CVE-2026-11987

The Dokan: AI Powered WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, Etsy plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.0.4 via the 'id' parameter due to missing validation on a user controlled key. This...

CVE-2026-10820

CVE-2026-10820 affects the WordPress plugin family “Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content” up to version 4.16.17. The root cause is lack of ownership verification when a subscription action is performed, allowing any authenticated u...

Danswer - Insecure Direct Object Reference

The application does not verify whether the attacker is the creator of the file, allowing the attacker to directly call the GET /api/chat/file/fileid interface to view any user's file. id: CVE-2024-9617 info: name: Danswer - Insecure Direct Object Reference author: s4e-io severity: medium...

Masteriyo LMS <= 1.7.3 - Insecure Direct Object Reference

Authentication Bypass Using an Alternate Path or Channel vulnerability in Masteriyo Masteriyo - LMS. Unauth access to course progress.This issue affects Masteriyo - LMS: from n/a through 1.7.3. id: CVE-2024-33939 info: name: Masteriyo LMS = 1.7.3 - Insecure Direct Object Reference author:...

EUVD-2025-210356

Unauthenticated Insecure Direct Object References IDOR in BookPro = 1.1.0 versions...

CVE-2026-57665

Unauthenticated Insecure Direct Object References IDOR in GravityView = 3.0.0 versions...

CVE-2026-57634

Contributor Insecure Direct Object References IDOR in PPWP = 1.9.19 versions...

CVE-2026-56069

Unauthenticated Insecure Direct Object References IDOR in Toolset Forms = 2.6.24 versions...

CVE-2026-56048

Unauthenticated Insecure Direct Object References IDOR in Payment Gateway Based Fees and Discounts for WooCommerce = 3.0.0 versions...

CVE-2026-54826

Subscriber Insecure Direct Object References IDOR in SupportCandy = 3.4.6 versions...

CVE-2025-66123

Unauthenticated Insecure Direct Object References IDOR in BookPro = 1.1.0 versions...

EUVD-2026-39670

Unauthenticated Insecure Direct Object References IDOR in GravityView = 3.0.0 versions...

EUVD-2026-39767

Unauthenticated Insecure Direct Object References IDOR in JS Help Desk = 3.1.0 versions...

CVE-2026-57652

The CVE-2026-57652 vulnerability affects the WordPress JS Help Desk plugin

CVE-2026-57652 WordPress JS Help Desk plugin <= 3.1.0 - Insecure Direct Object References (IDOR) vulnerability

Unauthenticated Insecure Direct Object References IDOR in JS Help Desk = 3.1.0 versions...

EUVD-2026-39761

Subscriber Insecure Direct Object References IDOR in Majestic Support = 1.1.7 versions...

CVE-2026-57646

CVE-2026-57646 affects the WordPress Majestic Support plugin (versions

CVE-2026-57646 WordPress Majestic Support plugin <= 1.1.7 - Insecure Direct Object References (IDOR) vulnerability

Subscriber Insecure Direct Object References IDOR in Majestic Support = 1.1.7 versions...

EUVD-2026-39750

Contributor Insecure Direct Object References IDOR in PPWP = 1.9.19 versions...

EUVD-2026-39746

Unauthenticated Insecure Direct Object References IDOR in Blocksy Companion Pro = 2.1.46 versions...