Authentication Bypass Vulnerabilities

Vulnerability Name CVE CWE Severity
Adobe ColdFusion 9 administrative login bypass CVE-2013-0625  CVE-2013-0629  CVE-2013-0631  CVE-2013-0632  CWE-287  High
Akeeba backup access control bypass CWE-287  High
Apache Tomcat version older than 6.0.35 CVE-2011-3190  CVE-2011-3375  CVE-2012-0022  CWE-264  High
Apache Tomcat version older than 7.0.21 CVE-2011-3190  CWE-264  High
Drupal Core 4.5.x Security Bypass (4.5.0 - 4.5.7) CWE-264  High
Drupal Core 4.6.x Security Bypass (4.6.0 - 4.6.3) CVE-2005-3974  CWE-264  High
Drupal Core 4.6.x Security Bypass (4.6.0 - 4.6.5) CWE-264  High
Drupal Core 4.7.x Security Bypass (4.7.0 - 4.7.7) CVE-2007-5597  CWE-702  High
Drupal Core 5.x Multiple Security Bypass Vulnerabilities (5.0 - 5.10) CVE-2008-4790  CVE-2008-4791  CVE-2008-4792  CVE-2008-4793  CWE-264  High
Drupal Core 5.x Multiple Security Bypass Vulnerabilities (5.0 - 5.22) CVE-2010-3092  CVE-2010-3093  CWE-264  High
Drupal Core 5.x Security Bypass (5.0 - 5.2) CVE-2007-5597  CWE-702  High
Drupal Core 6.x Multiple Security Bypass Vulnerabilities (6.0 - 6.4) CVE-2008-4789  CVE-2008-4791  CVE-2008-4792  CWE-264  High
Drupal Core 6.x Security Bypass (6.0 - 6.1) CWE-264  High
Drupal Core 6.x Security Bypass (6.0 - 6.29) CVE-2014-1475  CWE-287  High
Drupal Core 6.x Security Bypass (6.0 - 6.35) CVE-2015-3234  CWE-287  High
Drupal Core 7.x Multiple Security Bypass Vulnerabilities (7.0 - 7.25) CVE-2014-1475  CVE-2014-1476  CWE-264  CWE-287  High
Drupal Core 7.x Security Bypass (7.0 - 7.2) CVE-2011-2687  CWE-264  High
Drupal Core 7.x Security Bypass (7.0 - 7.4) CVE-2011-2726   CWE-264  High
Drupal Core 7.x Security Bypass (7.0 - 7.43) CVE-2016-6211  CWE-264  High
Drupal Core 7.x Security Bypass (7.0 - 7.55) CVE-2017-6922  CWE-264  High
Drupal Core 8.3.0 Security Bypass (8.3.0 - 8.3.0) CVE-2017-6919  CWE-264  High
Drupal Core 8.x Multiple Security Bypass Vulnerabilities (8.0.0 - 8.3.6) CVE-2017-6923  CVE-2017-6924  CVE-2017-6925  CWE-264  High
Drupal Core 8.x Security Bypass (8.0.0 - 8.1.2) CVE-2016-6212  CWE-264  High
Drupal Core 8.x Security Bypass (8.0.0 - 8.1.6) CVE-2016-5385  CWE-284  High
Drupal Core 8.x Security Bypass (8.0.0 - 8.2.7) CVE-2017-6919  CWE-264  High
Drupal Core 8.x Security Bypass (8.0.0 - 8.5.5) CVE-2018-14773  CWE-749  High
Ektron CMS Account Hijack CWE-264  High
HTTP verb tampering CWE-285  High
HTTP verb tampering via POST CWE-285  High
JAAS authentication bypass CWE-16  High
Joomla! Core 1.0.5 Security Bypass (1.0.5 - 1.0.5) CVE-2006-0114  CWE-264  High
Joomla! Core 1.0.x Security Bypass (1.0.0 - 1.0.10) CVE-2006-4471  CWE-264  High
Joomla! Core 1.5.x Security Bypass (1.5.0 - 1.5.5) CVE-2008-3681  CWE-264  High
Joomla! Core 1.5.x Security Bypass (1.5.0 - 1.5.6) CVE-2008-4102  CWE-330  High
Joomla! Core 1.5.x Security Bypass (1.5.0 - 1.5.13) CWE-264  High
Joomla! Core 1.5.x Security Bypass (1.5.0 - 1.5.14) CWE-264  High
Joomla! Core 1.5.x Security Bypass (1.5.0 - 1.5.15) CVE-2010-1435  CWE-264  High
