690 matches found
ZimaOS - Authentication Bypass
ZimaOS = 1.5.0 contains a broken authentication caused by improper password validation for known system service accounts in the login function, letting attackers authenticate with any password for these accounts, exploit requires knowledge of common usernames. id: CVE-2026-21891 info: name: ZimaO...
CVE-2026-57697 WordPress ProfileGrid plugin <= 5.9.9.6 - Broken Authentication vulnerability
Authentication Bypass Using an Alternate Path or Channel vulnerability in Metagauss ProfileGrid profilegrid-user-profiles-groups-and-communities allows Password Recovery Exploitation.This issue affects ProfileGrid : from n/a through = 5.9.9.6...
CVE-2026-57807 WordPress OAuth Single Sign On - SSO (OAuth Client) plugin <= 38.5.8 - Broken Authentication vulnerability
Authentication Bypass Using an Alternate Path or Channel vulnerability in miniOrange Security Software Pvt Ltd. OAuth Single Sign On - SSO OAuth Client allows Password Recovery Exploitation. This issue affects OAuth Single Sign On - SSO OAuth Client: from n/a through 38.5.8...
WordPress OAuth Single Sign On - SSO (OAuth Client) plugin <= 38.5.8 - Broken Authentication vulnerability
WordPress OAuth Single Sign On - SSO OAuth Client plugin = 38.5.8 - Broken Authentication vulnerability discovered by Kim Dvash in WordPress Plugin OAuth Single Sign On - SSO OAuth Client versions = 38.5.8...
WordPress Abandoned Cart Recovery for WooCommerce plugin <= 1.1.12 - Broken Authentication vulnerability
Broken Authentication vulnerability discovered by she11f in WordPress Plugin Abandoned Cart Recovery for WooCommerce versions = 1.1.12...
WordPress ProfileGrid plugin <= 5.9.9.6 - Broken Authentication vulnerability
Broken Authentication vulnerability discovered by Jakub Herman in WordPress Plugin ProfileGrid versions = 5.9.9.6...
WordPress WorkScout-Core plugin <= 1.7.08 - Cross Site Request Forgery (CSRF) to Broken Authentication vulnerability
Cross Site Request Forgery CSRF to Broken Authentication vulnerability discovered by Phat RiO in WordPress Plugin WorkScout-Core versions = 1.7.08...
CVE-2026-57352
CVE-2026-57352 concerns the WordPress plugin ALD – Dropshipping and Fulfillment for AliExpress and WooCommerce (
CVE-2026-56029
Unauthenticated Broken Authentication in CorvusPay WooCommerce Payment Gateway = 2.7.4 versions...
CVE-2026-56029 WordPress CorvusPay WooCommerce Payment Gateway plugin <= 2.7.4 - Broken Authentication vulnerability
Unauthenticated Broken Authentication in CorvusPay WooCommerce Payment Gateway = 2.7.4 versions...
EUVD-2026-39692
Unauthenticated Broken Authentication in CorvusPay WooCommerce Payment Gateway = 2.7.4 versions...
CVE-2026-56029
CVE-2026-56029 affects the WordPress CorvusPay WooCommerce Payment Gateway plugin ≤ 2.7.4. It is described as an Unauthenticated Broken Authentication vulnerability. The CVSS 3.1 base score is 7.5 (HIGH) with network attack vector, no user interaction, and no confidentiality or availability impac...
CVE-2026-56237
Capgo before 12.128.2 contains a broken authentication vulnerability in its API key generation mechanism. API keys are exposed in frontend requests, and the backend fails to validate that keys are securely generated and bound to the authenticated user. An attacker can tamper with the API key...
CVE-2026-56237
Capgo before 12.128.2 contains a broken authentication vulnerability in its API key generation mechanism. API keys are exposed in frontend requests, and the backend fails to validate that keys are securely generated and bound to the authenticated user. An attacker can tamper with the API key...
WordPress CorvusPay WooCommerce Payment Gateway plugin <= 2.7.4 - Broken Authentication vulnerability
Broken Authentication vulnerability discovered by ParkHyunWoo in WordPress Plugin CorvusPay WooCommerce Payment Gateway versions = 2.7.4...
EUVD-2026-37638
Unauthenticated Broken Authentication in SMS Alert Order Notifications = 3.9.3 versions...
EUVD-2026-37640
Subscriber Broken Authentication in Melhor Envio = 2.16.3 versions...
EUVD-2026-37614
Unauthenticated Broken Authentication in WooCommerce Dropshipping = 5.2.4 versions...
EUVD-2026-37609
Unauthenticated Broken Authentication in PowerPack Pro for Elementor v2.13.0 versions...
EUVD-2026-37666
Unauthenticated Broken Authentication in Booknetic = 4.8.5 versions...