CVE-2024-13425 WP Job Portal <= 2.2.6 - Insecure Direct Object Reference to Authenticated (Employer+) Arbitrary Company Deletion

The WP Job Portal – A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.2.6 via the enforcedelete function due to missing validation on a user controlled key. This makes it...

CVE-2024-13429 WP Job Portal <= 2.2.6 - Insecure Direct Object Reference to Authenticated (Employer+) Arbitrary Job Deletion

The WP Job Portal – A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.2.6 via the 'jobenforcedelete' due to missing validation on a user controlled key. This makes it possib...

CVE-2024-13425 WP Job Portal <= 2.2.6 - Insecure Direct Object Reference to Authenticated (Employer+) Arbitrary Company Deletion

The WP Job Portal – A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.2.6 via the enforcedelete function due to missing validation on a user controlled key. This makes it...

CVE-2024-13425

CVE-2024-13425 affects the WP Job Portal – A Complete Recruitment System for Company or Job Board website (WordPress plugin) up to version 2.2.6. The root cause is an Insecure Direct Object Reference via the enforcedelete() function due to missing validation on a user-controlled key, enabling an ...

CVE-2024-13429 WP Job Portal <= 2.2.6 - Insecure Direct Object Reference to Authenticated (Employer+) Arbitrary Job Deletion

The WP Job Portal – A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.2.6 via the 'jobenforcedelete' due to missing validation on a user controlled key. This makes it possib...

CVE-2024-13429

CVE-2024-13429 is a WordPress WP Job Portal plugin vulnerability (versions up to 2.2.6) yielding an Insecure Direct Object Reference via the jobenforcedelete parameter. The core issue is missing validation on a user-controlled key, enabling an authenticated user with employer-level access and abo...

WordPress plugin WP Job Portal 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

WordPress plugin WP Job Portal 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

WordPress WP Job Portal plugin <= 2.2.6 - Insecure Direct Object Reference to Authenticated (Employer+) Arbitrary Company Deletion vulnerability

Insecure Direct Object Reference to Authenticated Employer+ Arbitrary Company Deletion vulnerability discovered by thevietronin in WordPress Plugin WP Job Portal versions = 2.2.6...

CVE-2024-13694

The WooCommerce Wishlist High customization, fast setup,Free Elementor Wishlist, most features plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.8.7 via the downloadpdffile function due to missing validation on a user controlled key. Th...

CVE-2024-13694

CVE-2024-13694 : The WooCommerce Wishlist plugin for WordPress (versions up to and including 1.8.7) is vulnerable to an insecure direct object reference via the download_pdf_file() function due to missing validation on a user-controlled key. This allows unauthenticated attackers to disclose wishl...

CVE-2024-13694 WooCommerce Wishlist <= 1.8.7 - Unauthenticated Wishlist Disclosure via download_pdf_file Function

The WooCommerce Wishlist High customization, fast setup,Free Elementor Wishlist, most features plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.8.7 via the downloadpdffile function due to missing validation on a user controlled key. Th...

CVE-2024-13457

The Event Tickets and Registration plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.18.1 via the tc-order-id parameter due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to view ord...

CVE-2024-13457

The Event Tickets and Registration plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.18.1 via the tc-order-id parameter due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to view ord...

CVE-2024-13457

CVE-2024-13457 affects the WordPress plugin Event Tickets and Registration (WordPress Event Tickets) up to and including version 5.18.1 . The vulnerability is an Insecure Direct Object Reference via the tc-order-id parameter, arising from missing validation on a user-controlled key. This allows u...

CVE-2024-13457 Event Tickets <= 5.18.1 - Insecure Direct Object Reference to Sensitive Information Exposure

The Event Tickets and Registration plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.18.1 via the tc-order-id parameter due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to view ord...

CVE-2024-13457 Event Tickets <= 5.18.1 - Insecure Direct Object Reference to Sensitive Information Exposure

The Event Tickets and Registration plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.18.1 via the tc-order-id parameter due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to view ord...

WordPress plugin Event Tickets and Registration 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

WordPress plugin WooCommerce Wishlist 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A security...

CVE-2024-56404

In One Identity Identity Manager 9.x before 9.3, an insecure direct object reference IDOR vulnerability allows privilege escalation. Only On-Premise installations are affected...