4452 matches found
CVE-2025-4691 Free Booking Plugin for Hotels, Restaurants and Car Rentals – eaSYNC Booking <= 1.3.21 - Insecure Direct Object Reference to Sensitive Information Exposure
The Free Booking Plugin for Hotels, Restaurants and Car Rentals – eaSYNC Booking plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.3.21 via the 'viewrequestdetails' due to missing validation on a user controlled key. This makes it...
CVE-2025-4691
CVE-2025-4691 applies to the Free Booking Plugin for Hotels, Restaurants and Car Rentals – eaSYNC Booking for WordPress. The vulnerability is an Insecure Direct Object Reference that allows unauthenticated attackers to view details of any booking request via the view_request_details endpoint. Aff...
PT-2025-23399 · WordPress · Easync Booking
Name of the Vulnerable Software and Affected Versions: eaSYNC Booking plugin for WordPress versions prior to 1.3.22 Description: The issue allows unauthenticated attackers to view the details of any booking request due to missing validation on a user-controlled key, specifically via the 'view...
WordPress eaSYNC plugin <= 1.3.21 - Insecure Direct Object Reference to Sensitive Information Exposure vulnerability
Insecure Direct Object Reference to Sensitive Information Exposure vulnerability discovered by cucumbersalad in WordPress Plugin eaSYNC versions = 1.3.21...
CVE-2024-47055
SummaryThis advisory addresses a security vulnerability in Mautic related to the segment cloning functionality. This vulnerability allows any authenticated user to clone segments without proper authorization checks. Insecure Direct Object Reference IDOR / Missing Authorization: A missing...
Insecure Direct Object Reference (IDOR)
mautic/core is vulnerable to an Insecure Direct Object Reference IDOR. The vulnerability is due to missing authorization checks in the segment cloning function, which allows authenticated users to clone segments even if they don’t have the necessary permissions...
Mautic segment cloning doesn't have a proper permission check
Summary This advisory addresses a security vulnerability in Mautic related to the segment cloning functionality. This vulnerability allows any authenticated user to clone segments without proper authorization checks. Insecure Direct Object Reference IDOR / Missing Authorization: A missing...
GHSA-VPH5-GHQ3-Q782 Mautic segment cloning doesn't have a proper permission check
Summary This advisory addresses a security vulnerability in Mautic related to the segment cloning functionality. This vulnerability allows any authenticated user to clone segments without proper authorization checks. Insecure Direct Object Reference IDOR / Missing Authorization: A missing...
CVE-2024-47055
CVE-2024-47055 concerns Mautic where the cloneAction in the segment management exposes a Missing Authorization vulnerability (IDOR). An authenticated user can clone segments without proper permission checks, bypassing access controls. The root cause is insufficient authorization in the cloneActio...
CVE-2024-47055 Segment cloning doesn't have a proper permission check
SummaryThis advisory addresses a security vulnerability in Mautic related to the segment cloning functionality. This vulnerability allows any authenticated user to clone segments without proper authorization checks. Insecure Direct Object Reference IDOR / Missing Authorization: A missing...
CVE-2024-47055 Segment cloning doesn't have a proper permission check
SummaryThis advisory addresses a security vulnerability in Mautic related to the segment cloning functionality. This vulnerability allows any authenticated user to clone segments without proper authorization checks. Insecure Direct Object Reference IDOR / Missing Authorization: A missing...
The vulnerability of the Front End User Registration (sr_feuser_register) extension of the TYPO3 content management system allows a hacker to gain unauthorized access to protected information.
The vulnerability of the Front End User Registration srfeuserregister extension of the TYPO3 content management system is related to the use of a insecure direct link to an object IDOR. Exploiting this vulnerability could allow an attacker to gain unauthorized access to protected information...
CVE-2025-40650 Insecure Direct Object Reference (IDOR) in Clickedu
Insecure Direct Object Reference IDOR vulnerability in Clickedu. This vulnerability could allow an attacker to retrieve information about student report cards...
CVE-2025-40650
CVE-2025-40650 corresponds to an Insecure Direct Object Reference (IDOR) vulnerability in the Clickedu platform. Multiple sources describe that an attacker could retrieve information about student report cards, due to improper access control on object references. The issue is rooted in IDOR logic...
CVE-2025-40650 Insecure Direct Object Reference (IDOR) in Clickedu
Insecure Direct Object Reference IDOR vulnerability in Clickedu. This vulnerability could allow an attacker to retrieve information about student report cards...
Insecure Direct Object Reference (IDOR)
in2code/femanager is vulnerable to Insecure Direct Object Reference IDOR. The vulnerability is due to improper access control on the user parameter in the newAction method of the newController, allows attackers to manipulate the parameter to access data of other frontend users...
Insecure Direct Object Reference (IDOR)
renolit/reint-downloadmanager is vulnerable to Insecure Direct Object Reference. The vulnerability is due to insufficient access control or validation on the downloaduid parameter in the downloadAction, allowing unauthorized users to directly access files they shouldn’t be able to read...
Clickedu 安全漏洞
Clickedu is an academic management platform from Clickedu, Inc. Clickedu has a security vulnerability that stems from an insecure direct object reference that could lead to information disclosure...
PT-2025-22893 · Clickedu · Clickedu
Name of the Vulnerable Software and Affected Versions: Clickedu versions all versions Description: The issue is related to an Insecure Direct Object Reference IDOR vulnerability. This could allow an attacker to retrieve information about student report cards. Recommendations: At the moment, there...
CVE-2024-52294
Khoj is a self-hostable artificial intelligence app. Prior to version 1.29.10, an Insecure Direct Object Reference IDOR vulnerability in the updatesubscription endpoint allows any authenticated user to manipulate other users' Stripe subscriptions by simply modifying the email parameter in the...