CWE-287


Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.


We have discovered 848,787 live websites that are affected by CWE-287.

Contact us to get more info









CVEs

  • Count - 51



CWE-287 usage by Country

United States256,120 websites



Germany105,982 websites
France59,615 websites
GB28,055 websites
Poland26,854 websites
Russia25,219 websites
Spain24,068 websites
Brazil22,802 websites
Netherlands21,154 websites
Italy20,322 websites

CWE-287 usage by TLD

.com332,280 websites
.de47,269 websites
.org34,168 websites
.com.br31,074 websites
.pl21,891 websites
.fr21,069 websites
.nl20,988 websites
.ru20,458 websites
.co.uk19,886 websites
.it17,918 websites

Newest CVEs

List of the most recent CVEs that are part of CWE-287
DiscoveredCVEDescriptionWebsites
Jan, 2025CVE-2024-12585 PropertyHive < 2.1.1 - Reflected XSS1,083
Dec, 2024CVE-2024-10111 OAuth Single Sign On – SSO (OAuth Client) <= 6.26.3 - Authentication Bypass15
Dec, 2024CVE-2024-11015 Sign In With Google <= 1.8.0 - Authentication Bypass in authenticate_user377
Dec, 2024CVE-2024-47761 GLPI vulnerable to account takeover via the password reset feature7
Nov, 2024CVE-2024-52518 Nextcloud Server is missing password confirmation when changing external storage options140
Nov, 2024CVE-2024-9946 Social Share, Social Login and Social Comments Plugin – Super Socializer <= 7.13.68 - Authentication Bypass7,477
Nov, 2024CVE-2024-10020 Heateor Social Login WordPress <= 1.1.35 - Authentication Bypass118
Nov, 2024CVE-2024-10114 Social Login - WordPress / WooCommerce Plugin <= 2.7.7 - Authentication Bypass326
Oct, 2024CVE-2024-9947 ProfilePress - Pro <= 4.11.1 - Authentication Bypass11,984
Oct, 2024CVE-2024-45115 Adobe Commerce | Improper Authentication (CWE-287)70
List of the most common CVEs that are part of CWE-287
DiscoveredCVEDescriptionWebsites
Apr, 2024CVE-2023-47504 WordPress Elementor plugin <= 3.16.4 - Auth. Arbitrary Attachment Read vulnerability692,849
Sep, 2024CVE-2024-7870 PixelYourSite – Your smart PIXEL (TAG) & API Manager <= 9.7.1 and PixelYourSite PRO <= 10.4.2 - Unauthenticated Information Exposure and Log Deletion82,547
Dec, 2023CVE-2023-6203 The Events Calendar < 6.2.8.1 - Unauthenticated Arbitrary Password Protected Post Read42,838
Oct, 2024CVE-2024-9947 ProfilePress - Pro <= 4.11.1 - Authentication Bypass11,984
May, 2023CVE-2023-32243 WordPress Essential Addons for Elementor Plugin 5.4.0-5.7.1 is vulnerable to Privilege Escalation7,576
Jul, 2024CVE-2024-6695 profile-builder <= 3.11.8 - Unauthenticated Privilege Escalation7,503
Nov, 2024CVE-2024-9946 Social Share, Social Login and Social Comments Plugin – Super Socializer <= 7.13.68 - Authentication Bypass7,477
Feb, 2021CVE-2021-21308 Improper session management for soft logout4,514
Apr, 2024CVE-2024-1526 Hubbub Lite < 1.33.1 - Unauthenticated Password Protected Posts Access4,219
Jul, 2020CVE-2020-4074 Improper Authentication4,159

Websites affected by CWE-287

Top websites that are affected by CWE-287. Please click on the "Contact us" link to get more information.
DomainCountryRankContacts
*****.com United States***
****.*******.org United States*,***
***********.com United States*,***
*******.net Germany*,***
***********.com United States*,***
***.cz Czech Republic*,***
*************************.com United States*,***
********.com United States*,***
******.com United States*,***
************.com United States*,***
See full domain list