Lucene search
K

660 matches found

CVE
CVE
added 2026/01/22 4:52 p.m.14 views

CVE-2026-22406

CVE-2026-22406 describes an IDOR-style authorization bypass in Mikado-Themes Overton WordPress theme (Overton) due to a user-controlled key and misconfigured access control. Affected: Overton

3.8CVSS5.4AI score0.00201EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/01/22 4:52 p.m.20 views

CVE-2026-22404 WordPress Innovio theme <= 1.7 - Insecure Direct Object References (IDOR) vulnerability

Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes Innovio innovio allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Innovio: from n/a through = 1.7...

3.8CVSS0.00201EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/01/22 4:52 p.m.24 views

CVE-2026-22406 WordPress Overton theme <= 1.3 - Insecure Direct Object References (IDOR) vulnerability

Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes Overton overton allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Overton: from n/a through = 1.3...

3.8CVSS0.00201EPSS
Exploits0References1
CVE
CVE
added 2026/01/22 4:52 p.m.11 views

CVE-2026-22407

CVE-2026-22407 describes an IDOR-style Authorization Bypass in Mikado-Themes Roam (Roam) WordPress theme. Affected: Roam versions up to 2.1.1. Root cause: access control levels misconfigured, with a user-controlled key allowing bypass to restricted resources. Impact: authorisation bypass could ex...

3.8CVSS5.4AI score0.00201EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/01/22 4:52 p.m.23 views

CVE-2026-22396 WordPress Fiorello theme <= 1.0 - Insecure Direct Object References (IDOR) vulnerability

Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes Fiorello fiorello allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Fiorello: from n/a through = 1.0...

5.4CVSS0.00229EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/01/22 4:52 p.m.21 views

CVE-2026-22400 WordPress Holmes theme <= 1.7 - Insecure Direct Object References (IDOR) vulnerability

Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes Holmes holmes allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Holmes: from n/a through = 1.7...

5.4CVSS0.00229EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/01/22 12:0 a.m.9 views

Mastodon security vulnerabilities

Mastodon is an open-source social networking server based on ActivityPub. Versions of Mastodon prior to v4.5.5, v4.4.12, and v4.3.18 contained security vulnerabilities. These vulnerabilities stemmed from insecure direct object references in the web push subscription update endpoint, which could...

6.5CVSS5.8AI score0.00195EPSS
Exploits0References4
Patchstack
Patchstack
added 2026/01/16 3:11 p.m.8 views

WordPress Frontend File Manager plugin <= 23.5 - Insecure Direct Object References (IDOR) vulnerability

Insecure Direct Object References IDOR vulnerability discovered by Mdr in WordPress Plugin Frontend File Manager versions = 23.5...

5.3CVSS5.5AI score0.00325EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/01/09 2:27 p.m.8 views

WordPress Rosebud theme <= 1.4 - Insecure Direct Object References (IDOR) vulnerability

Insecure Direct Object References IDOR vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Rosebud versions = 1.4...

5.4CVSS5.4AI score0.00185EPSS
Exploits0Affected Software1
RedhatCVE
RedhatCVE
added 2026/01/09 8:57 a.m.7 views

CVE-2023-4213

The Simplr Registration Form Plus+ plugin for WordPress is vulnerable to Insecure Direct Object References in versions up to, and including, 2.4.5. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes it...

8.8CVSS5.9AI score0.00615EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/01/08 4:33 p.m.26 views

CVE-2026-22489 WordPress Image Slider Slideshow plugin <= 1.8 - Insecure Direct Object References (IDOR) vulnerability

Authorization Bypass Through User-Controlled Key vulnerability in Wptexture Image Slider Slideshow image-slider-slideshow allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Image Slider Slideshow: from n/a through = 1.8...

4.3CVSS0.0017EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/01/06 10:15 p.m.9 views

WordPress LearnPress - WordPress LMS Plugin plugin <= 4.3.2.2 - Insecure Direct Object Reference to Authenticated (Instructor+) Teacher Material Deletion vulnerability

WordPress LearnPress - WordPress LMS Plugin plugin = 4.3.2.2 - Insecure Direct Object Reference to Authenticated Instructor+ Teacher Material Deletion vulnerability discovered by Deniz Mert dennywise in WordPress Plugin LearnPress versions = 4.3.2.1...

5.4CVSS6.8AI score0.00295EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/01/06 4:15 p.m.6 views

CVE-2020-36920

iDS6 DSSPro Digital Signage System 6.2 contains an improper access control vulnerability that allows authenticated users to elevate privileges through console JavaScript functions. Attackers can create users, modify roles and permissions, and potentially achieve full application takeover by...

8.8CVSS0.00315EPSS
Exploits1References7
CVE
CVE
added 2026/01/06 3:52 p.m.16 views

CVE-2020-36920

CVE-2020-36920 affects iDS6 DSSPro Digital Signage System, version 6.2. The vulnerability is due to improper access control that enables authenticated users to escalate privileges via console JavaScript functions. Attackers can create users and modify roles/permissions, potentially taking full co...

8.8CVSS6.4AI score0.00315EPSS
Exploits1References7
Vulnrichment
Vulnrichment
added 2026/01/06 3:52 p.m.3 views

CVE-2020-36920 iDS6 DSSPro Digital Signage System 6.2 Privilege Escalation via Access Control

iDS6 DSSPro Digital Signage System 6.2 contains an improper access control vulnerability that allows authenticated users to elevate privileges through console JavaScript functions. Attackers can create users, modify roles and permissions, and potentially achieve full application takeover by...

8.8CVSS6.4AI score0.00315EPSS
Exploits1References7
Cvelist
Cvelist
added 2026/01/06 3:52 p.m.33 views

CVE-2020-36920 iDS6 DSSPro Digital Signage System 6.2 Privilege Escalation via Access Control

iDS6 DSSPro Digital Signage System 6.2 contains an improper access control vulnerability that allows authenticated users to elevate privileges through console JavaScript functions. Attackers can create users, modify roles and permissions, and potentially achieve full application takeover by...

8.8CVSS0.00315EPSS
Exploits1References7
Patchstack
Patchstack
added 2026/01/02 2:49 p.m.9 views

WordPress Sweet Jane theme <= 1.2 - Insecure Direct Object References (IDOR) vulnerability

Insecure Direct Object References IDOR vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Sweet Jane versions = 1.2...

5.4CVSS7AI score0.00229EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/01/02 1:15 p.m.8 views

WordPress Roam theme <= 2.1.1 - Insecure Direct Object References (IDOR) vulnerability

Insecure Direct Object References IDOR vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Roam versions = 2.1.1...

5.4CVSS7AI score0.00201EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/01/02 10:16 a.m.7 views

WordPress Tutor LMS plugin <= 3.9.4 - Insecure Direct Object References (IDOR) vulnerability

Insecure Direct Object References IDOR vulnerability discovered by Supakiad S. m3ez in WordPress Plugin Tutor LMS versions = 3.9.4...

8.1CVSS5.4AI score0.00295EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/01/01 2:25 p.m.7 views

WordPress Curly theme <= 3.3 - Insecure Direct Object References (IDOR) vulnerability

Insecure Direct Object References IDOR vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Curly versions = 3.3...

5.4CVSS7AI score0.00229EPSS
Exploits0Affected Software1
Rows per page
Query Builder