659 matches found
WordPress JS Help Desk plugin <= 3.1.0 - Insecure Direct Object References (IDOR) vulnerability
Insecure Direct Object References IDOR vulnerability discovered by William Matos in WordPress Plugin JS Help Desk versions = 3.1.0...
WordPress Majestic Support plugin <= 1.1.7 - Insecure Direct Object References (IDOR) vulnerability
Insecure Direct Object References IDOR vulnerability discovered by William Matos in WordPress Plugin Majestic Support versions = 1.1.7...
WordPress Blocksy Companion Pro plugin <= 2.1.46 - Insecure Direct Object References (IDOR) vulnerability
Insecure Direct Object References IDOR vulnerability discovered by Austin Ginder in WordPress Plugin Blocksy Companion Pro versions = 2.1.46...
PT-2026-52714
Name of the Vulnerable Software and Affected Versions BookPro versions prior to 1.1.1 Description An unauthenticated Insecure Direct Object Reference IDOR exists, which occurs when an application provides direct access to objects based on user-supplied input without sufficient authorization check...
PT-2026-52728
Name of the Vulnerable Software and Affected Versions SupportCandy versions prior to 3.4.7 Description An Insecure Direct Object Reference IDOR exists, which occurs when an application provides direct access to objects based on user-supplied input, potentially allowing unauthorized access to data...
PT-2026-52762
Name of the Vulnerable Software and Affected Versions Payment Gateway Based Fees and Discounts for WooCommerce versions prior to 3.0.1 Description An unauthenticated Insecure Direct Object Reference IDOR exists in the software. IDOR is a type of access control vulnerability that occurs when an...
CVE-2026-56013
The CVE describes an unauthenticated Insecure Direct Object References (IDOR) in the WordPress License Manager for WooCommerce plugin, affected versions up to 3.0.15. The vulnerability stems from insecure direct object references that could allow unauthenticated access to license data. Connected ...
WordPress Payment Gateway Based Fees and Discounts for WooCommerce plugin <= 3.0.0 - Insecure Direct Object References (IDOR) vulnerability
Insecure Direct Object References IDOR vulnerability discovered by Jakub Herman in WordPress Plugin Payment Gateway Based Fees and Discounts for WooCommerce versions = 3.0.0...
PT-2026-52427
Name of the Vulnerable Software and Affected Versions License Manager for WooCommerce versions prior to 3.0.16 Description An unauthenticated Insecure Direct Object Reference IDOR exists in the software. IDOR is a type of access control vulnerability that occurs when an application provides direc...
EUVD-2026-37604
Unauthenticated Insecure Direct Object References IDOR in Salon booking system = 10.30.24 versions...
WordPress SupportCandy plugin <= 3.4.6 - Insecure Direct Object References (IDOR) vulnerability
Insecure Direct Object References IDOR vulnerability discovered by HieuPenguinnn in WordPress Plugin SupportCandy versions = 3.4.6...
CVE-2026-54184
Unauthenticated Insecure Direct Object References IDOR in Clean Login = 1.15 versions...
CVE-2026-40768
Unauthenticated Insecure Direct Object References IDOR in Salon booking system = 10.30.24 versions...
CVE-2025-15657 WordPress School Management plugin <= 93.1.0 - Insecure Direct Object References (IDOR) vulnerability
Unauthenticated Insecure Direct Object References IDOR in School Management = 93.1.0 versions...
CVE-2026-54184
The CVE concerns WordPress plugin Clean Login prior to or up to version 1.15 with an Unauthenticated Insecure Direct Object References (IDOR) vulnerability. The root cause is an IDOR issue in the plugin, potentially exposing object identifiers to unauthenticated users. CVSS 3.1 metrics indicate h...
CVE-2026-40768
The CVE covers WordPress Salon booking system plugin versions
CVE-2026-40768 WordPress Salon booking system plugin <= 10.30.24 - Insecure Direct Object References (IDOR) vulnerability
Unauthenticated Insecure Direct Object References IDOR in Salon booking system = 10.30.24 versions...
EUVD-2025-210157
Custom role Insecure Direct Object References IDOR in Projectopia = 5.1.25.2 versions...
CVE-2026-52699
Unauthenticated Insecure Direct Object References IDOR in VikRentCar = 1.4.5 versions...
CVE-2026-48868
Unauthenticated Insecure Direct Object References IDOR in Simple Shopping Cart = 5.2.9 versions...