CVE-2025-52920

Innoshop (v0.4.1 and earlier) is affected by an IDOR vulnerability in the frontend store. The issue allows disclosure of other customers’ PII and deletion of their product reviews by manipulating IDs in endpoints such as /en/account/orders/{ORDER_ID} and /en/account/reviews/{REVIEW_ID}, or by alt...

PT-2025-26591 · Innoshop · Innoshop

Name of the Vulnerable Software and Affected Versions: Innoshop versions 0.4.1 and earlier Description: The issue allows for Insecure Direct Object Reference IDOR at multiple places within the frontend shop. This can be exploited by creating a customer account, allowing an attacker to disclose th...

CVE-2025-52920

Innoshop through 0.4.1 allows Insecure Direct Object Reference IDOR at multiple places within the frontend shop. Anyone can create a customer account and easily exploit these. Successful exploitation results in disclosure of the PII of other customers and the deletion of their reviews of products...

CVE-2025-49978

CVE-2025-49978 describes an Insecure Direct Object References (IDOR) vulnerability in the WordPress JobSearch plugin (WP Job Board) versions n/a through 2.9.0. The issue is an Authorization Bypass Through User-Controlled Key , enabling bypass of access controls for certain resources. This is supp...

CVE-2025-49995 WordPress Download Attachments plugin <= 1.3.1 - Insecure Direct Object References (IDOR) Vulnerability

Authorization Bypass Through User-Controlled Key vulnerability in dFactory Download Attachments allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Download Attachments: from n/a through 1.3.1...

WordPress JobSearch plugin < 3.0.6 - Insecure Direct Object References (IDOR) Vulnerability

Insecure Direct Object References IDOR Vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Plugin JobSearch versions 3.0.6...

WordPress Download Attachments plugin <= 1.3.1 - Insecure Direct Object References (IDOR) vulnerability

Insecure Direct Object References IDOR vulnerability discovered by haudayroi - BlueRock in WordPress Plugin Download Attachments versions = 1.3.1...

Dmacroweb DM Corporative CMS Insecure Direct Elephant Reference Vulnerability (CNVD-2025-14361)

Dmacroweb DM Corporative CMS is a content management system from the Spanish company Dmacroweb. Dmacroweb DM Corporative CMS suffers from an insecure direct object reference vulnerability, which originates from the parameter option in the file /administer/selectionnode/selection.asp that fails to...

Dmacroweb DM Corporative CMS Insecure Direct Elephant Reference Vulnerability (CNVD-2025-14359)

Dmacroweb DM Corporative CMS is a content management system from the Spanish company Dmacroweb. Dmacroweb DM Corporative CMS suffers from an insecure direct object reference vulnerability, which stems from the failure of the option parameter in the file /administer/selectionnode/framesSelection.a...

CVE-2025-40660

An Insecure Direct Object Reference IDOR vulnerability has been found in DM Corporative CMS. This vulnerability allows an attacker to access the private area setting the option parameter equal to 0, 1 or 2 in /administer/select node/data.asp?mode=catalogue&id1;=1&id2;=1session==1=0...

CVE-2025-40659

An Insecure Direct Object Reference IDOR vulnerability has been found in DM Corporative CMS. This vulnerability allows an attacker to access the private area setting the option parameter equal to 0, 1 or 2 in /administer/selectionnode/framesSelectionNetworks.asp...

CVE-2025-40661

An Insecure Direct Object Reference IDOR vulnerability has been found in DM Corporative CMS. This vulnerability allows an attacker to access the private area setting the option parameter equal to 0, 1 or 2 in /administer/selectionnode/selection.asp...

CVE-2025-40658

An Insecure Direct Object Reference IDOR vulnerability has been found in DM Corporative CMS. This vulnerability allows an attacker to access the private area setting the option parameter equal to 0, 1 or 2 in /administer/selectionnode/framesSelection.asp...

CVE-2025-40659

An Insecure Direct Object Reference IDOR vulnerability has been found in DM Corporative CMS. This vulnerability allows an attacker to access the private area setting the option parameter equal to 0, 1 or 2 in /administer/selectionnode/framesSelectionNetworks.asp...

CVE-2025-40658

An Insecure Direct Object Reference IDOR vulnerability has been found in DM Corporative CMS. This vulnerability allows an attacker to access the private area setting the option parameter equal to 0, 1 or 2 in /administer/selectionnode/framesSelection.asp...

CVE-2025-40661

An Insecure Direct Object Reference IDOR vulnerability has been found in DM Corporative CMS. This vulnerability allows an attacker to access the private area setting the option parameter equal to 0, 1 or 2 in /administer/selectionnode/selection.asp...

CVE-2025-40660

An Insecure Direct Object Reference IDOR vulnerability has been found in DM Corporative CMS. This vulnerability allows an attacker to access the private area setting the option parameter equal to 0, 1 or 2 in /administer/select node/data.asp?mode=catalogue&id1=1&id2=1session=&cod=1&networks=0...

CVE-2025-40659

An Insecure Direct Object Reference IDOR vulnerability has been found in DM Corporative CMS. This vulnerability allows an attacker to access the private area setting the option parameter equal to 0, 1 or 2 in /administer/selectionnode/framesSelectionNetworks.asp...

CVE-2025-40658

An Insecure Direct Object Reference IDOR vulnerability has been found in DM Corporative CMS. This vulnerability allows an attacker to access the private area setting the option parameter equal to 0, 1 or 2 in /administer/selectionnode/framesSelection.asp...

CVE-2025-40661

An Insecure Direct Object Reference IDOR vulnerability has been found in DM Corporative CMS. This vulnerability allows an attacker to access the private area setting the option parameter equal to 0, 1 or 2 in /administer/selectionnode/selection.asp...