — WP Maintenance	3.7	Low	2024-06-04
CVE-2023-41134	WordPress Antispam Bee plugin <= 2.11.3 - Country IP Restriction Bypass vulnerability — Antispam Bee	5.3	Medium	2024-06-04
CVE-2023-37865	WordPress IP2Location Country Blocker plugin <= 2.29.1 - IP Bypass Vulnerability vulnerability — Download IP2Location Country Blocker	5.3	Medium	2024-06-04
CVE-2024-4358	Registration Authentication Bypass Vulnerability — Telerik Report Server	9.8	Critical	2024-05-29
CVE-2024-20363	Cisco 多款产品安全漏洞 — Cisco Firepower Threat Defense Software	5.8	Medium	2024-05-22
CVE-2024-32827	WordPress Giveaways and Contests by RafflePress plugin <= 1.12.7 - IP Restriction Bypass vulnerability — Giveaways and Contests	5.3	Medium	2024-05-17
CVE-2024-32786	WordPress Royal Elementor Addons and Templates plugin <= 1.3.93 - IP Bypass vulnerability — Royal Elementor Addons	5.3	Medium	2024-05-17
CVE-2024-32708	WordPress Maintenance Mode plugin <= 3.0.1 - IP Bypass vulnerability — Maintenance Mode	3.7	Low	2024-05-17
CVE-2024-22139	WordPress WordPress Manutenção plugin <= 1.0.6 - Bypass vulnerability — WordPress Manutenção	3.7	Low	2024-05-17
CVE-2024-21746	WordPress Wp Ultimate Review plugin <= 2.3.6 - IP limit Bypass vulnerability — Wp Ultimate Review	8.8	-	2024-05-17
CVE-2024-25595	WordPress Defender Security plugin <= 4.4.1 - IP Restriction Bypass vulnerability — Defender Security	5.3	Medium	2024-05-17
CVE-2024-25906	WordPress Comments Like Dislike plugin <= 1.2.2 - IP Restriction Bypass Vulnerability vulnerability — Comments Like Dislike	4.3	Medium	2024-05-17
CVE-2024-30479	WordPress LionScripts: IP Blocker Lite plugin <= 11.1.1 - Bypass vulnerability — IP Blocker Lite	5.3	Medium	2024-05-17
CVE-2024-30480	WordPress CGC Maintenance Mode plugin <= 1.2 - IP Filtering Bypass vulnerability — CGC Maintenance Mode	3.7	Low	2024-05-17
CVE-2024-30522	WordPress Newsletter plugin <= 8.2.0 - IP Blacklist Bypass vulnerability — Newsletter	5.3	Medium	2024-05-17
CVE-2024-33917	WordPress WTI Like Post plugin <= 1.4.6 - IP Restriction Bypass Vulnerability vulnerability — WTI Like Post	5.3	Medium	2024-05-17
CVE-2024-32977	OctoPrint Authentication Bypass via X-Forwarded-For Header when autologinLocal is enabled — OctoPrint	7.1	High	2024-05-14
CVE-2023-50224	TP-Link TL-WR841N dropbearpwd Improper Authentication Information Disclosure Vulnerability — TL-WR841N	6.5	-	2024-05-03
CVE-2023-44447	TP-Link TL-WR902AC loginFs Improper Authentication Information Disclosure Vulnerability — TL-WR902AC	6.5	-	2024-05-03
CVE-2024-1347	Authentication Bypass by Spoofing in GitLab — GitLab	4.3	Medium	2024-04-25

Vulnerabilities classified as CWE-290 (使用欺骗进行的认证绕过) represent 237 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.

Goal Reached Thanks to every supporter — we hit 100%!

CWE-290 (使用欺骗进行的认证绕过) — Vulnerability Class 237