CVE-2024-7491

The HUSKY – Products Filter Professional for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.3.6.1 via the woofmessengerremovesubscr AJAX action due to missing validation on the 'key' user controlled key. This makes it...

CVE-2024-7491 HUSKY – Products Filter Professional for WooCommerce <= 1.3.6.1 - Insecure Direct Object Reference to Unsubscribe

The HUSKY – Products Filter Professional for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.3.6.1 via the woofmessengerremovesubscr AJAX action due to missing validation on the 'key' user controlled key. This makes it...

CVE-2024-7491 HUSKY – Products Filter Professional for WooCommerce <= 1.3.6.1 - Insecure Direct Object Reference to Unsubscribe

The HUSKY – Products Filter Professional for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.3.6.1 via the woofmessengerremovesubscr AJAX action due to missing validation on the 'key' user controlled key. This makes it...

CVE-2024-7491

The CVE-2024-7491 entry concerns HUSKY – Products Filter Professional for WooCommerce for WordPress. It is an Insecure Direct Object Reference via the woof_messenger_remove_subscr AJAX action, caused by missing validation on the user-controlled key. Affected versions are up to and including 1.3.6...

WordPress HUSKY plugin <= 1.3.6.1 - Insecure Direct Object Reference to Unsubscribe vulnerability

Insecure Direct Object Reference to Unsubscribe vulnerability discovered by shaman0x01 in WordPress Plugin HUSKY versions = 1.3.6.1...

WordPress Charitable plugin <= 1.8.1.14 - Insecure Direct Object Reference to Account Takeover and Privilege Escalation vulnerability

Insecure Direct Object Reference to Account Takeover and Privilege Escalation vulnerability discovered by wesley wcraft in WordPress Plugin Charitable versions = 1.8.1.14...

PT-2024-38381 · WordPress · Husky – Products Filter Professional

Name of the Vulnerable Software and Affected Versions: HUSKY – Products Filter Professional for WooCommerce plugin for WordPress versions up to, and including, 1.3.6.1 Description: The issue is related to Insecure Direct Object Reference. It affects the plugin via the woof messenger remove subscr...

Car Rental Project 1.0 Insecure Direct Object Reference

==================================================================================================================================== | Title : Car Rental Project 1.0 idor Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 130.0.0 64 bits | | Vendor :...

Online Food Management System 1.0 Insecure Direct Object Reference

==================================================================================================================================== | Title : Online Food Management System 1.0 idor Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 130.0.0 64 bits |...

Insecure Direct Object Reference (IDOR)

in2code/powermail is vulnerable to Insecure Direct Object Reference IDOR. The vulnerability is caused due to improper validation of the mail parameter in the createAction function, allows an unauthenticated attacker to access user-submitted data from all forms handled by the extension...

powermail TYPO3 extension has Insecure Direct Object Reference

An issue was discovered in the powermail extension through 12.4.0 for TYPO3. It fails to validate the mail parameter of the createAction, resulting in Insecure Direct Object Reference IDOR in some configurations. An unauthenticated attacker can use this to display user-submitted data of all forms...

GHSA-Q25C-R482-77P9 powermail TYPO3 extension has Insecure Direct Object Reference

An issue was discovered in the powermail extension through 12.4.0 for TYPO3. It fails to validate the mail parameter of the createAction, resulting in Insecure Direct Object Reference IDOR in some configurations. An unauthenticated attacker can use this to display user-submitted data of all forms...

CVE-2024-47047

An issue was discovered in the powermail extension through 12.4.0 for TYPO3. It fails to validate the mail parameter of the createAction, resulting in Insecure Direct Object Reference IDOR in some configurations. An unauthenticated attacker can use this to display user-submitted data of all forms...

CVE-2024-47047

An issue was discovered in the powermail extension through 12.4.0 for TYPO3. It fails to validate the mail parameter of the createAction, resulting in Insecure Direct Object Reference IDOR in some configurations. An unauthenticated attacker can use this to display user-submitted data of all forms...

CVE-2024-47047

An issue was discovered in the powermail extension through 12.4.0 for TYPO3. It fails to validate the mail parameter of the createAction, resulting in Insecure Direct Object Reference IDOR in some configurations. An unauthenticated attacker can use this to display user-submitted data of all forms...

CVE-2024-47047

CVE-2024-47047 concerns the powermail TYPO3 extension (up to 12.4.0). The root cause is the failure to validate the mail parameter in the createAction, leading to an Insecure Direct Object Reference (IDOR). Consequence: an unauthenticated attacker can view user-submitted data from all forms persi...

CVE-2024-25270

An issue in Mirapolis LMS 4.6.XX allows authenticated users to exploit an Insecure Direct Object Reference IDOR vulnerability by manipulating the ID parameter and increment STEP parameter, leading to the exposure of sensitive user data...

CVE-2024-25270

Mirapolis LMS 4.6.XX contains an IDOR vulnerability that authenticated users can exploit by manipulating the ID parameter and incrementing the STEP parameter, potentially exposing sensitive user data. Root cause: insecure direct object reference in the affected endpoint. Affected product/version:...

ownCloud < 10.15.0 Multiple Vulnerabilities

ownCloud is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:owncloud:owncloud"; ifdescription...

CVE-2024-27113

An unauthenticated Insecure Direct Object Reference IDOR to the database has been found in the SO Planning tool that occurs when the public view setting is enabled. An attacker could use this vulnerability to gain access to the underlying database by exporting it as a CSV file. The vulnerability...