3454 matches found
CVE-2023-6506 WP 2FA <= 2.5.0 - Insecure Direct Object Reference to Arbitrary Email Sending
The WP 2FA – Two-factor authentication for WordPress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.5.0 via the sendbackupcodesemail due to missing validation on a user controlled key. This makes it possible for subscriber-level...
CVE-2023-6506 WP 2FA <= 2.5.0 - Insecure Direct Object Reference to Arbitrary Email Sending
The WP 2FA – Two-factor authentication for WordPress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.5.0 via the sendbackupcodesemail due to missing validation on a user controlled key. This makes it possible for subscriber-level...
CVE-2023-6506
The CVE-2023-6506 entry concerns the WP 2FA – Two-factor authentication for WordPress plugin. Affected: WP 2FA, versions up to and including 2.5.0. Issue: insecure direct object reference (IDOR) via send_backup_codes_email caused by missing validation on a user-controlled key, enabling subscriber...
CVE-2023-6223 LearnPress <= 4.2.5.7 - Insecure Direct Object Reference to Information Disclosure
The LearnPress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.2.5.7 via the /wp-json/lp/v1/profile/course-tab REST API due to missing validation on the 'userID' user controlled key. This makes it possible for authenticated attackers,...
CVE-2023-6223 LearnPress <= 4.2.5.7 - Insecure Direct Object Reference to Information Disclosure
The LearnPress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.2.5.7 via the /wp-json/lp/v1/profile/course-tab REST API due to missing validation on the 'userID' user controlled key. This makes it possible for authenticated attackers,...
CVE-2023-6223
CVE-2023-6223 affects the LearnPress – WordPress LMS Plugin. The issue is an insecure direct object reference (IDOR) in all versions up to and including 4.2.5.7, exposed via the /wp-json/lp/v1/profile/course-tab REST API. Missing validation on the userID parameter lets authenticated users with su...
CVE-2023-6630
The Contact Form 7 – Dynamic Text Extension plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.1.0 via the CF7getcustomfield and CF7getcurrentuser shortcodes due to missing validation on a user controlled key. This makes it possible for...
CVE-2023-6630
The Contact Form 7 – Dynamic Text Extension plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.1.0 via the CF7getcustomfield and CF7getcurrentuser shortcodes due to missing validation on a user controlled key. This makes it possible for...
Input validation
The Contact Form 7 – Dynamic Text Extension plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.1.0 via the CF7getcustomfield and CF7getcurrentuser shortcodes due to missing validation on a user controlled key. This makes it possible for...
CVE-2023-6630 Contact Form 7 – Dynamic Text Extension <= 4.1.0 - Insecure Direct Object Reference
The Contact Form 7 – Dynamic Text Extension plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.1.0 via the CF7getcustomfield and CF7getcurrentuser shortcodes due to missing validation on a user controlled key. This makes it possible for...
CVE-2023-6630 Contact Form 7 – Dynamic Text Extension <= 4.1.0 - Insecure Direct Object Reference
The Contact Form 7 – Dynamic Text Extension plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.1.0 via the CF7getcustomfield and CF7getcurrentuser shortcodes due to missing validation on a user controlled key. This makes it possible for...
CVE-2023-6630
CVE-2023-6630 : The WordPress plugin “Contact Form 7 – Dynamic Text Extension” ( 4.1.0); PatchStack lists 4.2.0 as the fix. Other sources corroborate the vulnerability and describe it as a broken access control issue with low overall CVSS (4.3). Actionable takeaway: apply the patch to affected in...
CVE-2023-50342
HCL DRYiCE MyXalytics is impacted by an Insecure Direct Object Reference IDOR vulnerability. A user can obtain certain details about another user as a result of improper access control...
CVE-2023-50342 Insecure Direct Object Reference (IDOR) affects DRYiCE MyXalytics
HCL DRYiCE MyXalytics is impacted by an Insecure Direct Object Reference IDOR vulnerability. A user can obtain certain details about another user as a result of improper access control...
CVE-2023-50342 Insecure Direct Object Reference (IDOR) affects DRYiCE MyXalytics
HCL DRYiCE MyXalytics is impacted by an Insecure Direct Object Reference IDOR vulnerability. A user can obtain certain details about another user as a result of improper access control...
CVE-2023-50342
CVE-2023-50342 affects HCL DRYiCE MyXalytics with an Insecure Direct Object Reference (IDOR) due to improper access control, allowing a user to obtain certain details about another user. Root cause: IDOR (insecure access controls). Impact is described as confidentiality-related; other document se...
LearnPress < 4.2.5.8 - Subscriber+ Arbitrary Course Progress Disclosure
Description The plugin is vulnerable to Insecure Direct Object Reference in the /wp-json/lp/v1/profile/course-tab REST API due to missing validation on the 'userID' user controlled key. This makes it possible for authenticated attackers, with subscriber-level access and above, to retrieve the...
GitLab 14.1 < 14.1.7 / 14.2 < 14.2.5 / 14.3 < 14.3.1 (CVE-2021-39889)
The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - In all versions of GitLab EE since version 14.1, due to an insecure direct object reference vulnerability, an endpoint may reveal the protected branch name to a malicious user who makes a crafted API...
Exploit for Improper Authentication in Hitachi Vantara_Hitachi_Network_Attached_Storage
CVE-2023-5808 CVE-2023-5808 is an Insecure Direct Object R...
Insecure Direct Object Reference (IDOR)
t3s/content-consent is vulnerable to Insecure Direct Object Reference IDOR. The issue arises because the library fails to verify whether a specified content element identifier is permitted by the plugin. This allows an unauthenticated user to display various content elements, leading to an insecu...