4442 matches found
CVE-2024-8290 WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible <= 6.7.12 - Insecure Direct Object Reference to Account Takeover/Privilege Escalation
The WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 6.7.12 via the WCFMCustomersManageController::processing function due to missing validation...
CVE-2024-8290
CVE-2024-8290 affects the WCFM – Frontend Manager for WooCommerce with Bookings Subscription Listings Compatible (WordPress plugin) up to version 6.7.12. The vulnerability arises in WCFM_Customers_Manage_Controller::processing via an insecure object reference that lets authenticated subscribers (...
CVE-2024-7491
The HUSKY – Products Filter Professional for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.3.6.1 via the woofmessengerremovesubscr AJAX action due to missing validation on the 'key' user controlled key. This makes it...
CVE-2024-7491
The HUSKY – Products Filter Professional for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.3.6.1 via the woofmessengerremovesubscr AJAX action due to missing validation on the 'key' user controlled key. This makes it...
CVE-2024-7491
The CVE-2024-7491 entry concerns HUSKY – Products Filter Professional for WooCommerce for WordPress. It is an Insecure Direct Object Reference via the woof_messenger_remove_subscr AJAX action, caused by missing validation on the user-controlled key. Affected versions are up to and including 1.3.6...
CVE-2024-7491 HUSKY – Products Filter Professional for WooCommerce <= 1.3.6.1 - Insecure Direct Object Reference to Unsubscribe
The HUSKY – Products Filter Professional for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.3.6.1 via the woofmessengerremovesubscr AJAX action due to missing validation on the 'key' user controlled key. This makes it...
CVE-2024-7491 HUSKY – Products Filter Professional for WooCommerce <= 1.3.6.1 - Insecure Direct Object Reference to Unsubscribe
The HUSKY – Products Filter Professional for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.3.6.1 via the woofmessengerremovesubscr AJAX action due to missing validation on the 'key' user controlled key. This makes it...
WordPress Salon booking system Plugin <= 10.9 is vulnerable to Insecure Direct Object References (IDOR)
Software Salon booking system Type Plugin Vulnerable versions = 10.9 Fixed in 10.9.1 OWASP Top 10 A1: Broken Access Control Classification Insecure Direct Object References IDOR CVE CVE-2024-47316 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID ecb95cdb72ad Credits...
WordPress HUSKY plugin <= 1.3.6.1 - Insecure Direct Object Reference to Unsubscribe vulnerability
Insecure Direct Object Reference to Unsubscribe vulnerability discovered by shaman0x01 in WordPress Plugin HUSKY versions = 1.3.6.1...
WordPress Charitable plugin <= 1.8.1.14 - Insecure Direct Object Reference to Account Takeover and Privilege Escalation vulnerability
Insecure Direct Object Reference to Account Takeover and Privilege Escalation vulnerability discovered by wesley wcraft in WordPress Plugin Charitable versions = 1.8.1.14...
WordPress HUSKY Plugin <= 1.3.6.1 is vulnerable to Insecure Direct Object References (IDOR)
Software HUSKY Type Plugin Vulnerable versions = 1.3.6.1 Fixed in 1.3.6.2 OWASP Top 10 A4: Insecure Design Classification Insecure Direct Object References IDOR CVE CVE-2024-7491 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID f141f252795c Credits shaman0x01 Required...
PT-2024-38381 · WordPress · Husky – Products Filter Professional
Name of the Vulnerable Software and Affected Versions: HUSKY – Products Filter Professional for WooCommerce plugin for WordPress versions up to, and including, 1.3.6.1 Description: The issue is related to Insecure Direct Object Reference. It affects the plugin via the woof messenger remove subscr...
Car Rental Project 1.0 Insecure Direct Object Reference
==================================================================================================================================== | Title : Car Rental Project 1.0 idor Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 130.0.0 64 bits | | Vendor :...
Online Food Management System 1.0 Insecure Direct Object Reference
==================================================================================================================================== | Title : Online Food Management System 1.0 idor Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 130.0.0 64 bits |...
Insecure Direct Object Reference (IDOR)
in2code/powermail is vulnerable to Insecure Direct Object Reference IDOR. The vulnerability is caused due to improper validation of the mail parameter in the createAction function, allows an unauthenticated attacker to access user-submitted data from all forms handled by the extension...
GHSA-Q25C-R482-77P9 powermail TYPO3 extension has Insecure Direct Object Reference
An issue was discovered in the powermail extension through 12.4.0 for TYPO3. It fails to validate the mail parameter of the createAction, resulting in Insecure Direct Object Reference IDOR in some configurations. An unauthenticated attacker can use this to display user-submitted data of all forms...
powermail TYPO3 extension has Insecure Direct Object Reference
An issue was discovered in the powermail extension through 12.4.0 for TYPO3. It fails to validate the mail parameter of the createAction, resulting in Insecure Direct Object Reference IDOR in some configurations. An unauthenticated attacker can use this to display user-submitted data of all forms...
CVE-2024-47047
An issue was discovered in the powermail extension through 12.4.0 for TYPO3. It fails to validate the mail parameter of the createAction, resulting in Insecure Direct Object Reference IDOR in some configurations. An unauthenticated attacker can use this to display user-submitted data of all forms...
CVE-2024-47047
An issue was discovered in the powermail extension through 12.4.0 for TYPO3. It fails to validate the mail parameter of the createAction, resulting in Insecure Direct Object Reference IDOR in some configurations. An unauthenticated attacker can use this to display user-submitted data of all forms...
CVE-2024-47047
An issue was discovered in the powermail extension through 12.4.0 for TYPO3. It fails to validate the mail parameter of the createAction, resulting in Insecure Direct Object Reference IDOR in some configurations. An unauthenticated attacker can use this to display user-submitted data of all forms...