Joomla! Core 1.5.x Security Bypass (1.5.0 - 1.5.24) CVE-2011-4321  CWE-310  High
Joomla! Core 1.5.x Security Bypass (1.5.0 - 1.5.25) CVE-2012-1598  CWE-264  High
Joomla! Core 1.6.x Security Bypass (1.6.0 - 1.6.3) CWE-264  High
Joomla! Core 1.6.x Security Bypass (1.6.0 - 1.6.6) CVE-2012-1562  CWE-264  High
Joomla! Core 1.6.x Security Bypass (1.6.0 - 1.6.6) CVE-2012-1563  CWE-264  High
Joomla! Core 1.6.x Security Bypass (1.6.0 - 1.6.6) CWE-330  High
Joomla! Core 1.7.x Security Bypass (1.7.0 - 1.7.2) CWE-330  High
Joomla! Core 1.7.x Security Bypass (1.7.0 - 1.7.5) CVE-2012-1563  CWE-264  High
Joomla! Core 1.7.x Security Bypass (1.7.0 - 1.7.5) CVE-2012-1562  CWE-264  High
Joomla! Core 2.5.x Security Bypass (2.5.0 - 2.5.2) CVE-2012-1562  CWE-264  High
Joomla! Core 2.5.x Security Bypass (2.5.0 - 2.5.2) CVE-2012-1563  CWE-264  High
Joomla! Core 2.5.x Security Bypass (2.5.0 - 2.5.4) CVE-2012-2747  CWE-264  High
Joomla! Core 2.5.x Security Bypass (2.5.0 - 2.5.9) CVE-2013-3056  CWE-264  High
Joomla! Core 2.5.x Security Bypass (2.5.0 - 2.5.18) CVE-2014-7984  CWE-264  High
Joomla! Core 2.5.x Security Bypass (2.5.0 - 2.5.24) CVE-2014-6632  CWE-264  High
Joomla! Core 3.0.x Security Bypass (3.0.0 - 3.0.3) CVE-2013-3056  CWE-264  High
Joomla! Core 3.3.x Security Bypass (3.3.0 - 3.3.3) CVE-2014-6632  CWE-264  High
Joomla! Core 3.x.x Security Bypass (3.0.0 - 3.2.2) CVE-2014-7984  CWE-264  High
Joomla! Core 3.x.x Security Bypass (3.0.0 - 3.2.4) CVE-2014-6632  CWE-264  High
Joomla! Core 3.x.x Security Bypass (3.0.0 - 3.4.4) CVE-2015-7899  CWE-264  High
Joomla! Core 3.x.x Security Bypass (3.2.0 - 3.4.4) CVE-2015-7859  CWE-264  High
Joomla! Core 3.x.x Security Bypass (3.2.0 - 3.8.1) CVE-2017-16634  CWE-287  High
Joomla! Core 3.x.x Security Bypass (3.7.0 - 3.8.11) CVE-2018-15881  CWE-264  High
Joomla! Core Security Bypass (1.6.0 - 3.6.0) CWE-264  High
Joomla! Core Security Bypass (1.6.0 - 3.6.5) CVE-2017-7988  CWE-264  High
Joomla! Core Security Bypass (2.5.0 - 3.8.7) CVE-2018-11323  CWE-264  High
Liferay JSON service API authentication vulnerability CWE-287  High
Microsoft ASP.NET Forms authentication bypass CVE-2011-3416  CWE-264  High
Microsoft IIS5 NTLM and Basic authentication bypass CVE-2007-2815  CWE-264  High
Microsoft IIS 5.1 directory authentication bypass CVE-2010-2731  CWE-287  High
Microsoft IIS WebDAV authentication bypass CVE-2009-1535  CWE-287  High
Oracle Sun GlassFish/Java System Application Server Remote Authentication Bypass Vulnerability CVE-2011-0807  CWE-287  High
Rails Devise authentication password reset CVE-2013-0233  CWE-287  High
Security vulnerability in MySQL/MariaDB sql/password.c CVE-2012-2122  CWE-287  High
Spring Security Authentication Bypass CVE-2016-5007  CWE-287  High
WordPress 'press-this.php' Remote Security Bypass Vulnerability (0.7 - 3.1.1) CVE-2011-5270  CWE-264  High
WordPress 'wp-admin/admin.php' Module Configuration Security Bypass Vulnerability (0.6.2 - 2.8) CVE-2009-2334  CWE-287  High
WordPress 'xmlrpc.php' Remote Security Bypass Vulnerability (3.0.1 - 3.0.2) CVE-2010-5106  CWE-264  High
