3454 matches found
PT-2025-46778
Name of the Vulnerable Software and Affected Versions Page Builder: Pagelayer versions up to and including 2.0.5 Description The Page Builder: Pagelayer WordPress plugin has an Insecure Direct Object Reference issue. This is due to a lack of validation on a user-controlled key within the pagelaye...
PT-2025-46828
Insecure Direct Object Reference IDOR vulnerability in DeporSite of T-INNOVA. This vulnerability allows an attacker to access or modify unauthorized resources by manipulating requests using the 'idUsuario' parameter in ‘/ajax/TInnova v2/Formulario...
CVE-2025-64523 FileBrowser has Insecure Direct Object Reference (IDOR) in Share Deletion Function
File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. Versions prior to 2.45.1 have an Insecure Direct Object Reference IDOR vulnerability in the FileBrowser application's share deletion functionality. Th...
CVE-2025-64523 FileBrowser has Insecure Direct Object Reference (IDOR) in Share Deletion Function
File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. Versions prior to 2.45.1 have an Insecure Direct Object Reference IDOR vulnerability in the FileBrowser application's share deletion functionality. Th...
EUVD-2025-119998
The Wishlist and Save for later for Woocommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.1.22 via the 'awwlmremoveaddedwishlistpage' AJAX action due to missing validation on a user controlled key. This makes it possible for...
EUVD-2025-119997
The GeoDirectory – WP Business Directory Plugin and Classified Listings Directory plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.8.139 via the 'postattachmentupload' function due to missing validation on a user controlled key. This...
CVE-2025-12833
The GeoDirectory – WP Business Directory Plugin and Classified Listings Directory plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.8.139 via the 'postattachmentupload' function due to missing validation on a user controlled key. This...
CVE-2025-12833
The GeoDirectory – WP Business Directory Plugin and Classified Listings Directory plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.8.139 via the 'postattachmentupload' function due to missing validation on a user controlled key. This...
CVE-2025-12833 GeoDirectory – WP Business Directory Plugin and Classified Listings Directory <= 2.8.139 - Missing Authorization to Authenticated (Author+) Arbitrary Image Attachment
The GeoDirectory – WP Business Directory Plugin and Classified Listings Directory plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.8.139 via the 'postattachmentupload' function due to missing validation on a user controlled key. This...
CVE-2025-12087 Wishlist and Save for later for Woocommerce <= 1.1.22 - Insecure Direct Object Reference to Authenticated (Subscriber+) Wishlist Item Deletion
The Wishlist and Save for later for Woocommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.1.22 via the 'awwlmremoveaddedwishlistpage' AJAX action due to missing validation on a user controlled key. This makes it possible for...
CVE-2025-12087 Wishlist and Save for later for Woocommerce <= 1.1.22 - Insecure Direct Object Reference to Authenticated (Subscriber+) Wishlist Item Deletion
The Wishlist and Save for later for Woocommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.1.22 via the 'awwlmremoveaddedwishlistpage' AJAX action due to missing validation on a user controlled key. This makes it possible for...
CVE-2025-12126
The The Total Book Project plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.0 via several functions due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Contributor-level access a...
CVE-2025-11532
The Wisly plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.0.0 due to missing validation on the 'wishlistid' user controlled key. This makes it possible for unauthenticated attackers to remove and add items to other user's wishlists...
WordPress IDonate plugin unsafe direct object reference vulnerability
WordPress IDonate plugin is a blood donation management tool on the WordPress platform, which is mainly used for blood donor registration, blood donation request submission and background management. WordPress IDonate plugin has an insecure direct object reference vulnerability, the vulnerability...
CVE-2025-48878
Combodo iTop is a web based IT service management tool. In versions on the 3.x branch prior to 3.2.2, an insecure direct object reference allows a user e.g. with Service desk agent profile to create a ModuleInstallation object when they shouldn't be able to do so. Version 3.2.2 fixes the issue...
CVE-2025-12126
CVE-2025-12126 affects The Total Book Project WordPress plugin (versions ≤ 1.0). Root cause: insecure direct object reference due to missing validation of a user-controlled key, enabling authenticated users with Contributor+ privileges to move/delete/create chapters in books not owned by them. Im...
CVE-2025-11532
CVE-2025-11532 affects the Wisly WordPress plugin (versions
CVE-2025-11532 Wisly <= 1.0.0 - Insecure Direct Object Reference to Unauthenticated Wishlist Manipulation
The Wisly plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.0.0 due to missing validation on the 'wishlistid' user controlled key. This makes it possible for unauthenticated attackers to remove and add items to other user's wishlists...
PT-2025-46273
Name of the Vulnerable Software and Affected Versions The Total Book Project plugin for WordPress versions prior to 1.1 Description The software is susceptible to an Insecure Direct Object Reference issue. This impacts authenticated attackers with Contributor-level access or higher, allowing them...
CVE-2025-48878
Combodo iTop is a web based IT service management tool. In versions on the 3.x branch prior to 3.2.2, an insecure direct object reference allows a user e.g. with Service desk agent profile to create a ModuleInstallation object when they shouldn't be able to do so. Version 3.2.2 fixes the issue...