3459 matches found
CVE-2025-60982
IDOR vulnerability in Educare ERP 1.0 2025-04-22 allows unauthorized access to sensitive data via manipulated object references. Affected endpoints do not enforce proper authorization checks, allowing authenticated users to access or modify data belonging to other users by changing object...
CVE-2025-6639
The Tutor LMS Pro – eLearning and online course solution plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.8.3 due to missing validation on a user controlled key when viewing and editing assignments through the tutorassignmentsubmit...
CVE-2025-6639
The Tutor LMS Pro – eLearning and online course solution plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.8.3 due to missing validation on a user controlled key when viewing and editing assignments through the tutorassignmentsubmit...
EUVD-2025-35899
GN4 Publishing System versions prior to 2.6 contain an insecure direct object reference IDOR vulnerability via the API. Authenticated requests to the API's object endpoints allow an authenticated user to request arbitrary user IDs and receive sensitive account data for those users, including the...
PT-2025-43711
Name of the Vulnerable Software and Affected Versions Tutor LMS Pro versions prior to 3.8.4 Description The Tutor LMS Pro plugin for WordPress is susceptible to an Insecure Direct Object Reference issue. This is due to a lack of proper validation on a user-controlled key when handling assignment...
CVE-2025-34293
GN4 Publishing System versions prior to 2.6 contain an insecure direct object reference IDOR vulnerability via the API. Authenticated requests to the API's object endpoints allow an authenticated user to request arbitrary user IDs and receive sensitive account data for those users, including the...
CVE-2025-34293 GN4 Publishing System Insecure Direct Object Reference (IDOR) Information Disclosure
GN4 Publishing System versions prior to 2.6 contain an insecure direct object reference IDOR vulnerability via the API. Authenticated requests to the API's object endpoints allow an authenticated user to request arbitrary user IDs and receive sensitive account data for those users, including the...
CVE-2025-34293 GN4 Publishing System Insecure Direct Object Reference (IDOR) Information Disclosure
GN4 Publishing System versions prior to 2.6 contain an insecure direct object reference IDOR vulnerability via the API. Authenticated requests to the API's object endpoints allow an authenticated user to request arbitrary user IDs and receive sensitive account data for those users, including the...
WordPress All in One Time Clock Lite plugin unsafe direct object reference vulnerability
WordPress All in One Time Clock Lite plugin is a plugin for tracking employee attendance and supports employee/volunteer/contractor punch record management. The WordPress All in One Time Clock Lite plugin suffers from an insecure direct object reference vulnerability that stems from the applicati...
CVE-2025-6833
The All in One Time Clock Lite – Tracking Employee Time Has Never Been Easier plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.0 via the 'aiotimeclocklitejs' AJAX action due to missing validation on a user controlled key. This makes it...
CVE-2025-49952 WordPress Houzez theme <= 4.2.5 - Insecure Direct Object References (IDOR) vulnerability
Authorization Bypass Through User-Controlled Key vulnerability in favethemes Houzez houzez allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Houzez: from n/a through = 4.2.5...
CVE-2025-6833
The All in One Time Clock Lite – Tracking Employee Time Has Never Been Easier plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.0 via the 'aiotimeclocklitejs' AJAX action due to missing validation on a user controlled key. This makes it...
CVE-2025-6833
The CVE-2025-6833 entry concerns the WordPress plugin All in One Time Clock Lite (
CVE-2025-60511
Moodle OpenAI Chat Block plugin 3.0.1 2025021700 suffers from an Insecure Direct Object Reference IDOR vulnerability due to insufficient validation of the blockId parameter in /blocks/openaichat/api/completion.php. An authenticated student can impersonate another user's block e.g., administrator...
WordPress plugin All in One Time Clock Lite 安全漏洞
WordPress All in One Time Clock Lite plugin is a plugin for tracking employee attendance and supports employee/volunteer/contractor punch record management. The WordPress All in One Time Clock Lite plugin suffers from an insecure direct object reference vulnerability that stems from the applicati...
CVE-2025-62509
FileRise is a self-hosted web-based file manager with multi-file upload, editing, and batch operations. Prior to version 1.4.0, a business logic flaw in FileRise’s file/folder handling allows low-privilege users to perform unauthorized operations view/delete/modify on files created by other users...
CVE-2025-60511
Moodle OpenAI Chat Block plugin 3.0.1 2025021700 suffers from an Insecure Direct Object Reference IDOR vulnerability due to insufficient validation of the blockId parameter in /blocks/openaichat/api/completion.php. An authenticated student can impersonate another user's block e.g., administrator...
CVE-2025-60511
Moodle OpenAI Chat Block plugin 3.0.1 2025021700 suffers from an Insecure Direct Object Reference IDOR vulnerability due to insufficient validation of the blockId parameter in /blocks/openaichat/api/completion.php. An authenticated student can impersonate another user's block e.g., administrator...
EUVD-2025-35199
Moodle OpenAI Chat Block plugin 3.0.1 2025021700 suffers from an Insecure Direct Object Reference IDOR vulnerability due to insufficient validation of the blockId parameter in /blocks/openaichat/api/completion.php. An authenticated student can impersonate another user's block e.g., administrator...
CVE-2025-60511
The CVE-2025-60511 instance affects Moodle OpenAI Chat Block plugin 3.0.1, with an Insecure Direct Object Reference (IDOR) due to insufficient validation of the blockId parameter in /blocks/openai_chat/api/completion.php. An authenticated student can impersonate another user’s block (e.g., admini...