3455 matches found
CVE-2024-55058
An insecure direct object reference IDOR vulnerability was discovered in PHPGurukul Online Birth Certificate System v1.0. This vulnerability resides in the viewid parameter of /user/view-application-detail.php. Authenticated users can exploit this flaw by manipulating the viewid parameter in the...
CVE-2024-55058
CVE-2024-55058 applies to PHPGurukul Online Birth Certificate System v1.0, where an insecure direct object reference exists in the viewid parameter of /user/view-application-detail.php. The vulnerability allows authenticated users to manipulate the viewid in the URL to access sensitive birth cert...
CVE-2024-12447
The Get Post Content Shortcode plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 0.4 via the 'post-content' shortcode due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with...
CVE-2024-12447
CVE-2024-12447 is a vulnerability in the Get Post Content Shortcode plugin for WordPress, affecting all versions up to 0.4. It enables Insecure Direct Object Reference via the post_content shortcode due to missing validation on a user-controlled key, allowing authenticated attackers with Contribu...
CVE-2024-12447 Get Post Content Shortcode <= 0.4 - Insecure Direct Object Reference to Authenticated (Contributor+) Sensitive Information Disclosure via post_content Shortcode
The Get Post Content Shortcode plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 0.4 via the 'post-content' shortcode due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with...
WordPress Get Post Content Shortcode plugin <= 0.4 - Insecure Direct Object Reference to Authenticated (Contributor+) Sensitive Information Disclosure via post_content Shortcode vulnerability
Insecure Direct Object Reference to Authenticated Contributor+ Sensitive Information Disclosure via postcontent Shortcode vulnerability discovered by Francesco Carlucci in WordPress Plugin Get Post Content Shortcode versions = 0.4...
CVE-2024-12309
The Rate My Post – Star Rating Plugin by FeedbackWP plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.2.4 via the getpoststatus due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to...
CVE-2024-12309
CVE-2024-12309 affects Rate My Post – Star Rating Plugin for WordPress (FeedbackWP). The vulnerability is an Insecure Direct Object Reference in get_post_status() due to missing validation on a user-controlled key, allowing unauthenticated voters to affect unpublished posts. The CVE entry notes v...
CVE-2024-12309 Rate My Post – Star Rating Plugin by FeedbackWP <= 4.2.4 - Unauthenticated Voting On Scheduled Posts
The Rate My Post – Star Rating Plugin by FeedbackWP plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.2.4 via the getpoststatus due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to...
PT-2024-17538 · Feedbackwp · Rate My Post – Star Rating Plugin
Name of the Vulnerable Software and Affected Versions: Rate My Post – Star Rating Plugin by FeedbackWP versions up to, and including, 4.2.4 Description: The issue allows unauthenticated attackers to vote on unpublished scheduled posts due to missing validation on a user-controlled key in the get...
LibrePhotos 安全漏洞
LibrePhotos is a self-hosted open source photo management service open-sourced by LibrePhotos. LibrePhotos suffers from a security vulnerability that stems from susceptibility to a cross-site scripting attack, where an attacker can take over any account by uploading an HTML file on behalf of an...
PT-2024-35792 · Unknown · Librephotos
Name of the Vulnerable Software and Affected Versions: LibrePhotos versions prior to commit 32237 Description: A Cross Site Scripting issue allows attackers to takeover any account via uploading an HTML file on behalf of the admin user using IDOR in file upload. This is achieved by exploiting the...
CVE-2024-10696
The UltraAddons – Elementor Addons Header Footer Builder, Custom Font, Custom CSS,Woo Widget, Menu Builder, Anywhere Elementor Shortcode plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.1.8 via the showtemplate due to missing validatio...
CVE-2024-10696 UltraAddons – Elementor Addons (Header Footer Builder, Custom Font, Custom CSS,Woo Widget, Menu Builder, Anywhere Elementor Shortcode) <= 1.1.8 - Insecure Direct Object Reference to Sensitive Information Exposure via UA_Template Shortcode
The UltraAddons – Elementor Addons Header Footer Builder, Custom Font, Custom CSS,Woo Widget, Menu Builder, Anywhere Elementor Shortcode plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.1.8 via the showtemplate due to missing validatio...
CVE-2024-10696
CVE-2024-10696 affects UltraAddons – Elementor Addons (Header Footer Builder, Custom Font, Custom CSS, Woo Widget, Menu Builder, Anywhere Elementor Shortcode) for WordPress. Versions
CVE-2024-10696 UltraAddons – Elementor Addons (Header Footer Builder, Custom Font, Custom CSS,Woo Widget, Menu Builder, Anywhere Elementor Shortcode) <= 1.1.8 - Insecure Direct Object Reference to Sensitive Information Exposure via UA_Template Shortcode
The UltraAddons – Elementor Addons Header Footer Builder, Custom Font, Custom CSS,Woo Widget, Menu Builder, Anywhere Elementor Shortcode plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.1.8 via the showtemplate due to missing validatio...
WordPress UltraAddons plugin <= 1.1.8 - Insecure Direct Object Reference to Sensitive Information Exposure via UA_Template Shortcode vulnerability
Insecure Direct Object Reference to Sensitive Information Exposure via UATemplate Shortcode vulnerability discovered by Francesco Carlucci in WordPress Plugin UltraAddons Elementor Lite versions = 1.1.8...
TikTok: IDOR on ads.tiktok.com Allows Unauthorized Product Addition
An Insecure Direct Object Reference IDOR vulnerability was discovered on the TikTok Ads API that allowed the addition of arbitrary products to a user's catalog without proper authorization...
CVE-2024-48901 Moodle: idor when fetching report schedules
A vulnerability was found in Moodle. Additional checks are required to ensure users can only access the schedule of a report if they have permission to edit that report...
WordPress WP Project Manager plugin <= 2.6.13 - Insecure Direct Object Reference to Unauthenticated Authorization Bypass vulnerability
Insecure Direct Object Reference to Unauthenticated Authorization Bypass vulnerability discovered by stealthcopter in WordPress Plugin WP Project Manager versions = 2.6.13...