Insecure direct object references (IDOR) are a type of access control vulnerability that arises when an application uses user-supplied input to access objects directly.
1) Login into your account at demo.usememos.com
2) Turn on your burpsuite proxy
3) Click on the three dots on the top right of the memo , click on archive and capture the request
4) Send this request to the repeated and drop the current request
5) Change the Memo ID to victims Memo ID and forward the request
6) You will see that the victims memo has been archived
POC video: https://drive.google.com/file/d/1-AuWh6TyqGvO2osiF6jrjhPcDiApYRkv/view?usp=sharing