CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Cvelist•added 2024/01/11 6:49 a.m.•28 views

CVE-2023-6506 WP 2FA <= 2.5.0 - Insecure Direct Object Reference to Arbitrary Email Sending

4.3CVSS5AI score0.0047EPSS

Exploits0References3

Vulnrichment•added 2024/01/11 6:49 a.m.•4 views

CVE-2023-6506 WP 2FA <= 2.5.0 - Insecure Direct Object Reference to Arbitrary Email Sending

4.3CVSS6.8AI score0.0047EPSS

Exploits0References3

CVE•added 2024/01/11 6:49 a.m.•80 views

CVE-2023-6506

The CVE-2023-6506 entry concerns the WP 2FA – Two-factor authentication for WordPress plugin. Affected: WP 2FA, versions up to and including 2.5.0. Issue: insecure direct object reference (IDOR) via send_backup_codes_email caused by missing validation on a user-controlled key, enabling subscriber...

4.3CVSS5AI score0.0047EPSS

Exploits0References3Affected Software1

Vulnrichment•added 2024/01/11 6:49 a.m.•8 views

CVE-2023-6223 LearnPress <= 4.2.5.7 - Insecure Direct Object Reference to Information Disclosure

4.3CVSS6.6AI score0.00347EPSS

Cvelist•added 2024/01/11 6:49 a.m.•22 views

CVE-2023-6223 LearnPress <= 4.2.5.7 - Insecure Direct Object Reference to Information Disclosure

4.3CVSS5.7AI score0.00347EPSS

CVE•added 2024/01/11 6:49 a.m.•122 views

CVE-2023-6223

CVE-2023-6223 affects the LearnPress – WordPress LMS Plugin. The issue is an insecure direct object reference (IDOR) in all versions up to and including 4.2.5.7, exposed via the /wp-json/lp/v1/profile/course-tab REST API. Missing validation on the userID parameter lets authenticated users with su...

4.3CVSS5.3AI score0.00347EPSS

OSV•added 2024/01/11 5:15 a.m.•2 views

CVE-2023-6630

The Contact Form 7 – Dynamic Text Extension plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.1.0 via the CF7getcustomfield and CF7getcurrentuser shortcodes due to missing validation on a user controlled key. This makes it possible for...

4.3CVSS5.9AI score

NVD•added 2024/01/11 5:15 a.m.•11 views

CVE-2023-6630

4.3CVSS4.4AI score0.00349EPSS

Prion•added 2024/01/11 5:15 a.m.•20 views

Input validation

4CVSS6.8AI score0.00349EPSS

Vulnrichment•added 2024/01/11 4:30 a.m.•4 views

CVE-2023-6630 Contact Form 7 – Dynamic Text Extension <= 4.1.0 - Insecure Direct Object Reference

4.3CVSS6.8AI score0.00349EPSS

CVE•added 2024/01/11 4:30 a.m.•49 views

CVE-2023-6630

CVE-2023-6630 : The WordPress plugin “Contact Form 7 – Dynamic Text Extension” ( 4.1.0); PatchStack lists 4.2.0 as the fix. Other sources corroborate the vulnerability and describe it as a broken access control issue with low overall CVSS (4.3). Actionable takeaway: apply the patch to affected in...

4.3CVSS4.8AI score0.00349EPSS

Cvelist•added 2024/01/11 4:30 a.m.•28 views

CVE-2023-6630 Contact Form 7 – Dynamic Text Extension <= 4.1.0 - Insecure Direct Object Reference

4.3CVSS4.8AI score0.00349EPSS

Patchstack•added 2024/01/08 12:0 a.m.•13 views

WordPress Profile Builder Plugin <= 3.10.7 is vulnerable to Insecure Direct Object References (IDOR)

Software Profile Builder Type Plugin Vulnerable versions = 3.10.7 Fixed in 3.10.8 OWASP Top 10 A1: Broken Access Control Classification Insecure Direct Object References IDOR CVE CVE-2023-6504 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 4a72357868f4 Credits Francesco...

4.3CVSS6.5AI score0.00349EPSS

Exploits0References3Affected Software1

Vulnrichment•added 2024/01/05 7:56 a.m.•11 views

CVE-2023-51502 WordPress WooCommerce Stripe Payment Gateway Plugin <= 7.6.1 is vulnerable to Insecure Direct Object References (IDOR)

Authorization Bypass Through User-Controlled Key vulnerability in WooCommerce WooCommerce Stripe Payment Gateway.This issue affects WooCommerce Stripe Payment Gateway: from n/a through 7.6.1...

7.5CVSS6.9AI score0.00599EPSS

Cvelist•added 2024/01/05 7:56 a.m.•21 views

CVE-2023-51502 WordPress WooCommerce Stripe Payment Gateway Plugin <= 7.6.1 is vulnerable to Insecure Direct Object References (IDOR)

Authorization Bypass Through User-Controlled Key vulnerability in WooCommerce WooCommerce Stripe Payment Gateway.This issue affects WooCommerce Stripe Payment Gateway: from n/a through 7.6.1...

7.5CVSS9.7AI score0.00599EPSS

NVD•added 2024/01/03 3:15 a.m.•22 views

CVE-2023-50342

HCL DRYiCE MyXalytics is impacted by an Insecure Direct Object Reference IDOR vulnerability. A user can obtain certain details about another user as a result of improper access control...

7.1CVSS6.9AI score0.00291EPSS

Vulnrichment•added 2024/01/03 2:39 a.m.•13 views

CVE-2023-50342 Insecure Direct Object Reference (IDOR) affects DRYiCE MyXalytics

HCL DRYiCE MyXalytics is impacted by an Insecure Direct Object Reference IDOR vulnerability. A user can obtain certain details about another user as a result of improper access control...

7.1CVSS6.9AI score0.00291EPSS

Cvelist•added 2024/01/03 2:39 a.m.•27 views

CVE-2023-50342 Insecure Direct Object Reference (IDOR) affects DRYiCE MyXalytics

HCL DRYiCE MyXalytics is impacted by an Insecure Direct Object Reference IDOR vulnerability. A user can obtain certain details about another user as a result of improper access control...

7.1CVSS7.1AI score0.00291EPSS