12 matches found
CVE-2026-12598 LoginPress Pro <= 6.2.3 - Unauthenticated Authentication Bypass via Unverified OAuth Email in Spotify OAuth Callback
The LoginPress Pro plugin for WordPress is vulnerable to authentication bypass in versions up to and including 6.2.3 via the Spotify Social Login addon. This is due to the loginpressonspotifylogin function trusting the unverified 'email' field returned by Spotify's /v1/me endpoint and using it...
CVE-2018-25183 Shipping System CMS 1.0 SQL Injection via admin login
Shipping System CMS 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to bypass authentication by injecting SQL code through the username parameter. Attackers can submit malicious SQL payloads using boolean-based blind techniques in POST requests to the admin login...
CVE-2026-2991
The CVE-2026-2991 affects the KiviCare – Clinic & Patient Management System (EHR) WordPress plugin (
Fortinet Confirms Active FortiCloud SSO Bypass on Fully Patched FortiGate Firewalls
Fortinet has officially confirmed that it's working to completely plug a FortiCloud SSO authentication bypass vulnerability following reports of fresh exploitation activity on fully-patched firewalls. "In the last 24 hours, we have identified a number of cases where the exploit was to a device th...
CVE-2023-54340 WorkOrder CMS 0.1.0 - SQL Injection
WorkOrder CMS 0.1.0 contains a SQL injection vulnerability that allows unauthenticated attackers to bypass login by manipulating username and password parameters. Attackers can inject malicious SQL queries using techniques like OR '1'='1' and stacked queries to access database information or...
Work Examiner Professional 安全漏洞
Work Examiner Professional is an employee computer monitoring software from Work Examiner USA. A security vulnerability exists in Work Examiner Professional that stems from a lack of authentication checks on the server side, which could allow an unauthenticated attacker to bypass the login prompt...
CVE-2025-7038
The vulnerability CVE-2025-7038 affects LatePoint for WordPress (up to v5.1.94). The issue is an Authentication Bypass in the steps__load_step path of the latepoint_route_call AJAX endpoint, where client-supplied customer email/fields are used before login verification or nonce checks. Unauthenti...
Pilz IndustrialPI 代码问题漏洞
Pilz IndustrialPI is a gateway for the Industrial Internet of Things from Pilz Individual Developers in Germany. A code issue vulnerability exists in Pilz IndustrialPI that stems from an unauthenticated login bypass resulting in a setting change...
FortiMail Unauthenticated Login Bypass Scanner
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'FortiMail Unauthenticated Login Bypass Scanner', 'Description' = %q This module attempts to detect instances of FortiMail vulnerable against an...
Exploit for SQL Injection in Abocms Abo.Cms
ABO.CMS-EXPLOIT-Unauthenticated-Login-Bypass-CVE-2024-25227...
CVE-2023-6036
The Web3 WordPress plugin before 3.0.0 is vulnerable to an authentication bypass due to incorrect authentication checking in the login flow in functions 'handleauthrequest' and 'hadleloginrequest'. This makes it possible for non authenticated attackers to log in as any existing user on the site,...
CVE-2021-24175
The Plus Addons for Elementor Page Builder WordPress plugin before 4.1.7 was being actively exploited to by malicious actors to bypass authentication, allowing unauthenticated users to log in as any user including admin by just providing the related username, as well as create accounts with...