CVE-2024-22305 WordPress Contact Form builder with drag & drop - Kali Forms Plugin <= 2.3.36 is vulnerable to Insecure Direct Object References (IDOR)

Authorization Bypass Through User-Controlled Key vulnerability in ali Forms Contact Form builder with drag & drop for WordPress – Kali Forms.This issue affects Contact Form builder with drag & drop for WordPress – Kali Forms: from n/a through 2.3.36...

CVE-2024-22305 WordPress Contact Form builder with drag & drop - Kali Forms Plugin <= 2.3.36 is vulnerable to Insecure Direct Object References (IDOR)

Authorization Bypass Through User-Controlled Key vulnerability in ali Forms Contact Form builder with drag & drop for WordPress – Kali Forms.This issue affects Contact Form builder with drag & drop for WordPress – Kali Forms: from n/a through 2.3.36...

Starbox < 3.4.8 - Subscriber+ Plugin Preferences / User Settings Access via IDOR

Description The plugin is vulnerable to Insecure Direct Object Reference via the action function due to missing validation on a user controlled key. This makes it possible for subscribers to view plugin preferences and potentially other user settings...

WordPress Starbox Plugin <= 3.4.7 is vulnerable to Insecure Direct Object References (IDOR)

Software Starbox Type Plugin Vulnerable versions = 3.4.7 Fixed in 3.4.8 OWASP Top 10 A4: Insecure Design Classification Insecure Direct Object References IDOR CVE CVE-2024-0366 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 91eab1a196aa Credits Sh Required privilege...

CVE-2024-23747

The Moderna Sistemas ModernaNet Hospital Management System 2024 is susceptible to an Insecure Direct Object Reference IDOR vulnerability. This vulnerability resides in the system's handling of user data access through a /Modernanet/LAUDO/LAU0000100/Laudo?id= URI. By manipulating this id parameter...

Security feature bypass

The Moderna Sistemas ModernaNet Hospital Management System 2024 is susceptible to an Insecure Direct Object Reference IDOR vulnerability. This vulnerability resides in the system's handling of user data access through a /Modernanet/LAUDO/LAU0000100/Laudo?id= URI. By manipulating this id parameter...

CVE-2024-23747

The Moderna Sistemas ModernaNet Hospital Management System 2024 is susceptible to an Insecure Direct Object Reference IDOR vulnerability. This vulnerability resides in the system's handling of user data access through a /Modernanet/LAUDO/LAU0000100/Laudo?id= URI. By manipulating this id parameter...

Contact Form builder with drag & drop - Kali Forms < 2.3.37 - Insecure Direct Object Reference

Description The Contact Form builder with drag & drop for WordPress – Kali Forms plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.3.38 due to missing validation on a user controlled key. This makes it possible for unauthenticated...

Display custom fields in the frontend – Post and User Profile Fields < 1.3.0 - Insecure Direct Object Reference to Authenticated (Contributor+) Post Meta Disclosure

Description The Display custom fields in the frontend – Post and User Profile Fields plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.2.1 via the vgdisplaydata shortcode due to missing validation on a user controlled key. This makes it...

CVE-2023-7031

Insecure Direct Object Reference vulnerabilities were discovered in the Avaya Aura Experience Portal Manager which may allow partial information disclosure to an authenticated non-privileged user. Affected versions include 8.0.x and 8.1.x, prior to 8.1.2 patch 0402. Versions prior to 8.0 are end ...

CVE-2023-7031

CVE-2023-7031 : Insecure Direct Object Reference in Avaya Aura Experience Portal Manager allows partial information disclosure to an authenticated non-privileged user. Affected: Avaya Aura Experience Portal Manager versions 8.0.x and 8.1.x prior to 8.1.2 patch 0402; versions prior to 8.0 are end ...

WordPress Contact Form builder with drag & drop - Kali Forms Plugin <= 2.3.36 is vulnerable to Insecure Direct Object References (IDOR)

Software Contact Form builder with drag & drop - Kali Forms Type Plugin Vulnerable versions = 2.3.36 Fixed in 2.3.37 OWASP Top 10 A1: Broken Access Control Classification Insecure Direct Object References IDOR CVE CVE-2024-22305 Patch priority Low CVSS severity Low 7.5 Developer Claim ownership...

MTN Group: Insecure direct Object Reference(Horizontal Escalation)

The vulnerability allowed for insecure direct object reference horizontal escalation. Specifically, the user's dashboard was accessed without authentication, and the text content was modified through client-side inspection and manipulation...

Insecure Direct Object Reference

nextjs is vulnerable to Insecure Direct Object Reference Vulnerability. The vulnerability is due to a logical flaw within the auth function in the App Router, and getAuth within the Pages Router. This issue can be exploited by an attacker to gain unauthorized access or conduct privilege escalatio...

GHSA-Q6W5-JG5Q-47VG @clerk/nextjs auth() and getAuth() methods vulnerable to insecure direct object reference (IDOR)

Impact Unauthorized access or privilege escalation due to a logic flaw in auth in the App Router or getAuth in the Pages Router. Affected Versions All applications that that use @clerk/nextjs versions in the range of = 4.7.0, 4.29.3 in a Next.js backend to authenticate API Routes, App Router, or...

CVE-2024-22206 @clerk/nextjs auth() and getAuth() methods vulnerable to insecure direct object reference (IDOR)

Clerk helps developers build user management. Unauthorized access or privilege escalation due to a logic flaw in auth in the App Router or getAuth in the Pages Router. This vulnerability was patched in version 4.29.3...

Contact Form 7 – Dynamic Text Extension < 4.2.0 - Insecure Direct Object Reference

Description The plugin is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.1.0 via the CF7getcustomfield and CF7getcurrentuser shortcodes due to missing validation on a user controlled key. This makes it possible for authenticated attackers with contributor...

CVE-2023-6223

The LearnPress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.2.5.7 via the /wp-json/lp/v1/profile/course-tab REST API due to missing validation on the 'userID' user controlled key. This makes it possible for authenticated attackers,...

CVE-2023-6223

The LearnPress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.2.5.7 via the /wp-json/lp/v1/profile/course-tab REST API due to missing validation on the 'userID' user controlled key. This makes it possible for authenticated attackers,...

CVE-2023-6506

The WP 2FA – Two-factor authentication for WordPress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.5.0 via the sendbackupcodesemail due to missing validation on a user controlled key. This makes it possible for subscriber-level...