WordPress Upcoming Events Lists Plugin <= 1.4.0 - Insecure Direct Object References (IDOR) Vulnerability

Insecure Direct Object References IDOR Vulnerability discovered by Nabil Irawan in WordPress Plugin Upcoming Events Lists versions = 1.4.0...

WordPress Content Mask plugin <= 1.8.5.3 - Insecure Direct Object References (IDOR) vulnerability

Insecure Direct Object References IDOR vulnerability discovered by Nabil Irawan in WordPress Plugin Content Mask versions = 1.8.5.3...

WordPress Academy LMS Plugin <= 3.3.4 - Insecure Direct Object References (IDOR) Vulnerability

Insecure Direct Object References IDOR Vulnerability discovered by n0arafatn0 in WordPress Plugin Academy LMS versions = 3.3.4...

CVE-2025-59562 WordPress Academy LMS Plugin <= 3.3.4 - Insecure Direct Object References (IDOR) Vulnerability

Authorization Bypass Through User-Controlled Key vulnerability in Academy LMS Academy LMS allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Academy LMS: from n/a through 3.3.4...

CVE-2025-57994

Technical details are not publicly available in the provided documents for CVE-2025-57994 (Upcoming Events Lists). Monitor for updates and rely on official advisories for affected versions, impact, and fixes.

CVE-2025-57994 WordPress Upcoming Events Lists Plugin <= 1.4.0 - Insecure Direct Object References (IDOR) Vulnerability

Authorization Bypass Through User-Controlled Key vulnerability in Sayful Islam Upcoming Events Lists allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Upcoming Events Lists: from n/a through 1.4.0...

CVE-2025-57994 WordPress Upcoming Events Lists Plugin <= 1.4.0 - Insecure Direct Object References (IDOR) Vulnerability

Authorization Bypass Through User-Controlled Key vulnerability in Sayful Islam Upcoming Events Lists upcoming-events-lists allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Upcoming Events Lists: from n/a through = 1.4.0...

CVE-2025-58012

CVE-2025-58012 relates to the WordPress Content Mask plugin. The connected documentation provides concrete details: Content Mask versions up to 1.8.5.2 are affected, with an Authenticated (Author+) condition leading to a Server-Side Request Forgery (SSRF) scenario as described in the Wordfence vu...

CVE-2025-58012 WordPress Content Mask Plugin <= 1.8.5.2 - Insecure Direct Object References (IDOR) Vulnerability

Authorization Bypass Through User-Controlled Key vulnerability in Alex Content Mask allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Content Mask: from n/a through 1.8.5.2...

CVE-2025-55886

An Insecure Direct Object Reference IDOR vulnerability was discovered in ARD. The flaw exists in the feuid parameter of the payment history API endpoint. An authenticated attacker can manipulate this parameter to access the payment history of other users without authorization...

Liferay Portal和Liferay DXP 安全漏洞

Liferay Portal and Liferay DXP are both products of Liferay, Inc.Liferay Portal is a J2EE based portal solution. The solution uses technologies such as EJB as well as JMS and can be used as a Web publishing and sharing workspace, enterprise collaboration platform, social network, etc. Liferay DXP...

CVE-2025-55886

An Insecure Direct Object Reference IDOR vulnerability was discovered in ARD. The flaw exists in the feuid parameter of the payment history API endpoint. An authenticated attacker can manipulate this parameter to access the payment history of other users without authorization...

CVE-2025-55886

CVE-2025-55886 concerns ARD. Affected component is the payment history API endpoint where the fe_uid parameter is used to fetch a user’s payment history. The underlying issue is an Insecure Direct Object Reference (IDOR) allowing an authenticated attacker to manipulate fe_uid to access other user...

PT-2025-39087

Name of the Vulnerable Software and Affected Versions Liferay Portal versions 7.3.5 through 7.4.3.112 Liferay DXP versions 2023.Q4.0 through 2023.Q4.8 Liferay DXP versions 2023.Q3.1 through 2023.Q3.10 Liferay versions 7.4 GA through update 92 Description An Insecure Direct Object Reference IDOR...

CVE-2025-55886

An Insecure Direct Object Reference IDOR vulnerability was discovered in ARD. The flaw exists in the feuid parameter of the payment history API endpoint. An authenticated attacker can manipulate this parameter to access the payment history of other users without authorization...

ARD GEC en Ligne 安全漏洞

ARD GEC en Ligne is an online service portal of ARD France. A security vulnerability exists in ARD GEC en Ligne that stems from an insecure direct object reference to the feuid parameter in the payment history API endpoint, which could lead to unauthorized access to another user's payment history...

PT-2025-38757

Name of the Vulnerable Software and Affected Versions ARD affected versions not specified Description An Insecure Direct Object Reference IDOR vulnerability exists in ARD. The flaw is located in the fe uid parameter of the payment history API endpoint. An authenticated attacker can manipulate thi...

CVE-2025-10719

Tronclass developed by WisdomGarden has an Insecure Direct object Reference vulnerability, allowing remote attackers with regular privilege to modify a specific parameter to access other users' files...

CVE-2025-43803

Insecure direct object reference IDOR vulnerability in the Contacts Center widget in Liferay Portal 7.4.0 through 7.4.3.119, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.6, 2023.Q3.1 through 2023.Q3.10, 7.4 GA through update 92, and older unsupported versions allows...

CVE-2025-43803

Insecure direct object reference IDOR vulnerability in the Contacts Center widget in Liferay Portal 7.4.0 through 7.4.3.119, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.6, 2023.Q3.1 through 2023.Q3.10, 7.4 GA through update 92, and older unsupported versions allows...