Total
428 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-2704 | 1 Vibethemes | 1 Bp Social Connect | 2026-04-08 | N/A | 9.8 CRITICAL |
| The BP Social Connect plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.5. This is due to insufficient verification on the user being supplied during a Facebook login through the plugin. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the email. | |||||
| CVE-2023-2499 | 1 Metagauss | 1 Registrationmagic | 2026-04-08 | N/A | 9.8 CRITICAL |
| The RegistrationMagic plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 5.2.1.0. This is due to insufficient verification on the user being supplied during a Google social login through the plugin. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the email. | |||||
| CVE-2022-0992 | 1 Siteground | 1 Security Optimizer | 2026-04-08 | 7.5 HIGH | 9.8 CRITICAL |
| The SiteGround Security plugin for WordPress is vulnerable to authentication bypass that allows unauthenticated users to log in as administrative users due to missing identity verification on initial 2FA set-up that allows unauthenticated and unauthorized users to configure 2FA for pending accounts. Upon successful configuration, the attacker is logged in as that user without access to a username/password pair which is the expected first form of authentication. This affects versions up to, and including, 1.2.5. | |||||
| CVE-2021-4353 | 1 Rightpress | 1 Woocommerce Dynamic Pricing \& Discounts | 2026-04-08 | N/A | 5.3 MEDIUM |
| The WooCommerce Dynamic Pricing and Discounts plugin for WordPress is vulnerable to unauthenticated settings export in versions up to, and including, 2.4.1. This is due to missing authorization on the export() function which makes makes it possible for unauthenticated attackers to export the plugin's settings. | |||||
| CVE-2020-36713 | 1 Inspireui | 1 Mstore Api | 2026-04-08 | N/A | 9.8 CRITICAL |
| The MStore API plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.1.5. This is due to unrestricted access to the 'register' and 'update_user_profile' routes. This makes it possible for unauthenticated attackers to create new administrator accounts, delete existing administrator accounts, or escalate privileges on any account. | |||||
| CVE-2024-6328 | 1 Inspireui | 1 Mstore Api | 2026-04-08 | N/A | 9.8 CRITICAL |
| The MStore API – Create Native Android & iOS Apps On The Cloud plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 4.14.7. This is due to insufficient verification on the 'phone' parameter of the 'firebase_sms_login' and 'firebase_sms_login_v2' functions. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the email address or phone number. Additionally, if a new email address is supplied, a new user account is created with the default role, even if registration is disabled. | |||||
| CVE-2024-5432 | 1 Webinane | 1 Lifeline Donation | 2026-04-08 | N/A | 9.8 CRITICAL |
| The Lifeline Donation plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.2.6. This is due to insufficient verification on the user being supplied during the checkout through the plugin. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the email. | |||||
| CVE-2023-3277 | 1 Inspireui | 1 Mstore Api | 2026-04-08 | N/A | 9.8 CRITICAL |
| The MStore API plugin for WordPress is vulnerable to Unauthorized Account Access and Privilege Escalation in versions up to, and including, 4.10.7 due to improper implementation of the Apple login feature. This allows unauthenticated attackers to log in as any user as long as they know the user's email address. | |||||
| CVE-2023-2982 | 1 Miniorange | 1 Wordpress Social Login And Register \(discord\, Google\, Twitter\, Linkedin\) | 2026-04-08 | N/A | 9.8 CRITICAL |
| The WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 7.6.4. This is due to insufficient encryption on the user being supplied during a login validated through the plugin. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they know the email address associated with that user. This was partially patched in version 7.6.4 and fully patched in version 7.6.5. | |||||
| CVE-2026-33950 | 1 Signalk | 1 Signal K Server | 2026-04-06 | N/A | 9.4 CRITICAL |
| Signal K Server is a server application that runs on a central hub in a boat. Prior to version 2.24.0-beta.4, there is a privilege escalation vulnerability by Admin Role Injection via /enableSecurity. An unauthenticated attacker can gain full Administrator access to the SignalK server at any time, allowing them to modify sensitive vessel routing data, alter server configurations, and access restricted endpoints. This issue has been patched in version 2.24.0-beta.4. | |||||
| CVE-2024-44286 | 1 Apple | 1 Macos | 2026-04-03 | N/A | 7.5 HIGH |
| This issue was addressed through improved state management. This issue is fixed in macOS Sequoia 15.1. An attacker with physical access can input keyboard events to apps running on a locked device. | |||||
| CVE-2026-34040 | 1 Mobyproject | 1 Moby | 2026-04-03 | N/A | 8.8 HIGH |
| Moby is an open source container framework. Prior to version 29.3.1, a security vulnerability has been detected that allows attackers to bypass authorization plugins (AuthZ). This issue has been patched in version 29.3.1. | |||||
| CVE-2026-1917 | 1 Budda | 1 Login Disable | 2026-04-02 | N/A | 4.3 MEDIUM |
| Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal Login Disable allows Functionality Bypass.This issue affects Login Disable: from 0.0.0 before 2.1.3. | |||||
| CVE-2026-3214 | 1 Arnabdotorg | 1 Captcha | 2026-04-02 | N/A | 6.5 MEDIUM |
| Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal CAPTCHA allows Functionality Bypass.This issue affects CAPTCHA: from 0.0.0 before 1.17.0, from 2.0.0 before 2.0.10. | |||||
| CVE-2025-43436 | 1 Apple | 5 Ipados, Iphone Os, Tvos and 2 more | 2026-04-02 | N/A | 7.5 HIGH |
| A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1, watchOS 26.1. An app may be able to enumerate a user's installed apps. | |||||
| CVE-2025-24206 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2026-04-02 | N/A | 7.7 HIGH |
| An authentication issue was addressed with improved state management. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.4, visionOS 2.4. An attacker on the local network may be able to bypass authentication policy. | |||||
| CVE-2025-24095 | 1 Apple | 3 Ipados, Iphone Os, Visionos | 2026-04-02 | N/A | 7.6 HIGH |
| This issue was addressed with additional entitlement checks. This issue is fixed in iOS 18.4 and iPadOS 18.4, visionOS 2.4. An app may be able to bypass Privacy preferences. | |||||
| CVE-2024-49675 | 1 Vitaliibryl | 1 Switch User | 2026-04-01 | N/A | 8.8 HIGH |
| Authentication Bypass Using an Alternate Path or Channel vulnerability in Vitalii iBryl Switch User ibryl-switch-user allows Authentication Bypass.This issue affects iBryl Switch User: from n/a through <= 1.0.1. | |||||
| CVE-2026-3531 | 1 Bojanz | 1 Openid Connect \/ Oauth Client | 2026-04-01 | N/A | 6.5 MEDIUM |
| Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal OpenID Connect / OAuth client allows Authentication Bypass.This issue affects OpenID Connect / OAuth client: from 0.0.0 before 1.5.0. | |||||
| CVE-2026-32678 | 1 Buffalo | 92 Fs-m1266, Fs-m1266 Firmware, Fs-s1266 and 89 more | 2026-03-31 | N/A | 7.5 HIGH |
| Authentication bypass issue exists in BUFFALO Wi-Fi router products, which may allow an attacker to alter critical configuration settings without authentication. | |||||