4442 matches found
WordPress plugin WP Job Portal 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
PT-2025-1761 · WordPress · Wp Job Portal
Name of the Vulnerable Software and Affected Versions: WP Job Portal – A Complete Recruitment System plugin for WordPress versions up to, and including, 2.2.4 Description: The WP Job Portal plugin for WordPress is vulnerable to Insecure Direct Object Reference due to missing validation on a user...
Insecure Direct Object Reference (IDOR)
Oqtane Framework is vulnerable to Insecure Direct Object Reference IDOR. The vulnerability is due to insufficient access control. Specifically, the application does not properly validate or restrict a user's access to resources based on their identity, allowing them to manipulate parameters like...
Insecure Direct Object Reference (IDOR)
oqtane.framework is vulnerable to Insecure Direct Object Reference IDOR. The vulnerability is due to insufficient authorization checks in the Oqtane.Controllers.UserController, allows attackers to manipulate the id parameter to access sensitive information belonging to other users...
CVE-2024-52294
Khoj is a self-hostable artificial intelligence app. Prior to version 1.29.10, an Insecure Direct Object Reference IDOR vulnerability in the updatesubscription endpoint allows any authenticated user to manipulate other users' Stripe subscriptions by simply modifying the email parameter in the...
CVE-2024-52294 khoj has an IDOR in subscription management that allows unauthorized subscription modifications
Khoj is a self-hostable artificial intelligence app. Prior to version 1.29.10, an Insecure Direct Object Reference IDOR vulnerability in the updatesubscription endpoint allows any authenticated user to manipulate other users' Stripe subscriptions by simply modifying the email parameter in the...
CVE-2024-52294 khoj has an IDOR in subscription management that allows unauthorized subscription modifications
Khoj is a self-hostable artificial intelligence app. Prior to version 1.29.10, an Insecure Direct Object Reference IDOR vulnerability in the updatesubscription endpoint allows any authenticated user to manipulate other users' Stripe subscriptions by simply modifying the email parameter in the...
Khoj 安全漏洞
Khoj is an open source application from Khoj AI. It can create ready-to-use personal AI agents for users. A security vulnerability exists in Khoj versions prior to 1.29.10, which stems from the presence of an insecure direct object reference IDOR vulnerability that allows any authenticated user t...
WordPress WooCommerce Point of Sale plugin <= 6.1.0 - Insecure Direct Object Reference to Privilege Escalation via Arbitrary User Email Change vulnerability
Insecure Direct Object Reference to Privilege Escalation via Arbitrary User Email Change vulnerability discovered by Tonn in WordPress Plugin WooCommerce Point of Sale versions = 6.1.0...
GHSA-HHCW-WWXV-G95C Oqtane Framework Insecure Direct Object Reference vulnerability
Oqtane Framework is vulnerable to Insecure Direct Object Reference IDOR in Oqtane.Controllers.UserController. This allows unauthorized users to access sensitive information of other users by manipulating the id parameter...
GHSA-2HR5-CVWP-JR5W Oqtane Framework Insecure Direct Object Reference vulnerability
An IDOR Insecure Direct Object Reference vulnerability exists in Oqtane Framework 6.0.0, allowing a logged-in user to access inbox messages of other users by manipulating the notification ID in the request URL. By changing the notification ID, an attacker can view sensitive mail details belonging...
Oqtane Framework Insecure Direct Object Reference vulnerability
An IDOR Insecure Direct Object Reference vulnerability exists in Oqtane Framework 6.0.0, allowing a logged-in user to access inbox messages of other users by manipulating the notification ID in the request URL. By changing the notification ID, an attacker can view sensitive mail details belonging...
Oqtane Framework Insecure Direct Object Reference vulnerability
Oqtane Framework is vulnerable to Insecure Direct Object Reference IDOR in Oqtane.Controllers.UserController. This allows unauthorized users to access sensitive information of other users by manipulating the id parameter...
CVE-2024-55471
Oqtane Framework is vulnerable to Insecure Direct Object Reference IDOR in Oqtane.Controllers.UserController. This allows unauthorized users to access sensitive information of other users by manipulating the id parameter...
CVE-2024-55186
An IDOR Insecure Direct Object Reference vulnerability exists in oqtane Framework 6.0.0, allowing a logged-in user to access inbox messages of other users by manipulating the notification ID in the request URL. By changing the notification ID, an attacker can view sensitive mail details belonging...
CVE-2024-55186
An IDOR Insecure Direct Object Reference vulnerability exists in oqtane Framework 6.0.0, allowing a logged-in user to access inbox messages of other users by manipulating the notification ID in the request URL. By changing the notification ID, an attacker can view sensitive mail details belonging...
CVE-2024-12014
Path Traversal vulnerability in the eSignaViewer component in eSigna product versions 1.0 to 1.5 on all platforms allow an unauthenticated attacker to access arbitrary files in the document system via manipulation of file paths and object identifiers...
CVE-2024-12014 Path Traversal vulnerability in eSignaViewer Allow Unauthorized File Access
Path Traversal vulnerability in the eSignaViewer component in eSigna product versions 1.0 to 1.5 on all platforms allow an unauthenticated attacker to access arbitrary files in the document system via manipulation of file paths and object identifiers...
CVE-2024-12014 Path Traversal vulnerability in eSignaViewer Allow Unauthorized File Access
Path Traversal vulnerability in the eSignaViewer component in eSigna product versions 1.0 to 1.5 on all platforms allow an unauthenticated attacker to access arbitrary files in the document system via manipulation of file paths and object identifiers...
CVE-2024-12014
Summary: CVE-2024-12014 describes a path traversal and insecure direct object reference (IDOR) vulnerability in the eSignaViewer component of the eSigna product (versions 1.0–1.5) that allows an unauthenticated attacker to access arbitrary files in the document system by manipulating file paths a...