CWE-345
Insufficient Verification of Data Authenticity
The product does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data.
We have discovered 399,974 live websites that are affected by CWE-345.
CVEs
- Count - 12
CWE References
Website Distribution by Country
Number of websites using CWE-345 United States | 136,930 websites |
 Germany | 28,234 websites |
 France | 21,417 websites |
 Singapore | 19,916 websites |
 Japan | 19,089 websites |
 Netherlands | 16,486 websites |
 Russia | 14,915 websites |
 Canada | 12,060 websites |
 Italy | 11,726 websites |
 Czech Republic | 8,976 websites |
Website Distribution by TLD
Number of websites using CWE-345| .com | 175,208 websites |
| .org | 18,270 websites |
| .de | 16,919 websites |
| .net | 15,900 websites |
| .ru | 12,625 websites |
| .nl | 12,087 websites |
| .it | 9,775 websites |
| .cz | 7,378 websites |
| .fr | 6,626 websites |
| .co.uk | 5,725 websites |
Newest CVEs
List of the most recent CVEs that are part of CWE-345| Discovered | CVE | Description | Websites |
|---|---|---|---|
| Apr, 2026 | CVE-2026-3177 | Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More <= 1.8.9.7 - Insufficient Verification of Data Authenticity to Unauthenticated Donation Status Forgery via Stripe Webhook | 3,398 |
| Mar, 2026 | CVE-2026-25921 | Gogs: Cross-repository LFS object overwrite via missing content hash verification | 48 |
| Feb, 2026 | CVE-2026-2428 | Fluent Forms Pro Add On Pack <= 6.1.17 - Missing Authorization to Unauthenticated Payment Status modification | 98 |
| Feb, 2026 | CVE-2026-2385 | The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce <= 6.4.7 - Unauthenticated Email Relay | 1,576 |
| Feb, 2026 | CVE-2025-14444 | RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login <= 6.0.6.9 - Unauthenticated Payment Bypass via rm_process_paypal_sdk_payment | 947 |
| Jan, 2026 | CVE-2026-0939 | Rede Itaú for WooCommerce — Payment PIX, Credit Card and Debit <= 5.1.2 - Unauthenticated Order Status Manipulation | 86 |
| Apr, 2025 | CVE-2025-43865 | React Router allows pre-render data spoofing on React-Router framework mode | 4 |
| May, 2024 | CVE-2024-31341 | WordPress User Profile Builder plugin <= 3.11.2 - Bypass Vulnerability vulnerability | 4,784 |
| Mar, 2024 | CVE-2024-1321 | EventPrime – Events Calendar, Bookings and Tickets <= 3.4.2 - Unauthenticated Booking Payment Bypass | 49 |
| Feb, 2023 | CVE-2023-23941 | SwagPayPal payment not sent to PayPal correctly | 1 |
The most widespread CVEs
List of the most common CVEs that are part of CWE-345| Discovered | CVE | Description | Websites |
|---|---|---|---|
| Aug, 2020 | CVE-2020-11985 | IP address spoofing when proxying using mod_remoteip and mod_rewrite For configurations using proxyi... | 389,032 |
| May, 2024 | CVE-2024-31341 | WordPress User Profile Builder plugin <= 3.11.2 - Bypass Vulnerability vulnerability | 4,784 |
| Apr, 2026 | CVE-2026-3177 | Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More <= 1.8.9.7 - Insufficient Verification of Data Authenticity to Unauthenticated Donation Status Forgery via Stripe Webhook | 3,398 |
| Feb, 2026 | CVE-2026-2385 | The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce <= 6.4.7 - Unauthenticated Email Relay | 1,576 |
| Feb, 2026 | CVE-2025-14444 | RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login <= 6.0.6.9 - Unauthenticated Payment Bypass via rm_process_paypal_sdk_payment | 947 |
| Feb, 2026 | CVE-2026-2428 | Fluent Forms Pro Add On Pack <= 6.1.17 - Missing Authorization to Unauthenticated Payment Status modification | 98 |
| Jan, 2026 | CVE-2026-0939 | Rede Itaú for WooCommerce — Payment PIX, Credit Card and Debit <= 5.1.2 - Unauthenticated Order Status Manipulation | 86 |
| Mar, 2024 | CVE-2024-1321 | EventPrime – Events Calendar, Bookings and Tickets <= 3.4.2 - Unauthenticated Booking Payment Bypass | 49 |
| Mar, 2026 | CVE-2026-25921 | Gogs: Cross-repository LFS object overwrite via missing content hash verification | 48 |
| Nov, 2021 | CVE-2021-41203 | Missing validation during checkpoint loading | 25 |
Websites affected by CWE-345
Top websites that are affected by CWE-345. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| ***.****.us | United States | *,*** | |
| ******************.com | United States | *,*** | |
| ****.com | United States | *,*** | |
| ********.com | United States | *,*** | |
| ********.in |  India | *,*** | |
| *.******.***.***.br |  Brazil | *,*** | |
| *************.com |  GB | *,*** | |
| *.*****.***.***.br | Brazil | *,*** | |
| ******.com | France | *,*** | |
| **.***.edu | United States | *,*** |