4443 matches found
CVE-2025-25777
Insecure Direct Object Reference IDOR in Codeastro Bus Ticket Booking System v1.0 allows unauthorized access to user profiles. By manipulating the user ID in the URL, an attacker can access another user's profile without proper authentication or authorization checks...
CVE-2025-1284
The Woocommerce Automatic Order Printing | Formerly WooCommerce Google Cloud Print plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.1 via the xcwooprinterpreview AJAX action due to missing validation on a user controlled key. This make...
CVE-2025-1284 Woocommerce Automatic Order Printing | ( Formerly WooCommerce Google Cloud Print) <= 4.1 - Insecure Direct Object Reference to Authenticated (Subscriber+) Order Information Disclosure
The Woocommerce Automatic Order Printing | Formerly WooCommerce Google Cloud Print plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.1 via the xcwooprinterpreview AJAX action due to missing validation on a user controlled key. This make...
CVE-2025-1284
CVE-2025-1284 affects the WordPress plugin “Woocommerce Automatic Order Printing” (formerly WooCommerce Google Cloud Print), vulnerable up to version 4.1 due to missing validation on a user-controlled key in the xc_woo_printer_preview AJAX action. The issue is an Insecure Direct Object Reference ...
CVE-2025-25777
Insecure Direct Object Reference IDOR in Codeastro Bus Ticket Booking System v1.0 allows unauthorized access to user profiles. By manipulating the user ID in the URL, an attacker can access another user's profile without proper authentication or authorization checks...
CVE-2025-25777
Insecure Direct Object Reference IDOR in Codeastro Bus Ticket Booking System v1.0 allows unauthorized access to user profiles. By manipulating the user ID in the URL, an attacker can access another user's profile without proper authentication or authorization checks...
CVE-2025-25777
CVE-2025-25777 affects Codeastro Bus Ticket Booking System v1.0, where an insecure direct object reference (IDOR) allows unauthorized access to user profiles by altering the URL parameter user ID. Root cause: insufficient authentication/authorization checks on profile endpoints, enabling access t...
CodeAstro Bus Ticket Booking System 安全漏洞
CodeAstro Bus Ticket Booking System is a bus ticket booking system from CodeAstro. A security vulnerability exists in CodeAstro Bus Ticket Booking System version 1.0, which stems from an insecure direct object reference that could lead to unauthorized access to user data...
PT-2025-17708 · WordPress · Woocommerce Automatic Order Printing
Name of the Vulnerable Software and Affected Versions: WooCommerce Automatic Order Printing plugin versions up to, and including, 4.1 Description: The issue is related to Insecure Direct Object Reference, which allows authenticated attackers with Subscriber-level access and above to view other...
WordPress Woocommerce Automatic Order Printing plugin <= 4.1 - Insecure Direct Object Reference to Authenticated (Subscriber+) Order Information Disclosure vulnerability
Insecure Direct Object Reference to Authenticated Subscriber+ Order Information Disclosure vulnerability discovered by Lucio Sá in WordPress Plugin Woocommerce Automatic Order Printing versions = 4.1...
📄 UJCMS 9.6.3 Insecure Direct Object Reference
UJCMS version 9.6.3 suffers from an insecure direct object reference vulnerability that enables user enumeration. Exploit Title: UJCMS 9.6.3 User Enumeration via IDOR Exploit Author: Cyd Tseng Date: 11 Dec 2024 Category: Web application Vendor Homepage: https://dromara.org/ Software Link:...
UJCMS 9.6.3 - User Enumeration via IDOR
Exploit Title: UJCMS 9.6.3 User Enumeration via IDOR Exploit Author: Cyd Tseng Date: 11 Dec 2024 Category: Web application Vendor Homepage: https://dromara.org/ Software Link: https://github.com/dromara/ujcms Version: UJCMS 9.6.3 Tested on: Linux CVE: CVE-2024-12483 Advisory:...
CVE-2025-39434 WordPress Avatar plugin <= 0.1.4 - Insecure Direct Object References (IDOR) vulnerability
Authorization Bypass Through User-Controlled Key vulnerability in Scott Taylor Avatar allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Avatar: from n/a through 0.1.4...
CVE-2025-39434 WordPress Avatar plugin <= 0.1.4 - Insecure Direct Object References (IDOR) vulnerability
Authorization Bypass Through User-Controlled Key vulnerability in Scott Taylor Avatar avatar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Avatar: from n/a through = 0.1.4...
CVE-2025-3575
Insecure Direct Object Reference vulnerability in Deporsite from T-INNOVA allows an attacker to retrieve sensitive information from others users via "idUsuario" parameter in "/helper/Familia/establecerUsuarioSeleccion" endpoint...
CVE-2025-3574
Insecure Direct Object Reference vulnerability in Deporsite from T-INNOVA allows an attacker to retrieve sensitive information from others users via "idUsuario" parameter in "/helper/Familia/obtenerFamiliaUsuario" endpoint...
WordPress Avatar plugin <= 0.1.4 - Insecure Direct Object References (IDOR) vulnerability
Insecure Direct Object References IDOR vulnerability discovered by Nguyen Xuan Chien Patchstack Alliance in WordPress Plugin Avatar versions = 0.1.4...
ProConf 6.0 - Insecure Direct Object Reference (IDOR)
Exploit Title: ProConf 6.0 - Insecure Direct Object Reference IDOR Date: 19/07/2018 Exploit Author: S. M. Zia Ur Rashid, SC Author Contact: https://www.linkedin.com/in/ziaurrashid/ Vendor Homepage: http://proconf.org & http://myproconf.org Version:...
CVE-2025-3574
Insecure Direct Object Reference vulnerability in Deporsite from T-INNOVA allows an attacker to retrieve sensitive information from others users via "idUsuario" parameter in "/helper/Familia/obtenerFamiliaUsuario" endpoint...
CVE-2025-3575
Insecure Direct Object Reference vulnerability in Deporsite from T-INNOVA allows an attacker to retrieve sensitive information from others users via "idUsuario" parameter in "/helper/Familia/establecerUsuarioSeleccion" endpoint...