4442 matches found
WordPress plugin Replace Image security vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
WordPress Replace Image plugin <= 1.1.10 - Authenticated Insecure Direct Object Reference vulnerability
Authenticated Insecure Direct Object Reference vulnerability discovered by Jin Hao Chan in WordPress Plugin Replace Image versions = 1.1.10...
Wordpress LatePoint Plugin plugin <= 4.9.9 - Missing Authorization and Sensitive Information Exposure via IDOR vulnerability
Missing Authorization and Sensitive Information Exposure via IDOR vulnerability discovered by Gharib Sharifi - WaveSec, Joel Aviad Ossi in WordPress Plugin LatePoint versions = 4.9.9...
CVE-2024-34106 Insecure Direct Object Reference - An attacker can able to erase the victim quote details
Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. An attacker could exploit this vulnerability to gain unauthorized access or perform actions with the privileges of anoth...
CVE-2024-34106 Insecure Direct Object Reference - An attacker can able to erase the victim quote details
Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. An attacker could exploit this vulnerability to gain unauthorized access or perform actions with the privileges of anoth...
KiviCare <= 3.6.2 - Authenticated (Patient+) Insecure Direct Object Reference
Description The KiviCare – Clinic & Patient Management System EHR plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.6.2 due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with...
CVE-2024-35659 WordPress KiviCare plugin <= 3.6.6 - Insecure Direct Object References (IDOR) vulnerability
Missing Authorization vulnerability in Iqonic Design KiviCare kivicare-clinic-management-system allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects KiviCare: from n/a through = 3.6.6...
CVE-2024-5438
The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.7.1 via the 'attemptdelete' function due to missing validation on a user controlled key. This makes it possible for authenticated...
CVE-2024-5438
The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.7.1 via the 'attemptdelete' function due to missing validation on a user controlled key. This makes it possible for authenticated...
CVE-2024-5438 Tutor LMS – eLearning and online course solution <= 2.7.1 - Authenticated (Instructor+) Insecure Direct Object Reference to Arbitrary Quiz Attempt Deletion
The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.7.1 via the 'attemptdelete' function due to missing validation on a user controlled key. This makes it possible for authenticated...
CVE-2024-5438
CVE-2024-5438: Tutor LMS – eLearning and online course solution for WordPress affects all versions up to 2.7.1. The issue is an Insecure Direct Object Reference in the quiz attempts deletion path via the attempt_delete function, due to missing validation on a user-controlled key. This allows auth...
CVE-2024-5438 Tutor LMS – eLearning and online course solution <= 2.7.1 - Authenticated (Instructor+) Insecure Direct Object Reference to Arbitrary Quiz Attempt Deletion
The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.7.1 via the 'attemptdelete' function due to missing validation on a user controlled key. This makes it possible for authenticated...
WordPress Tutor LMS plugin <= 2.7.1 - Authenticated (Instructor+) Insecure Direct Object Reference to Arbitrary Quiz Attempt Deletion vulnerability
Authenticated Instructor+ Insecure Direct Object Reference to Arbitrary Quiz Attempt Deletion vulnerability discovered by Thanh Nam Tran in WordPress Plugin Tutor LMS versions = 2.7.1...
Tutor LMS – eLearning and online course solution < 2.7.2 - Authenticated (Instructor+) Insecure Direct Object Reference to Arbitrary Quiz Attempt Deletion
Description The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.7.1 via the 'attemptdelete' function due to missing validation on a user controlled key. This makes it possible for...
WordPress Tutor LMS Plugin <= 2.7.1 is vulnerable to Insecure Direct Object References (IDOR)
Software Tutor LMS Type Plugin Vulnerable versions = 2.7.1 Fixed in 2.7.2 OWASP Top 10 A1: Broken Access Control Classification Insecure Direct Object References IDOR CVE CVE-2024-5438 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 04944e6bcf56 Credits Thanh Nam Tran...
CVE-2024-5128
CVE-2024-5128 affects lunary-ai/lunary up to version 1.2.2, with an IDOR in dataset management endpoints that lets unauthorized users view, update, or delete any dataset_prompt or dataset_prompt_variation. Root cause: insufficient access control checks via direct object IDs. Impact is information...
PT-2024-34585 · Lunary · Lunary
Name of the Vulnerable Software and Affected Versions: lunary-ai/lunary versions up to and including 1.2.2 Description: An Insecure Direct Object Reference IDOR vulnerability was identified, allowing unauthorized users to view, update, or delete any dataset prompt or dataset prompt variation with...
kanboard -- Project Takeover via IDOR in ProjectPermissionController
[email protected] reports: Kanboard is project management software that focuses on the Kanban methodology. The vuln is in app/Controller/ProjectPermissionController.php function addUser. The users permission to add users to a project only get checked on the URL parameter projectid. I...
WordPress BuddyBoss Platform plugin < 2.6.0 - Insecure Direct Object Reference on Like Comment vulnerability
Insecure Direct Object Reference on Like Comment vulnerability discovered by Faris Krivi in WordPress Plugin Buddyboss Platform versions 2.6.0...
CVE-2024-4750
The buddyboss-platform WordPress plugin before 2.6.0 contains an IDOR vulnerability that allows a user to like a private post by manipulating the ID included in the request...