WordPress 2.8.2 Multiple Security Bypass Vulnerabilities (2.0 - 2.8.2) CVE-2009-2853  CVE-2009-2854  CWE-264  High
WordPress 2.8.3 Admin Password Reset Security Bypass Vulnerability (0.6.2 - 2.8.3) CVE-2009-2762  CWE-255  High
WordPress 2.9.1 Trashed Posts Security Bypass Vulnerability (2.9 - 2.9.1) CVE-2010-0682  CWE-264  High
WordPress Anti-CSRF Token Security Bypass Weakness (3.3.1 - 3.3.1) CVE-2012-1936  CWE-352  High
WordPress Cookies Security Bypass Weakness (1.5 - 2.3.1) CVE-2007-6013  CWE-287  High
WordPress Plugin Absolute Privacy 'abpr_authenticateUser()' Security Bypass (2.0.5) CWE-264  High
WordPress Plugin Adminer Security Bypass (1.4.5) CWE-264  High
WordPress Plugin Advanced Access Manager Security Bypass (3.2.1) CWE-264  High
WordPress Plugin Advanced Custom Fields:reCAPTCHA Field Security Bypass (1.1.1) CWE-264  High
WordPress Plugin Ajax BootModal Login Security Bypass (1.4.3) CVE-2018-15876  CWE-264  High
WordPress Plugin Ajax Search Lite Security Bypass (3.1) CWE-264  High
WordPress Plugin Ajax Search Pro Security Bypass (3.5) CWE-264  High
WordPress Plugin All-in-One WP Migration Security Bypass (2.0.4) CWE-264  High
WordPress Plugin Anti Spam Protection without CAPTCHA powered by Keypic Security Bypass (2.1.2) CWE-264  High
WordPress Plugin Apocalypse Meow Security Bypass (21.2.7) CWE-287  High
WordPress Plugin Asgaros Forum Security Bypass (1.5.7) CWE-264  High
WordPress Plugin Authorize.net Payment Gateway For WooCommerce Security Bypass (2.0) CWE-264  High
WordPress Plugin BackWPup Security Bypass (3.4.1) CVE-2017-2551  CWE-552  High
WordPress Plugin Beaver Builder-WordPress Page Builder Security Bypass (1.7) CWE-264  High
WordPress Plugin BePro Listings Security Bypass (2.2.0020) CWE-264  High
WordPress Plugin Bloom eMail Opt-In Security Bypass (1.1) CWE-264  High
WordPress Plugin BP Group Documents Security Bypass (1.10) CWE-264  High
WordPress Plugin BuddyPress Docs Security Bypass (1.9.2) CVE-2017-6954  CWE-264  High
WordPress Plugin BuddyPress Security Bypass (2.3.4) CWE-264  High
WordPress Plugin Captcha by BestWebSoft Security Bypass (3.8.7) CWE-284  High
WordPress Plugin Captcha by BestWebSoft Security Bypass (4.0.6) CVE-2014-9283  CWE-254  High
WordPress Plugin CMS Tree Page View Security Bypass (1.3.4) CWE-264  High
WordPress Plugin Comment Rating SQL Injection and Security Bypass Weakness Vulnerabilities (2.9.32) CWE-89  CWE-264  High
WordPress Plugin Contact Form 7 Security Bypass (3.7.1) CVE-2014-2265  CWE-264  High
WordPress Plugin Contact Form 7 Security Bypass (4.1) CWE-330  High
WordPress Plugin Contact Form Builder Security Bypass (1.0.7) CWE-264  High
WordPress Plugin Contact Form by WD-responsive drag & drop contact form builder tool Security Bypass (1.7.14) CWE-264  High
WordPress Plugin Crayon Syntax Highlighter Security Bypass (2.6.10) CWE-264  High
WordPress Plugin Custom Contact Forms Security Bypass (5.1.0.3) CWE-264  High
WordPress Plugin Custom Field Suite Security Bypass (2.4) CWE-264  High
