CWE-287


Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

We have discovered 2,714,067 live websites that are affected by CWE-287.

Contact us to get more info







CVEs

  • Count - 63



Website Distribution by Country

Number of websites using CWE-287
United States699,015 websites


Germany309,031 websites
France153,118 websites
Taiwan115,947 websites
Russia107,184 websites
Netherlands103,171 websites
Japan99,194 websites
Italy92,292 websites
GB73,778 websites
Czech Republic66,060 websites

Website Distribution by TLD

Number of websites using CWE-287
.com1,029,675 websites
.de183,378 websites
.org115,764 websites
.net97,045 websites
.ru92,209 websites
.nl79,237 websites
.it76,742 websites
.cz55,241 websites
.fr53,181 websites
.pl47,653 websites

Newest CVEs

List of the most recent CVEs that are part of CWE-287
DiscoveredCVEDescriptionWebsites
Jul, 2025CVE-2025-49812 Apache HTTP Server: mod_ssl TLS upgrade attack2,007,320
Jul, 2025CVE-2025-49706 Microsoft SharePoint Server Spoofing Vulnerability2,766
May, 2025CVE-2024-13482 Icegram Engage < 3.1.32 - Admin+ Stored XSS1,879
Apr, 2025CVE-2025-46348 YesWiki Vulnerable to Unauthenticated Site Backup Creation and Download75
Apr, 2025CVE-2024-11917 JobSearch WP Job Board <= 2.9.2 - Authentication Bypass via Social Logins363
Apr, 2025CVE-2025-25227 [20250402] - Joomla Core - MFA Authentication Bypass644
Mar, 2025CVE-2024-11087 miniOrange Social Login and Register (Discord, Google, Twitter, LinkedIn) Pro Addon <= 200.3.9 - Authentication Bypass132
Mar, 2025CVE-2025-1475 WPCOM Member <= 1.7.5 - Authentication Bypass via 'user_phone'150
Feb, 2025CVE-2025-23419 TLS Session Resumption Vulnerability178,418
Jan, 2025CVE-2025-22146 Improper authentication on SAML SSO process allows user impersonation in sentry44

The most widespread CVEs

List of the most common CVEs that are part of CWE-287
DiscoveredCVEDescriptionWebsites
Jul, 2025CVE-2025-49812 Apache HTTP Server: mod_ssl TLS upgrade attack2,007,320
Apr, 2024CVE-2023-47504 WordPress Elementor plugin <= 3.16.4 - Auth. Arbitrary Attachment Read vulnerability449,371
Feb, 2025CVE-2025-23419 TLS Session Resumption Vulnerability178,418
Sep, 2024CVE-2024-7870 PixelYourSite – Your smart PIXEL (TAG) & API Manager <= 9.7.1 and PixelYourSite PRO <= 10.4.2 - Unauthenticated Information Exposure and Log Deletion50,954
Dec, 2023CVE-2023-6203 The Events Calendar < 6.2.8.1 - Unauthenticated Arbitrary Password Protected Post Read19,495
Oct, 2024CVE-2024-9947 ProfilePress - Pro <= 4.11.1 - Authentication Bypass via WordPress.com OAuth provider7,885
Jul, 2024CVE-2024-6695 profile-builder <= 3.11.8 - Unauthenticated Privilege Escalation5,987
May, 2023CVE-2023-32243 WordPress Essential Addons for Elementor Plugin 5.4.0-5.7.1 is vulnerable to Privilege Escalation5,150
Nov, 2024CVE-2024-9946 Social Share, Social Login and Social Comments Plugin – Super Socializer <= 7.13.68 - Authentication Bypass via Disqus OAuth provider3,778
Feb, 2024CVE-2024-21410 Microsoft Exchange Server Elevation of Privilege Vulnerability3,184

Websites affected by CWE-287

Top websites that are affected by CWE-287. Please click on the "Contact us" link to get more information.
DomainCountryRankContacts
*******.com Singapore***
****.******.org United States***
*************.***.****.****.************.net United States***
*****.***********.com Canada***
**********.com United States***
********.****.com United States***
****.****.******.org United States***
*********.net United States***
*****.cz Czech Republic*,***
***.****.us United States*,***
See full domain list