Authorization

The SP Project & Document Manager plugin for WordPress is vulnerable to Insecure Direct Object References in versions up to, and including, 4.67. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes it...

CVE-2023-3063 SP Project & Document Manager <= 4.67 - Authenticated (Subscriber+) Insecure Direct Object Reference to Arbitrary User Password Change

The SP Project & Document Manager plugin for WordPress is vulnerable to Insecure Direct Object References in versions up to, and including, 4.67. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes it...

CVE-2023-3063

CVE-2023-3063 affects SP Project & Document Manager (WordPress) up to version 4.67. Root cause: Insecure Direct Object References (IDOR) allowing authenticated users with subscriber privileges (or higher) to access objects and bypass authorization, enabling password changes and potential administ...

CVE-2023-3063 SP Project & Document Manager <= 4.67 - Authenticated (Subscriber+) Insecure Direct Object Reference to Arbitrary User Password Change

The SP Project & Document Manager plugin for WordPress is vulnerable to Insecure Direct Object References in versions up to, and including, 4.67. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes it...

WordPress SP Project & Document Manager Plugin <= 4.67 is vulnerable to Insecure Direct Object References (IDOR)

Software SP Project & Document Manager Type Plugin Vulnerable versions = 4.67 Fixed in 4.68 OWASP Top 10 A1: Injection Classification Insecure Direct Object References IDOR CVE CVE-2023-3063 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID 479dd26d18cf Credits István Márt...

WordPress Plugin SP Project & Document Manager 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blogs on PHP and MySQL servers.WordPress plugin is an...

PT-2023-22827 · WordPress · Sp Project & Document Manager

Name of the Vulnerable Software and Affected Versions: SP Project & Document Manager plugin for WordPress versions up to, and including, 4.67 Description: The issue is related to Insecure Direct Object References, which allows user-controlled access to objects. This enables authenticated attacker...

LearnDash Plugin for WordPress < 4.6.0.1 Insecure Direct Object Reference

The WordPress LearnDash Plugin installed on the remote host is affected by an Insecure Direct Object Reference. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes it possible for attackers with existin...

WooCommerce Stripe Payment Gateway Plugin for WordPress < 7.4.1 Insecure Direct Object Reference

The WordPress WooCommerce Stripe Payment Gateway Plugin installed on the remote host is affected by an Insecure Direct Object Reference leading to Personally Identifiable Information Disclosure. Note that the scanner has not tested for these issues but has instead relied only on the application's...

WordPress Editorial Calendar Plugin <= 3.7.12 is vulnerable to Insecure Direct Object References (IDOR)

Software Editorial Calendar Type Plugin Vulnerable versions = 3.7.12 Fixed in 3.8.0 OWASP Top 10 A5: Broken Access Control Classification Insecure Direct Object References IDOR CVE CVE-2023-36520 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 5cbcd0860491 Credits Elliot...

LearnDash LMS < 4.6.0.1 - User Account Takeover via Insecure Direct Object References

The plugin does not correctly manage access to system resources, resulting in Insecure Direct Object References. As a result, users can bypass authorization checks, leading to unauthorized changes to user passwords, potentially compromising administrator accounts...

WordPress LearnDash LMS 4.6.0 Insecure Direct Object Reference

Description: LearnDash LMS = 4.6.0 – Authenticated Subscriber+ Insecure Direct Object Reference to Arbitrary User Password Change Affected Plugin: LearnDash LMS Plugin Slug: sfwd-lms Affected Versions: = 4.6.0 CVE ID: CVE-2023-3105 CVSS Score: 8.8 High CVSS Vector:...

CVE-2023-23679 WordPress JS Help Desk – Best Help Desk & Support Plugin Plugin <= 2.7.7 is vulnerable to Insecure Direct Object References (IDOR)

Authorization Bypass Through User-Controlled Key vulnerability in JS Help Desk js-support-ticket allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects JS Help Desk: from n/a through 2.7.7...

CVE-2023-23679 WordPress JS Help Desk – Best Help Desk & Support Plugin Plugin <= 2.7.7 is vulnerable to Insecure Direct Object References (IDOR)

Authorization Bypass Through User-Controlled Key vulnerability in JS Help Desk js-support-ticket allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects JS Help Desk: from n/a through 2.7.7...

Smart Office Web 20.28 Information Disclosure / Insecure Direct Object Reference

Exploit Title: Smart Office Web 20.28 - Remote Information Disclosure Unauthenticated Shodan Dork:: inurl:"https://www.shodan.io/search?query=smart+office" Date: 09/Dec/2022 Exploit Author: Tejas Nitin Pingulkar https://cvewalkthrough.com/ Vendor Homepage: https://smartofficepayroll.com/ Software...

WordPress WooCommerce Stripe Payment Gateway Plugin < 7.4.1 IDOR Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:woocommerce:stripepaymentgateway"; if description...

WordPress JS Help Desk – Best Help Desk & Support Plugin Plugin <= 2.7.7 is vulnerable to Insecure Direct Object References (IDOR)

Software JS Help Desk – Best Help Desk & Support Plugin Type Plugin Vulnerable versions = 2.7.7 Fixed in 2.7.8 OWASP Top 10 A5: Broken Access Control Classification Insecure Direct Object References IDOR CVE CVE-2023-23679 Patch priority Low CVSS severity Low 4.6 Developer Claim ownership PSID...

WordPress WooCommerce Payments Plugin <= 5.9.0 is vulnerable to Insecure Direct Object References (IDOR)

Software WooCommerce Payments Type Plugin Vulnerable versions = 5.9.0 Fixed in 5.9.1 OWASP Top 10 A5: Broken Access Control Classification Insecure Direct Object References IDOR CVE CVE-2023-35916 Patch priority Low CVSS severity Low 7.5 Developer Claim ownership PSID e4c9d390a631 Credits Rafie...

CVE-2023-29295 Insecure Direct Object Reference (IDOR) in Create Quote Function

Adobe Commerce versions 2.4.6 and earlier, 2.4.5-p2 and earlier and 2.4.4-p3 and earlier are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass a minor functionality. Exploitati...

CVE-2023-34000 WordPress WooCommerce Stripe Payment Gateway Plugin <= 7.4.0 is vulnerable to Insecure Direct Object References (IDOR)

Unauth. IDOR vulnerability leading to PII Disclosure in WooCommerce Stripe Payment Gateway plugin = 7.4.0 versions...