3446 matches found
CVE-2026-31867
Craft Commerce is an ecommerce platform for Craft CMS. Prior to 4.11.0 and 5.6.0, An Insecure Direct Object Reference IDOR vulnerability exists in Craft Commerceβs cart functionality that allows users to hijack any shopping cart by knowing or guessing its 32-character number. The CartController...
EUVD-2026-11127
The ExactMetrics β Google Analytics Dashboard for WordPress plugin is vulnerable to Insecure Direct Object Reference in versions 8.6.0 through 9.0.2. This is due to the storesettings method in the ExactMetricsOnboarding class accepting a user-supplied triggeredby parameter that is used instead of...
CVE-2026-1992 ExactMetrics 8.6.0 - 9.0.2 - Authenticated (Custom) Insecure Direct Object Reference to Arbitrary Plugin Installation
The ExactMetrics β Google Analytics Dashboard for WordPress plugin is vulnerable to Insecure Direct Object Reference in versions 8.6.0 through 9.0.2. This is due to the storesettings method in the ExactMetricsOnboarding class accepting a user-supplied triggeredby parameter that is used instead of...
CVE-2026-1992 ExactMetrics 8.6.0 - 9.0.2 - Authenticated (Custom) Insecure Direct Object Reference to Arbitrary Plugin Installation
The ExactMetrics β Google Analytics Dashboard for WordPress plugin is vulnerable to Insecure Direct Object Reference in versions 8.6.0 through 9.0.2. This is due to the storesettings method in the ExactMetricsOnboarding class accepting a user-supplied triggeredby parameter that is used instead of...
CVE-2026-2918
The Happy Addons for Elementor plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.21.0 via the haconditionupdate AJAX action. This is due to the validatereqeust method using currentusercan'editposts', $templateid instead of...
CVE-2026-2917
CVE-2026-2917 (Happy Addons for Elementor, WordPress) is an Insecure Direct Object Reference vulnerability affecting all versions up to 3.21.0. The root cause is the can_clone() check only enforcing a general capability (current_user_can('edit_posts')) and an action nonce bound to the generic ha_...
CVE-2026-2917 Happy Addons for Elementor <= 3.21.0 - Insecure Direct Object Reference to Authenticated (Contributor+) Post Duplication via 'post_id' Parameter
The Happy Addons for Elementor plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.21.0 via the haduplicatething admin action handler. This is due to the canclone method only checking currentusercan'editposts' a general capability without...
CVE-2026-2918 Happy Addons for Elementor <= 3.21.0 - Insecure Direct Object Reference to Authenticated (Contributor+) Stored Cross-Site Scripting via Template Conditions
The Happy Addons for Elementor plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.21.0 via the haconditionupdate AJAX action. This is due to the validatereqeust method using currentusercan'editposts', $templateid instead of...
CVE-2026-2918 Happy Addons for Elementor <= 3.21.0 - Insecure Direct Object Reference to Authenticated (Contributor+) Stored Cross-Site Scripting via Template Conditions
The Happy Addons for Elementor plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.21.0 via the haconditionupdate AJAX action. This is due to the validatereqeust method using currentusercan'editposts', $templateid instead of...
CVE-2026-25045
Budibase is a low code platform for creating internal tools, workflows, and admin panels. This issue is a combination of Vertical Privilege Escalation and IDOR Insecure Direct Object Reference due to missing server-side RBAC checks in the /api/global/users endpoints. A Creator-level user, who...
EUVD-2026-11073
The ProfilePress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.16.11. This is due to missing ownership validation on the changeplansubid parameter in the processcheckout function. The ppressprocesscheckout AJAX handler accepts a...
CVE-2026-3453 ProfilePress <= 4.16.11 - Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary Subscription Cancellation/Expiration
The ProfilePress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.16.11. This is due to missing ownership validation on the changeplansubid parameter in the processcheckout function. The ppressprocesscheckout AJAX handler accepts a...
CVE-2026-3453
The ProfilePress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.16.11. This is due to missing ownership validation on the changeplansubid parameter in the processcheckout function. The ppressprocesscheckout AJAX handler accepts a...
CVE-2026-3453 ProfilePress <= 4.16.11 - Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary Subscription Cancellation/Expiration
The ProfilePress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.16.11. This is due to missing ownership validation on the changeplansubid parameter in the processcheckout function. The ppressprocesscheckout AJAX handler accepts a...
EUVD-2026-11074
The ProfilePress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.16.11. This is due to missing ownership validation on the changeplansubid parameter in the processcheckout function. The ppressprocesscheckout AJAX handler accepts a...
EUVD-2026-10913
Sylius affected by IDOR in Cart and Checkout LiveComponents...
EUVD-2026-10912
Sylius affected by IDOR in Cart and Checkout LiveComponents...
PT-2026-24599
The Happy Addons for Elementor plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.21.0 via the ha condition update AJAX action. This is due to the validate reqeust method using current user can'edit posts', $template id instead of curren...
PT-2026-24655
π¨ CVE-2026-1992 The ExactMetrics β Google Analytics Dashboard for WordPress plugin is vulnerable to Insecure Direct Object Reference in versions 8.6.0 through 9.0.2. This is due to the store settings method in the ExactMetrics Onboarding class accepting a user-supplied triggered by parameter that...
WordPress Happy Addons for Elementor plugin <= 3.21.0 - Insecure Direct Object Reference to Authenticated (Contributor+) Post Duplication via 'post_id' Parameter vulnerability
Insecure Direct Object Reference to Authenticated Contributor+ Post Duplication via 'postid' Parameter vulnerability discovered by Dmitrii Ignatyev - CleanTalk Inc in WordPress Plugin Happy Addons for Elementor versions = 3.21.0...