3461 matches found
CVE-2025-5816
The Plugin Pengiriman WooCommerce Kurir Reguler, Instan, Kargo – Biteship plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.2.0 via the getorderdetail due to missing validation on a user controlled key. This makes it possible for...
Exploit for CVE-2025-51862
CVE-2025-51862 Vulnerability description TelegAI, a web...
Exploit for CVE-2025-51859
CVE-2025-51859 Vulnerability description Chaindesk, a w...
CVE-2025-5816
The Plugin Pengiriman WooCommerce Kurir Reguler, Instan, Kargo – Biteship plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.2.0 via the getorderdetail due to missing validation on a user controlled key. This makes it possible for...
CVE-2025-5816
CVE-2025-5816 affects the WordPress plugin “Plugin Pengiriman WooCommerce Kurir Reguler, Instan, Kargo – Biteship” (Biteship) up to version 3.2.0. The root cause is an Insecure Direct Object Reference via get_order_detail(), caused by a missing validation on a user-controlled key. This allows aut...
CVE-2025-5816 Plugin Pengiriman WooCommerce Kurir Reguler, Instan, Kargo – Biteship <= 3.2.0 - Insecure Direct Object Reference to Authenticated (Subscriber+) View Order Tracking Details
The Plugin Pengiriman WooCommerce Kurir Reguler, Instan, Kargo – Biteship plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.2.0 via the getorderdetail due to missing validation on a user controlled key. This makes it possible for...
CVE-2025-5816 Plugin Pengiriman WooCommerce Kurir Reguler, Instan, Kargo – Biteship <= 3.2.0 - Insecure Direct Object Reference to Authenticated (Subscriber+) View Order Tracking Details
The Plugin Pengiriman WooCommerce Kurir Reguler, Instan, Kargo – Biteship plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.2.0 via the getorderdetail due to missing validation on a user controlled key. This makes it possible for...
PT-2025-29987 · WordPress · Plugin Pengiriman Woocommerce Kurir Reguler
Name of the Vulnerable Software and Affected Versions: Plugin Pengiriman WooCommerce Kurir Reguler, Instan, Kargo – Biteship versions through 3.2.0 Description: The Plugin Pengiriman WooCommerce Kurir Reguler, Instan, Kargo – Biteship for WordPress is susceptible to an Insecure Direct Object...
SingleStore: IDOR - Scheduled data leak to other accounts By "projectID"
The Insecure Direct Object Reference IDOR vulnerability was discovered in the GetNotebookScheduledPaginatedJobs endpoint on backend.singlestore.com. The API failed to verify the requestor's permission to access the specified project, allowing an authenticated user to access scheduled job...
CVE-2025-52920
Innoshop through 0.4.1 allows Insecure Direct Object Reference IDOR at multiple places within the frontend shop. Anyone can create a customer account and easily exploit these. Successful exploitation results in disclosure of the PII of other customers and the deletion of their reviews of products...
CVE-2025-50693
PHPGurukul Online DJ Booking Management System 2.0 is vulnerable to Insecure Direct Object Reference IDOR in odms/request-details.php...
CVE-2025-50693
PHPGurukul Online DJ Booking Management System 2.0 is vulnerable to Insecure Direct Object Reference IDOR in odms/request-details.php...
CVE-2025-50693
PHPGurukul Online DJ Booking Management System 2.0 is vulnerable to Insecure Direct Object Reference IDOR in odms/request-details.php...
CVE-2025-50693
PHPGurukul Online DJ Booking Management System 2.0 is vulnerable to Insecure Direct Object Reference IDOR in odms/request-details.php...
PT-2025-26752 · Unknown · Phpgurukul Online Dj Booking Management System
Name of the Vulnerable Software and Affected Versions: PHPGurukul Online DJ Booking Management System version 2.0 Description: The issue is related to Insecure Direct Object Reference IDOR in the odms/request-details.php file. This could potentially allow unauthorized access to sensitive...
CVE-2025-50693
The CVE-2025-50693 entry applies to PHPGurukul Online DJ Booking Management System 2.0, with an Insecure Direct Object Reference (IDOR) in odms/request-details.php. The root cause is IDOR allowing access to potentially sensitive information (impact: confidentiality – None, integrity – Low, availa...
CVE-2025-52920
Innoshop through 0.4.1 allows Insecure Direct Object Reference IDOR at multiple places within the frontend shop. Anyone can create a customer account and easily exploit these. Successful exploitation results in disclosure of the PII of other customers and the deletion of their reviews of products...
CVE-2025-52920
Innoshop through 0.4.1 allows Insecure Direct Object Reference IDOR at multiple places within the frontend shop. Anyone can create a customer account and easily exploit these. Successful exploitation results in disclosure of the PII of other customers and the deletion of their reviews of products...
CVE-2025-52920
Innoshop through 0.4.1 allows Insecure Direct Object Reference IDOR at multiple places within the frontend shop. Anyone can create a customer account and easily exploit these. Successful exploitation results in disclosure of the PII of other customers and the deletion of their reviews of products...
PT-2025-26591 · Innoshop · Innoshop
Name of the Vulnerable Software and Affected Versions: Innoshop versions 0.4.1 and earlier Description: The issue allows for Insecure Direct Object Reference IDOR at multiple places within the frontend shop. This can be exploited by creating a customer account, allowing an attacker to disclose th...