4443 matches found
CVE-2025-64431
Zitadel is an open source identity management platform. Versions 4.0.0-rc.1 through 4.6.2 are vulnerable to secure Direct Object Reference IDOR attacks through its V2Beta API, allowing authenticated users with specific administrator roles within one organization to access and modify data belongin...
CVE-2025-4522
The IDonate – Blood Donation, Request And Donor Management System plugin for WordPress is vulnerable to Insecure Direct Object Reference via the adminpostdonordelete function in versions 2.0.0 to 2.1.9. By supplying an arbitrary userid parameter value to the wpdeleteuser function, authenticated...
EUVD-2025-38353
The Groups plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 6.7.0 via the 'groupid' parameter of the groupjoin function due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with...
CVE-2025-11748
CVE-2025-11748 : Groups plugin for WordPress contains an Insecure Direct Object Reference (IDOR) in the group_join function via the group_id parameter, allowing authenticated users with Subscriber level and above to join groups not specified by the shortcode. This affects versions up to and inclu...
CVE-2025-11748 Groups <= 3.7.0 - Authenticated (Subscriber+) Insecure Direct Object Reference to Arbitrary Group Join
The Groups plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.7.0 via the 'groupid' parameter of the groupjoin function due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with...
CVE-2025-11748 Groups <= 3.7.0 - Authenticated (Subscriber+) Insecure Direct Object Reference to Arbitrary Group Join
The Groups plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.7.0 via the 'groupid' parameter of the groupjoin function due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with...
PT-2025-45542
Name of the Vulnerable Software and Affected Versions Groups plugin for WordPress versions prior to 6.7.1 Description The Groups plugin for WordPress is susceptible to an Insecure Direct Object Reference issue. This flaw stems from inadequate validation of a user-controlled key, specifically the...
CVE-2025-64431
Zitadel is an open source identity management platform. Versions 4.0.0-rc.1 through 4.6.2 are vulnerable to secure Direct Object Reference IDOR attacks through its V2Beta API, allowing authenticated users with specific administrator roles within one organization to access and modify data belongin...
CVE-2025-64431
The CVE-2025-64431 issue concerns Zitadel’s Organization V2Beta API, where IDOR flaws allow an authenticated administrator of one organization to read or modify data of other organizations. Affected versions are Zitadel 4.0.0-rc.1 through 4.6.2. The root cause is improper authorization checks acr...
EUVD-2025-37935
Zitadel is an open source identity management platform. Versions 4.0.0-rc.1 through 4.6.2 are vulnerable to secure Direct Object Reference IDOR attacks through its V2Beta API, allowing authenticated users with specific administrator roles within one organization to access and modify data belongin...
CVE-2025-64431 IDOR Vulnerabilities in ZITADEL's Organization API allows Cross-Tenant Data Tempering
Zitadel is an open source identity management platform. Versions 4.0.0-rc.1 through 4.6.2 are vulnerable to secure Direct Object Reference IDOR attacks through its V2Beta API, allowing authenticated users with specific administrator roles within one organization to access and modify data belongin...
CVE-2025-4522
The IDonate – Blood Donation, Request And Donor Management System plugin for WordPress is vulnerable to Insecure Direct Object Reference via the adminpostdonordelete function in versions 2.0.0 to 2.1.9. By supplying an arbitrary userid parameter value to the wpdeleteuser function, authenticated...
CVE-2025-4522
The IDonate – Blood Donation, Request And Donor Management System plugin for WordPress is vulnerable to Insecure Direct Object Reference via the adminpostdonordelete function in versions 2.0.0 to 2.1.9. By supplying an arbitrary userid parameter value to the wpdeleteuser function, authenticated...
CVE-2025-4522 IDonate 2.0.0 - 2.1.9 - Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary User Deletion via admin_post_donor_delete Function
The IDonate – Blood Donation, Request And Donor Management System plugin for WordPress is vulnerable to Insecure Direct Object Reference via the adminpostdonordelete function in versions 2.0.0 to 2.1.9. By supplying an arbitrary userid parameter value to the wpdeleteuser function, authenticated...
CVE-2025-4522
The WordPress IDonate plugin (IDonate) is affected by an Insecure Direct Object Reference in versions 2.0.0–2.1.9. The root cause is improper access control in the admin_post_donor_delete flow, which allows an authenticated user (Subscriber+ privilege) to craft a user_id value passed to wp_delete...
WordPress plugin IDonate 安全漏洞
WordPress IDonate plugin is a blood donation management tool on the WordPress platform, which is mainly used for blood donor registration, blood donation request submission and background management. WordPress IDonate plugin has an insecure direct object reference vulnerability, the vulnerability...
PT-2025-45406
Name of the Vulnerable Software and Affected Versions IDonate – Blood Donation, Request And Donor Management System plugin for WordPress versions 2.0.0 through 2.1.9 Description The IDonate plugin for WordPress is susceptible to an Insecure Direct Object Reference issue. Attackers with...
ZITADEL 安全漏洞
ZITADEL is a modern open source alternative to Auth0, Firebase Auth, AWS Cognito, and Keycloak built for the container and serverless era, open sourced by ZITADEL in Switzerland. A security vulnerability exists in ZITADEL versions 4.0.0-rc.1 through 4.6.2, which stems from the presence of insecur...
CVE-2025-58627 WordPress Miraculous Core Plugin plugin < 2.0.9 - Insecure Direct Object References (IDOR) vulnerability
Authorization Bypass Through User-Controlled Key vulnerability in kamleshyadav Miraculous Core Plugin miraculouscore allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Miraculous Core Plugin: from n/a through 2.0.9...
GHSA-CPF4-PMR4-W6CX IDOR Vulnerabilities in ZITADEL's Organization API allows Cross-Tenant Data Tempering
Summary ZITADEL's Organization V2Beta API contains Insecure Direct Object Reference IDOR vulnerabilities that allow authenticated users with specific administrator roles within one organization to access and modify data belonging to other organizations. Impact ZITADEL's Organization V2Beta API,...