WordPress Plugin Divi Builder Security Bypass (1.2.3) CWE-264  High
WordPress Plugin Duo Two-Factor Authentication Security Bypass (1.8.1) CWE-592  High
WordPress Plugin Duplicator-WordPress Migration Security Bypass (0.5.8) CVE-2014-9262  CWE-264  High
WordPress Plugin DW Question & Answer Security Bypass (1.2.9) CWE-264  High
WordPress Plugin Easy Digital Downloads Multiple Security Bypass Vulnerabilities (2.1.10) CWE-264  High
WordPress Plugin eCommerce Shopping Cart by WP EasyCart Multiple Security Bypass Vulnerabilities (3.0.20) CVE-2015-2673  CWE-264  High
WordPress Plugin Elementor Page Builder Security Bypass (1.7.12) CWE-264  High
WordPress Plugin FancyBox for WordPress Security Bypass (3.0.2) CVE-2015-1494  CWE-264  High
WordPress Plugin Fancy Slideshows Security Bypass (2.4) CWE-264  High
WordPress Plugin File Browser, Manager, Backup (+ Database) Security Bypass (1.23) CWE-287  High
WordPress Plugin FireStats Multiple Cross-Site Scripting and Authentication Bypass Vulnerabilities (1.0.2) CWE-79  CWE-287  High
WordPress Plugin Formidable Forms-Form Builder for WordPress Security Bypass (2.0.21) CWE-264  High
WordPress Plugin Form Lightbox Security Bypass (2.1) CWE-264  High
WordPress Plugin Form Maker by WD-user-friendly drag & drop Form Builder Security Bypass (1.7.14) CWE-264  High
WordPress Plugin Frontier Post Security Bypass (1.3.2) CWE-264  High
WordPress Plugin Gallery-Photo Gallery and Images Gallery Security Bypass (2.0.15) CWE-264  High
WordPress Plugin GD Star Rating 'export.php' Security Bypass (1.9.18) CWE-264  High
WordPress Plugin Google Captcha (reCAPTCHA) by BestWebSoft Security Bypass (1.12) CVE-2015-0890  CWE-254  High
WordPress Plugin IgnitionDeck Security Bypass (1.1.6) CWE-264  High
WordPress Plugin InfiniteWP Client Security Bypass (1.3.7) CWE-264  High
WordPress Plugin Invite Anyone Security Bypass (1.3.14) CVE-2017-6955  CWE-264  High
WordPress Plugin IP Geo Block Security Bypass (2.2.2) CWE-264  High
WordPress Plugin iThemes Security (formerly Better WP Security) Security Bypass (5.3.0) CWE-219  CWE-330  High
WordPress Plugin iThemes Security (formerly Better WP Security) Security Bypass (5.3.5) CWE-264  High
WordPress Plugin Jetpack by WordPress.com Security Bypass (2.9.2) CVE-2014-0173  CWE-264  High
WordPress Plugin Job Manager Security Bypass (0.7.25) CVE-2015-6668  CWE-287  High
WordPress Plugin kk Star Ratings Security Bypass (2.3.1) CWE-264  High
WordPress Plugin Like Button Rating-LikeBtn Security Bypass (2.5.3) CWE-264  High
WordPress Plugin Limit Login Attempts Security Bypass (1.7.0) CWE-264  High
WordPress Plugin Login With Ajax Security Bypass (3.1.2) CWE-284  High
WordPress Plugin MAC PHOTO GALLERY Multiple Security Bypass Vulnerabilities (3.0) CWE-285  High
WordPress Plugin MailUp newsletter sign-up form Security Bypass (1.3.2) CVE-2013-0731  CVE-2013-2640  CWE-264  High
WordPress Plugin MainWP Child Security Bypass (2.0.9.1) CWE-264  High
WordPress Plugin MainWP Child Security Bypass (3.4.4) CWE-287  High
WordPress Plugin MediaPress Security Bypass (1.1.9) CWE-264  High
