3458 matches found
CVE-2025-4522
The IDonate – Blood Donation, Request And Donor Management System plugin for WordPress is vulnerable to Insecure Direct Object Reference via the adminpostdonordelete function in versions 2.0.0 to 2.1.9. By supplying an arbitrary userid parameter value to the wpdeleteuser function, authenticated...
CVE-2025-4522
The IDonate – Blood Donation, Request And Donor Management System plugin for WordPress is vulnerable to Insecure Direct Object Reference via the adminpostdonordelete function in versions 2.0.0 to 2.1.9. By supplying an arbitrary userid parameter value to the wpdeleteuser function, authenticated...
CVE-2025-4522
The WordPress IDonate plugin (IDonate) is affected by an Insecure Direct Object Reference in versions 2.0.0–2.1.9. The root cause is improper access control in the admin_post_donor_delete flow, which allows an authenticated user (Subscriber+ privilege) to craft a user_id value passed to wp_delete...
WordPress plugin IDonate 安全漏洞
WordPress IDonate plugin is a blood donation management tool on the WordPress platform, which is mainly used for blood donor registration, blood donation request submission and background management. WordPress IDonate plugin has an insecure direct object reference vulnerability, the vulnerability...
PT-2025-45406
Name of the Vulnerable Software and Affected Versions IDonate – Blood Donation, Request And Donor Management System plugin for WordPress versions 2.0.0 through 2.1.9 Description The IDonate plugin for WordPress is susceptible to an Insecure Direct Object Reference issue. Attackers with...
CVE-2025-58627 WordPress Miraculous Core Plugin plugin < 2.0.9 - Insecure Direct Object References (IDOR) vulnerability
Authorization Bypass Through User-Controlled Key vulnerability in kamleshyadav Miraculous Core Plugin miraculouscore allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Miraculous Core Plugin: from n/a through 2.0.9...
GHSA-CPF4-PMR4-W6CX IDOR Vulnerabilities in ZITADEL's Organization API allows Cross-Tenant Data Tempering
Summary ZITADEL's Organization V2Beta API contains Insecure Direct Object Reference IDOR vulnerabilities that allow authenticated users with specific administrator roles within one organization to access and modify data belonging to other organizations. Impact ZITADEL's Organization V2Beta API,...
PT-2025-45383
Name of the Vulnerable Software and Affected Versions Zitadel versions 4.0.0-rc.1 through 4.6.2 Description Zitadel is an open source identity management platform susceptible to secure Direct Object Reference IDOR attacks through its V2Beta API. Authenticated users with specific administrator rol...
EUVD-2025-37759
An Insecure Direct Object Reference IDOR vulnerability exists in the vehicleId parameter, allowing unauthorized access to sensitive information of other users’ vehicles. Exploiting this issue enables an attacker to retrieve data such as GPS coordinates, encryption keys, initialization vectors,...
PT-2025-44991
Name of the Vulnerable Software and Affected Versions CFMOTO RIDE affected versions not specified Description An Insecure Direct Object Reference IDOR vulnerability exists in the vehicleId parameter, allowing unauthorized access to sensitive information of other users’ vehicles. Exploiting this...
Insecure Direct Object Reference (IDOR)
Liferay Portal including Liferay DXP is vulnerable to an Insecure Direct Object Reference IDOR. The vulnerability is due to the Contacts Center widget directly exposing the comliferaycontactswebportletContactsCenterPortletentryId parameter without proper authorization checks. An attackers can use...
CVE-2025-61876
Insecure Direct Object Reference IDOR in /tenants/id API endpoint in Inforcer Platform version 2.0.153 allows an authenticated user with low privileges to enumerate and access tenant information belonging to other clients via modification of the tenant ID in the request URL...
Inforcer Platform 安全漏洞
Inforcer Platform is a multi-tenant management platform from the Dutch company Inforcer. A security vulnerability exists in Inforcer Platform version 2.0.153, which stems from the presence of an insecure direct object reference in the /tenants/id API endpoint, which could lead to a low-privileged...
CVE-2025-61876
Insecure Direct Object Reference IDOR in /tenants/id API endpoint in Inforcer Platform version 2.0.153 allows an authenticated user with low privileges to enumerate and access tenant information belonging to other clients via modification of the tenant ID in the request URL...
CVE-2025-61876
CVE-2025-61876 is an IDOR flaw in Inforcer Platform 2.0.153 allowing a low-privilege, authenticated user to enumerate and access tenant data from other clients by altering the tenant ID in the /tenants/{id} URL. The Red Hat and NVD records corroborate the issue; the CVSSv3.1 score is 5.0 (Medium)...
CVE-2025-34293
GN4 Publishing System versions prior to 2.6 contain an insecure direct object reference IDOR vulnerability via the API. Authenticated requests to the API's object endpoints allow an authenticated user to request arbitrary user IDs and receive sensitive account data for those users, including the...
CVE-2025-60982
CVE-2025-60982 is an IDOR vulnerability in Educare ERP 1.0. Affected API endpoints fail to enforce authorization, allowing authenticated users to access or modify data belonging to other users by altering object identifiers. The issue is described consistently across multiple feeds (Red Hat, ENIS...
PT-2025-43998
Name of the Vulnerable Software and Affected Versions Educare ERP version 1.0 Description An IDOR Insecure Direct Object Reference vulnerability exists that allows unauthorized access to sensitive data through manipulated object references. Affected API endpoints do not enforce proper authorizati...
CVE-2025-60982
IDOR vulnerability in Educare ERP 1.0 2025-04-22 allows unauthorized access to sensitive data via manipulated object references. Affected endpoints do not enforce proper authorization checks, allowing authenticated users to access or modify data belonging to other users by changing object...
CVE-2025-60982
IDOR vulnerability in Educare ERP 1.0 2025-04-22 allows unauthorized access to sensitive data via manipulated object references. Affected endpoints do not enforce proper authorization checks, allowing authenticated users to access or modify data belonging to other users by changing object...