Insecure Direct Object Reference in extension "Content Consent" (content_consent)

The extension fails to verify whether a specified content element identifier is permitted by the plugin. This enables an unauthenticated user to display various content elements, leading to an insecure direct object reference IDOR vulnerability with the potential to expose internal content elemen...

GHSA-J8CW-PPMV-WJ85 Insecure Direct Object Reference in extension "Content Consent" (content_consent)

The extension fails to verify whether a specified content element identifier is permitted by the plugin. This enables an unauthenticated user to display various content elements, leading to an insecure direct object reference IDOR vulnerability with the potential to expose internal content elemen...

CVE-2023-48641

Archer Platform 6.x before 6.14 P1 HF2 6.14.0.1.2 contains an insecure direct object reference vulnerability. An authenticated malicious user in a multi-instance installation could potentially exploit this vulnerability by manipulating application resource references in user requests to bypass...

Authorization

Archer Platform 6.x before 6.14 P1 HF2 6.14.0.1.2 contains an insecure direct object reference vulnerability. An authenticated malicious user in a multi-instance installation could potentially exploit this vulnerability by manipulating application resource references in user requests to bypass...

CVE-2023-48641

Archer Platform 6.x before 6.14 P1 HF2 6.14.0.1.2 contains an insecure direct object reference vulnerability. An authenticated malicious user in a multi-instance installation could potentially exploit this vulnerability by manipulating application resource references in user requests to bypass...

CVE-2023-48641

Archer Platform 6.x before 6.14 P1 HF2 6.14.0.1.2 contains an insecure direct object reference vulnerability. An authenticated malicious user in a multi-instance installation could potentially exploit this vulnerability by manipulating application resource references in user requests to bypass...

WP Photo Album Plus < 8.6.01.003 - Insecure Direct Object Reference

Description The WP Photo Album Plus plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 8.5.02.005 due to missing validation on a user controlled key. This makes it possible for unauthenticated attacker to perform an unauthorized action bas...

CVE-2023-5808

CVE-2023-5808 affects Hitachi NAS SMU versions prior to 14.8.7825.01. It is an Insecure Direct Object Reference (IDOR) vulnerability that lets authenticated Storage/Server/Server+Storage Administrators download HNAS configuration backups and diagnostic data via URL manipulation, potentially expos...

Hitachi Vantara HNAS Authorization Issues Vulnerability

Hitachi Vantara HNAS is an enterprise NAS from Hitachi, Japan, designed to provide a consolidated NAS solution for distributed enterprise and data center applications. An authorization issue vulnerability exists in Hitachi Vantara HNAS version 14.8.7825.01, which stems from an information...

PT-2023-31274 · Unknown · Dolphinscheduler

Name of the Vulnerable Software and Affected Versions: DolphinScheduler versions prior to 3.1.0 Description: The issue allows authenticated users to delete UDF functions in the resource center without authorization, which is related to an unauthorized access vulnerability, also known as Insecure...

WP Shortcodes Plugin — Shortcodes Ultimate < 7.0.0 - Insecure Direct Object Reference to Information Disclosure

Description The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.13.3 via the sumeta shortcode due to missing validation on the user controlled keys 'key' and 'postid'. This makes it possible...

CVE-2023-6226

The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.13.3 via the sumeta shortcode due to missing validation on the user controlled keys 'key' and 'postid'. This makes it possible for...

Input validation

The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.13.3 via the sumeta shortcode due to missing validation on the user controlled keys 'key' and 'postid'. This makes it possible for...

CVE-2023-6226 WP Shortcodes Plugin — Shortcodes Ultimate <= 5.13.3 - Insecure Direct Object Reference to Information Disclosure

The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.13.3 via the sumeta shortcode due to missing validation on the user controlled keys 'key' and 'postid'. This makes it possible for...

CVE-2023-6226

CVE-2023-6226 affects the WordPress plugin WP Shortcodes Plugin – Shortcodes Ultimate, versions ≤ 5.13.3. The issue is an Insecure Direct Object Reference (IDOR) in the su_meta shortcode caused by missing validation of user-controlled keys key and post_id. This allows authenticated users with con...

CVE-2023-6202 Insecure Direct Object Reference in /plugins/focalboard/ api/v2/users of Mattermost Boards

Mattermost fails to perform proper authorization in the /plugins/focalboard/api/v2/users endpoint allowing an attacker who is a guest user and knows the ID of another user to get their information e.g. name, surname, nickname via Mattermost Boards...

CVE-2023-6202 Insecure Direct Object Reference in /plugins/focalboard/ api/v2/users of Mattermost Boards

Mattermost fails to perform proper authorization in the /plugins/focalboard/api/v2/users endpoint allowing an attacker who is a guest user and knows the ID of another user to get their information e.g. name, surname, nickname via Mattermost Boards...

Sysaid Technologies SysAid Security Vulnerabilities

Sysaid Technologies SysAid is a suite of IT service management solutions from Sysaid Technologies, Israel. A security vulnerability exists in Sysaid Technologies SysAid versions prior to 23.2.15 that stems from the presence of an insecure direct object reference IDOR issue that allows an attacker...

Pre-Publish Checklist < 1.1.2 - Insecure Direct Object Reference to Arbitrary Post '_ppc_meta_key' Update

Description The Pre-Publish Checklist plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 1.1.1 via the ppcmetaboxajaxaddhandler and ppcmetaboxajaxdeletehandler functions due to missing validation on a user controlled key. This can allow...

Youzify < 1.2.3 - Insecure Direct Object Reference

Description The Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.2.2 due to missing validation on a user controlled key. This makes it...