WordPress Plugin MemberSonic Lite Security Bypass (1.2) CWE-287  High
WordPress Plugin Mingle Forum SQL Injection and Security Bypass Vulnerabilities (1.0.26 ) CWE-89  CWE-425  High
WordPress Plugin Monarch Social Sharing Security Bypass (1.2.6) CWE-264  High
WordPress Plugin Ninja Forms-The Easy and Powerful Forms Builder Security Bypass (3.0.30) CWE-264  High
WordPress Plugin OneLogin SAML SSO Security Bypass (2.2.0) CWE-287  High
WordPress Plugin OptinMonster-Best WordPress Popup and Lead Generation Security Bypass (1.1.4.5) CWE-264  High
WordPress Plugin Peter's Math Anti-Spam Audio CAPTCHA Security Bypass (0.1.6) CVE-2008-7216  CWE-264  High
WordPress Plugin Pie Register Security Bypass (2.0.13) CVE-2014-8802  CWE-264  High
WordPress Plugin Portable phpMyAdmin Authentication Bypass (1.3.0) CVE-2012-5469  CWE-264  High
WordPress Plugin Premium SEO Pack Security Bypass (1.9.1.3) CWE-264  High
WordPress Plugin Query Interface Security Bypass (1.1) CWE-701  High
WordPress Plugin Quttera Web Malware Scanner Security Bypass (3.0.8.65) CWE-264  High
WordPress Plugin Rating-Widget:Star Review System Security Bypass (2.8.9) CWE-264  High
WordPress Plugin Related Posts Lite Security Bypass (1.1) CWE-264  High
WordPress Plugin Rencontre-Dating Site Security Bypass (1.6.9) CWE-264  High
WordPress Plugin Revive Old Post-Auto Post to Social Media Security Bypass (6.9.3) CWE-264  High
WordPress Plugin s2Member Framework 's2_invoice' Parameter Remote Security Bypass (111105) CWE-264  High
WordPress Plugin SendPress Newsletters Security Bypass (1.2.10.20) CWE-264  High
WordPress Plugin Simple:Press Security Bypass and Arbitrary File Upload Vulnerabilities (4.1.2) CWE-264  CWE-434  High
WordPress Plugin Social Articles Security Bypass (2.4) CWE-264  High
WordPress Plugin Social Media and Share Icons (Ultimate Social Media) Security Bypass (1.5.1) CWE-264  High
WordPress Plugin Social Media Security Bypass (2.4.5) CWE-264  High
WordPress Plugin SpamBam Key Calculation Security Bypass (2.1) CWE-264  High
WordPress Plugin Spam Free WordPress Security Bypass (1.9.2) CWE-264  High
WordPress Plugin Sprout Invoices-Client Invoicing & Estimates Security Bypass (9.3) CWE-264  High
WordPress Plugin SS Quiz Cross-Site Request Forgery and Access Security Bypass Vulnerabilities (1.11) CWE-264  CWE-352  High
WordPress Plugin Student Result or Employee Database Security Bypass (1.6.3) CVE-2017-14766  CWE-287  High
WordPress Plugin TheCartPress eCommerce Shopping Cart Order Information Security Bypass (1.1.9.2) CWE-264  High
WordPress Plugin The Events Calendar Security Bypass (3.11.2) CWE-264  High
WordPress Plugin Theme Blvd Layout Builder Multiple Security Bypass Vulnerabilities (2.0.1) CWE-264  High
WordPress Plugin Theme Blvd Shortcodes Multiple Security Bypass Vulnerabilities (1.5.2) CWE-264  High
WordPress Plugin Theme Blvd Sliders Multiple Security Bypass Vulnerabilities (1.2.3) CWE-264  High
WordPress Plugin Theme Blvd Widget Areas Multiple Security Bypass Vulnerabilities (1.2.2) CWE-264  High
