CVE-2025-68044

CVE-2025-68044 affects Five Star Restaurant Reservations (WordPress Booking Plugin). Affected versions ≤ 2.7.4 expose an unauthenticated IDOR via a user-controlled key, enabling authorization bypass. Reported as Unauthenticated/IDOR with CVSS v3.1 base score 8.6 ( HIGH ); impact per the docs incl...

CVE-2025-68044 WordPress Five Star Restaurant Reservations plugin <= 2.7.4 - Insecure Direct Object References (IDOR) vulnerability

Authorization Bypass Through User-Controlled Key vulnerability in Rustaurius Five Star Restaurant Reservations restaurant-reservations allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Five Star Restaurant Reservations: from n/a through = 2.7.4...

CVE-2026-21447

Bagisto is an open source laravel eCommerce platform. Prior to version 2.3.10, an Insecure Direct Object Reference vulnerability in the customer order reorder function allows any authenticated customer to add items from another customer's order to their own shopping cart by manipulating the order...

Bagisto has IDOR in Customer Order Reorder Functionality

Summary An Insecure Direct Object Reference vulnerability in the customer order reorder function allows any authenticated customer to add items from another customer's order to their own shopping cart by manipulating the order ID parameter. This exposes sensitive purchase information and enables...

GHSA-X5RW-QVVP-5CGM Bagisto has IDOR in Customer Order Reorder Functionality

Summary An Insecure Direct Object Reference vulnerability in the customer order reorder function allows any authenticated customer to add items from another customer's order to their own shopping cart by manipulating the order ID parameter. This exposes sensitive purchase information and enables...

CVE-2026-21447

Bagisto is an open source laravel eCommerce platform. Prior to version 2.3.10, an Insecure Direct Object Reference vulnerability in the customer order reorder function allows any authenticated customer to add items from another customer's order to their own shopping cart by manipulating the order...

CVE-2026-21447

Bagisto (Laravel eCommerce) prior to version 2.3.10 is affected by an Insecure Direct Object Reference (IDOR) in the customer order reorder function. The root cause is that OrderController::reorder retrieves orders by ID without verifying ownership, allowing any authenticated customer to add item...

CVE-2026-21447 Bagisto has IDOR in Customer Order Reorder Functionality

Bagisto is an open source laravel eCommerce platform. Prior to version 2.3.10, an Insecure Direct Object Reference vulnerability in the customer order reorder function allows any authenticated customer to add items from another customer's order to their own shopping cart by manipulating the order...

CVE-2026-21447 Bagisto has IDOR in Customer Order Reorder Functionality

Bagisto is an open source laravel eCommerce platform. Prior to version 2.3.10, an Insecure Direct Object Reference vulnerability in the customer order reorder function allows any authenticated customer to add items from another customer's order to their own shopping cart by manipulating the order...

WordPress Sweet Jane theme <= 1.2 - Insecure Direct Object References (IDOR) vulnerability

Insecure Direct Object References IDOR vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Sweet Jane versions = 1.2...

WordPress Dolcino theme <= 1.6 - Insecure Direct Object References (IDOR) vulnerability

Insecure Direct Object References IDOR vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Dolcino versions = 1.6...

WordPress Roam theme <= 2.1.1 - Insecure Direct Object References (IDOR) vulnerability

Insecure Direct Object References IDOR vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Roam versions = 2.1.1...

WordPress Overton theme <= 1.3 - Insecure Direct Object References (IDOR) vulnerability

Insecure Direct Object References IDOR vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Overton versions = 1.3...

WordPress Tutor LMS plugin <= 3.9.4 - Insecure Direct Object References (IDOR) vulnerability

Insecure Direct Object References IDOR vulnerability discovered by Supakiad S. m3ez in WordPress Plugin Tutor LMS versions = 3.9.4...

PT-2026-1127

Name of the Vulnerable Software and Affected Versions Bagisto versions prior to 2.3.10 Description An Insecure Direct Object Reference issue exists in the customer order reorder function. This allows authenticated customers to add items from another customer's order to their own shopping cart by...

WordPress Curly theme <= 3.3 - Insecure Direct Object References (IDOR) vulnerability

Insecure Direct Object References IDOR vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Curly versions = 3.3...

CVE-2025-49352

Technical details for CVE-2025-49352 are not publicly provided in the supplied documents. No confirmed affected product, root cause, impact, or fix is available here. Monitor for official updates from CVE/NVD feeds and vendor advisories.

CVE-2025-49334 WordPress MyD Delivery plugin <= 1.7.1 - Insecure Direct Object References (IDOR) vulnerability

Authorization Bypass Through User-Controlled Key vulnerability in Eduardo Villão MyD Delivery myd-delivery allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MyD Delivery: from n/a through = 1.7.1...

CVE-2025-49334 WordPress MyD Delivery plugin <= 1.3.7 - Insecure Direct Object References (IDOR) vulnerability

Authorization Bypass Through User-Controlled Key vulnerability in Eduardo Villão MyD Delivery allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MyD Delivery: from n/a through 1.3.7...

WordPress Master Addons for Elementor plugin <= 2.0.9.9.4 - Insecure Direct Object References (IDOR) vulnerability

Insecure Direct Object References IDOR vulnerability discovered by Mdr in WordPress Plugin Master Addons for Elementor versions = 2.0.9.9.4...