WordPress WP Project Manager Plugin <= 2.6.13 is vulnerable to Insecure Direct Object References (IDOR)

Software WP Project Manager Type Plugin Vulnerable versions = 2.6.13 Fixed in 2.6.14 OWASP Top 10 A4: Insecure Design Classification Insecure Direct Object References IDOR CVE CVE-2024-10174 Patch priority High CVSS severity High 7.3 Developer Claim ownership PSID 6aaed61c0d51 Credits stealthcopt...

CVE-2024-9262

The User Meta – User Profile Builder and User management plugin plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.1.1 via the getUser due to missing validation on a user controlled key. This makes it possible for authenticated attackers...

CVE-2024-9262

CVE-2024-9262 affects the WordPress plugin “User Meta – User Profile Builder and User management plugin” (WordPress). It describes an Insecure Direct Object Reference via getUser() caused by missing validation on a user-controlled key. The vulnerability affects all versions up to and including 3....

CVE-2024-9262 User Meta – User Profile Builder and User management plugin <= 3.1.1 - Insecure Direct Object Reference to Sensitive Information Exposure

The User Meta – User Profile Builder and User management plugin plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.1.1 via the getUser due to missing validation on a user controlled key. This makes it possible for authenticated attackers...

CVE-2024-9262 User Meta – User Profile Builder and User management plugin <= 3.1.1 - Insecure Direct Object Reference to Sensitive Information Exposure

The User Meta – User Profile Builder and User management plugin plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.1.1 via the getUser due to missing validation on a user controlled key. This makes it possible for authenticated attackers...

WordPress User Meta plugin <= 3.1 - Insecure Direct Object Reference to Sensitive Information Exposure vulnerability

Insecure Direct Object Reference to Sensitive Information Exposure vulnerability discovered by wesley wcraft in WordPress Plugin User Meta versions = 3.1...

Lunary Access Control Error Vulnerability

lunary is lunary open source a production toolkit for LLM . An access control error vulnerability exists in lunary, which stems from an insecure direct object reference IDOR vulnerability that can be exploited by an attacker to manipulate the id parameter in a request URL to view or delete an...

Beauty Parlour Management System Insecure Direct Object Reference Vulnerability

Beauty Parlour Management System is an application system. The Beauty Parlour Management System suffers from an insecure direct object reference vulnerability that could be exploited by an attacker to gain access to personally identifiable information of other customers...

PT-2024-39521 · WordPress · The User Meta

Name of the Vulnerable Software and Affected Versions: The User Meta – User Profile Builder and User management plugin for WordPress versions up to, and including, 3.1 Description: The issue is related to Insecure Direct Object Reference, which can be exploited by authenticated attackers with...

PTZOptics PT30X-SDI/NDI Cameras Authentication Bypass Vulnerability

PTZOptics PT30X-SDI/NDI cameras contain an insecure direct object reference IDOR vulnerability that allows a remote, attacker to bypass authentication for the /cgi-bin/param.cgi CGI script. If combined with CVE-2024-8957, this can lead to remote code execution as root...

VulnCheck KEV: CVE-2024-48217

An Insecure Direct Object Reference IDOR in the dashboard of SiSMART v7.4.0 allows attackers to execute a horizontal-privilege escalation...

CVE-2024-48217

An Insecure Direct Object Reference IDOR in the dashboard of SiSMART v7.4.0 allows attackers to execute a horizontal-privilege escalation...

SiSMART 安全漏洞

SiSMART is a content management system from SiSMART, Inc. A security vulnerability exists in SiSMART version 7.4.0 that stems from the presence of an insecure direct object reference in the dashboard that allows an attacker to perform a horizontal-privilege upgrade...

CVE-2024-48217

An Insecure Direct Object Reference IDOR in the dashboard of SiSMART v7.4.0 allows attackers to execute a horizontal-privilege escalation. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

CVE-2024-48217

An Insecure Direct Object Reference IDOR in the dashboard of SiSMART v7.4.0 allows attackers to execute a horizontal-privilege escalation...

CVE-2024-48217

CVE-2024-48217 affects SiSMART v7.4.0: an Insecure Direct Object Reference (IDOR) in the dashboard enables horizontal privilege escalation. PoC shows manipulation of Local Storage (sekolah_kode, user_id, user_level, id_token) to impersonate an administrator via these session-state values, redirec...

WordPress Forminator plugin <= 1.36.0 - Insecure Direct Object Reference to Submission Manipulation vulnerability

Insecure Direct Object Reference to Submission Manipulation vulnerability discovered by Vijaysimha Reddy vijaysimha in WordPress Plugin Forminator versions = 1.36.0...

CVE-2024-51066

An Insecure Direct Object Reference IDOR vulnerability in appointment-detail.php in Phpgurukul's Beauty Parlour Management System v1.1 allows unauthorized access to the Personally Identifiable Information PII of other customers...

CVE-2024-9700

The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.36.0 via the submitquizzes function due to missing validation on the 'entryid' user controlled key. This makes it...

CVE-2024-9700

The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.36.0 via the submitquizzes function due to missing validation on the 'entryid' user controlled key. This makes it...