WordPress Plugin Theme My Login Security Bypass (6.4.6) CWE-264  High
WordPress Plugin ThinkTwit Security Bypass (1.5.1) CWE-264  High
WordPress Plugin TwitterCart Security Bypass (2.0) CWE-264  High
WordPress Plugin Ultimate Member-User Profile & Membership Security Bypass (1.3.52) CWE-264  High
WordPress Plugin Ultimate Member-User Profile & Membership Security Bypass (1.3.75) CWE-264  High
WordPress Plugin Ultimate Member-User Profile & Membership Security Bypass (1.3.83) CWE-264  High
WordPress Plugin UpdraftPlus Backup and Restoration Security Bypass (1.9.50) CWE-264  High
WordPress Plugin UserPro-Community and User Profile Security Bypass (4.9.17) CVE-2017-16562  CWE-287  High
WordPress Plugin User registration & user profile-Profile Builder 'key' Parameter Security Bypass (1.1.24) CWE-264  High
WordPress Plugin User registration & user profile-Profile Builder Security Bypass (1.1.59) CWE-287  High
WordPress Plugin User registration & user profile-Profile Builder Security Bypass (2.3.5) CWE-264  High
WordPress Plugin User Role Editor Security Bypass (4.24) CWE-264  High
WordPress Plugin WM Simple Captcha Security Bypass (2.0.3) CWE-264  High
WordPress Plugin Woocommerce Category Banner Management Security Bypass (1.1.1) CVE-2018-11579  CWE-264  High
WordPress Plugin WooCommerce Security Bypass (2.1.7) CWE-264  High
WordPress Plugin WooCommerce Stock Manager Security Bypass (1.0.7) CWE-264  High
WordPress Plugin WordPress Access Areas Security Bypass (1.3.0) CWE-284  High
WordPress Plugin WordPress Button Plugin MaxButtons Security Bypass (1.19.0) CWE-264  High
WordPress Plugin WordPress Download Manager Multiple Security Bypass Vulnerabilities (2.6.92) CWE-284  High
WordPress Plugin WordPress Download Manager Security Bypass (2.7.2) CVE-2014-9260  CWE-264  High
WordPress Plugin WordPress Poll Multiple SQL Injection and Security Bypass Vulnerabilities (34.04) CVE-2013-1400  CVE-2013-1401  CWE-89  CWE-264  High
WordPress Plugin WordPress SEO by Yoast Security Bypass (1.4.6) CWE-264  High
WordPress Plugin WordPress Social Share, Social Login and Social Comments-Super Socializer Security Bypass (7.10.6) CWE-287  High
WordPress Plugin WordPress Social Stream Security Bypass (1.5.15) CWE-264  High
WordPress Plugin WP-Ban Security Bypass (1.63) CVE-2014-6230  CWE-284  High
WordPress Plugin WP eCommerce Security Bypass (3.8.14.3) CWE-264  High
WordPress Plugin WP Migrate DB Security Bypass (0.6) CWE-264  High
WordPress Plugin WP OAuth Server Security Bypass (3.1.4) CWE-326  High
WordPress Plugin WP Print Friendly Security Bypass (0.5.2) CWE-264  High
WordPress Plugin WP REST API (WP API) Security Bypass (1.2.1) CWE-264  High
WordPress Plugin WP RSS Aggregator Security Bypass (4.6.3) CVE-2014-9314  CWE-264  High
WordPress Plugin WP to Twitter Authorization Bypass (2.9.3) CWE-264  High
WordPress Plugin WPtouch Mobile Security Bypass (3.4.2) CWE-264  High
WordPress Possible Security Bypass Vulnerability (0.70 - 4.7.4) CVE-2017-8295  CWE-264  High