660 matches found
CVE-2026-22406
CVE-2026-22406 describes an IDOR-style authorization bypass in Mikado-Themes Overton WordPress theme (Overton) due to a user-controlled key and misconfigured access control. Affected: Overton
CVE-2026-22404 WordPress Innovio theme <= 1.7 - Insecure Direct Object References (IDOR) vulnerability
Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes Innovio innovio allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Innovio: from n/a through = 1.7...
CVE-2026-22406 WordPress Overton theme <= 1.3 - Insecure Direct Object References (IDOR) vulnerability
Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes Overton overton allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Overton: from n/a through = 1.3...
CVE-2026-22407
CVE-2026-22407 describes an IDOR-style Authorization Bypass in Mikado-Themes Roam (Roam) WordPress theme. Affected: Roam versions up to 2.1.1. Root cause: access control levels misconfigured, with a user-controlled key allowing bypass to restricted resources. Impact: authorisation bypass could ex...
CVE-2026-22396 WordPress Fiorello theme <= 1.0 - Insecure Direct Object References (IDOR) vulnerability
Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes Fiorello fiorello allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Fiorello: from n/a through = 1.0...
CVE-2026-22400 WordPress Holmes theme <= 1.7 - Insecure Direct Object References (IDOR) vulnerability
Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes Holmes holmes allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Holmes: from n/a through = 1.7...
Mastodon security vulnerabilities
Mastodon is an open-source social networking server based on ActivityPub. Versions of Mastodon prior to v4.5.5, v4.4.12, and v4.3.18 contained security vulnerabilities. These vulnerabilities stemmed from insecure direct object references in the web push subscription update endpoint, which could...
WordPress Frontend File Manager plugin <= 23.5 - Insecure Direct Object References (IDOR) vulnerability
Insecure Direct Object References IDOR vulnerability discovered by Mdr in WordPress Plugin Frontend File Manager versions = 23.5...
WordPress Rosebud theme <= 1.4 - Insecure Direct Object References (IDOR) vulnerability
Insecure Direct Object References IDOR vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Rosebud versions = 1.4...
CVE-2023-4213
The Simplr Registration Form Plus+ plugin for WordPress is vulnerable to Insecure Direct Object References in versions up to, and including, 2.4.5. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes it...
CVE-2026-22489 WordPress Image Slider Slideshow plugin <= 1.8 - Insecure Direct Object References (IDOR) vulnerability
Authorization Bypass Through User-Controlled Key vulnerability in Wptexture Image Slider Slideshow image-slider-slideshow allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Image Slider Slideshow: from n/a through = 1.8...
WordPress LearnPress - WordPress LMS Plugin plugin <= 4.3.2.2 - Insecure Direct Object Reference to Authenticated (Instructor+) Teacher Material Deletion vulnerability
WordPress LearnPress - WordPress LMS Plugin plugin = 4.3.2.2 - Insecure Direct Object Reference to Authenticated Instructor+ Teacher Material Deletion vulnerability discovered by Deniz Mert dennywise in WordPress Plugin LearnPress versions = 4.3.2.1...
CVE-2020-36920
iDS6 DSSPro Digital Signage System 6.2 contains an improper access control vulnerability that allows authenticated users to elevate privileges through console JavaScript functions. Attackers can create users, modify roles and permissions, and potentially achieve full application takeover by...
CVE-2020-36920
CVE-2020-36920 affects iDS6 DSSPro Digital Signage System, version 6.2. The vulnerability is due to improper access control that enables authenticated users to escalate privileges via console JavaScript functions. Attackers can create users and modify roles/permissions, potentially taking full co...
CVE-2020-36920 iDS6 DSSPro Digital Signage System 6.2 Privilege Escalation via Access Control
iDS6 DSSPro Digital Signage System 6.2 contains an improper access control vulnerability that allows authenticated users to elevate privileges through console JavaScript functions. Attackers can create users, modify roles and permissions, and potentially achieve full application takeover by...
CVE-2020-36920 iDS6 DSSPro Digital Signage System 6.2 Privilege Escalation via Access Control
iDS6 DSSPro Digital Signage System 6.2 contains an improper access control vulnerability that allows authenticated users to elevate privileges through console JavaScript functions. Attackers can create users, modify roles and permissions, and potentially achieve full application takeover by...
WordPress Sweet Jane theme <= 1.2 - Insecure Direct Object References (IDOR) vulnerability
Insecure Direct Object References IDOR vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Sweet Jane versions = 1.2...
WordPress Roam theme <= 2.1.1 - Insecure Direct Object References (IDOR) vulnerability
Insecure Direct Object References IDOR vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Roam versions = 2.1.1...
WordPress Tutor LMS plugin <= 3.9.4 - Insecure Direct Object References (IDOR) vulnerability
Insecure Direct Object References IDOR vulnerability discovered by Supakiad S. m3ez in WordPress Plugin Tutor LMS versions = 3.9.4...
WordPress Curly theme <= 3.3 - Insecure Direct Object References (IDOR) vulnerability
Insecure Direct Object References IDOR vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Curly versions = 3.3...