WordPress WP Job Portal plugin <= 2.3.2 - Insecure Direct Object References (IDOR) Vulnerability

Insecure Direct Object References IDOR Vulnerability discovered by LVT-tholv2k in WordPress Plugin WP Job Portal versions = 2.3.2...

CVE-2025-48272

CVE-2025-48272 is a Missing Authorization / Insecure Direct Object References (IDOR) vulnerability in the WordPress plugin WP Job Portal (versions up to 2.3.2). Exploitation involves bypassing access controls to access restricted objects. The CVE entry aligns with Patchstack’s note that WP Job Po...

CVE-2025-48272 WordPress WP Job Portal <= 2.3.2 - Insecure Direct Object References (IDOR) Vulnerability

Missing Authorization vulnerability in wpjobportal WP Job Portal allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP Job Portal: from n/a through 2.3.2...

CVE-2025-48272 WordPress WP Job Portal plugin <= 2.3.2 - Insecure Direct Object References (IDOR) Vulnerability

Missing Authorization vulnerability in wpjobportal WP Job Portal wp-job-portal allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Job Portal: from n/a through = 2.3.2...

WordPress BuddyBoss platform plugin < 2.7.60 - Private Comment Exposure via IDOR vulnerability

Private Comment Exposure via IDOR vulnerability discovered by Faris Krivi in WordPress Plugin Buddyboss Platform versions 2.7.60...

TYPO3-EXT-SA-2025-004: Insecure Direct Object Reference in extension "Download manager" (reint_downloadmanager)

More info at https://typo3.org/security/advisory/typo3-ext-sa-2025-004...

TYPO3-EXT-SA-2025-006: Insecure Direct Object Reference in extension "femanager" (femanager)

More info at https://typo3.org/security/advisory/typo3-ext-sa-2025-006...

CVE-2025-39537 WordPress Better Customer List for WooCommerce Plugin <= 1.2.3 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Blaze Concepts Better Customer List for WooCommerce woo-better-customer-list allows Reflected XSS.This issue affects Better Customer List for WooCommerce: from n/a through = 1.2.3...

WordPress WP JobHunt plugin <= 7.1 - Insecure Direct Object References (IDOR) Vulnerability

Insecure Direct Object References IDOR Vulnerability discovered by Bonds in WordPress Plugin WP JobHunt versions = 7.1...

CVE-2025-3769

The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.1.92 via the 'viewbookingsummaryinlightbox' due to missing validation on a user controlled key. This makes it possible...

CVE-2024-8988

The PeepSo Core: File Uploads plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 6.4.6.0 via the filedownload REST API endpoint due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to...

CVE-2025-4762

CVE-2025-4762 affects eSigna versions 1.0–1.5, via an IDOR in the eSignaViewer component that lets an unauthenticated attacker access arbitrary files in the document system by manipulating file paths and object identifiers. The PT-2025-21276 entry confirms the vulnerable component and remediation...

CVE-2024-52601 iTop portal Insecure Direct Object Reference vulnerability

iTop is an web based IT Service Management tool. Prior to versions 2.7.12, 3.1.3, and 3.2.1, anyone with an account having portal access can have read access to objects they're not allowed to see by querying an unprotected route. Versions 2.7.12, 3.1.3, and 3.2.1 contain a fix for the issue...

CVE-2025-3769

The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.1.92 via the 'viewbookingsummaryinlightbox' due to missing validation on a user controlled key. This makes it possible...

CVE-2025-3769

CVE-2025-3769 – LatePoint (WordPress) Unauthenticated IDOR Affected software: LatePoint – Calendar Booking Plugin for Appointments and Events (WordPress). Root cause: Insecure Direct Object Reference due to missing validation on a user-controlled key in the view_booking_summary_in_lightbox endpoi...

CVE-2025-3769 Latepoint <= 5.1.92 - Unauthenticated Insecure Direct Object Reference

The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.1.92 via the 'viewbookingsummaryinlightbox' due to missing validation on a user controlled key. This makes it possible...

CVE-2024-8988

The PeepSo Core: File Uploads plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 6.4.6.0 via the filedownload REST API endpoint due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to...

CVE-2024-8988

CVE-2024-8988 concerns PeepSo Core: File Uploads for WordPress. It allows an unauthenticated attacker to exploit an Insecure Direct Object Reference via the file_download REST endpoint due to missing validation on a user-controlled key, enabling download of files uploaded by other users. Affected...

WordPress plugin PeepSo Core File Uploads 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A security vulnerability...

WordPress Latepoint plugin <= 5.1.92 - Unauthenticated Insecure Direct Object Reference vulnerability

Unauthenticated Insecure Direct Object Reference vulnerability discovered by Martin Martin in WordPress Plugin LatePoint versions = 5.1.92...