Insecure Direct Object References (IDOR)

org.apache.inlong is vulnerable to Insecure Direct Object References IDOR. The vulnerability exists due to a lack of permission verification for stream sources, which allows an attacker to access files or directories of external users and delete, edit, stop, and start others' sources...

CVE-2023-31064 Apache InLong: Insecurity direct object references cancelling applications

Files or Directories Accessible to External Parties vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.2.0 through 1.6.0. the user in InLong could cancel an application that doesn't belongs to it. Users are advised to upgrade to Apache InLong's 1.7....

CVE-2023-31066 Apache InLong: Insecure direct object references for inlong sources

Files or Directories Accessible to External Parties vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.6.0. Different users in InLong could delete, edit, stop, and start others' sources! Users are advised to upgrade to Apache InLong's...

CVE-2023-31066 Apache InLong: Insecure direct object references for inlong sources

Files or Directories Accessible to External Parties vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.6.0. Different users in InLong could delete, edit, stop, and start others' sources! Users are advised to upgrade to Apache InLong's...

CVE-2023-2276

The WCFM Membership – WooCommerce Memberships for Multivendor Marketplace plugin for WordPress is vulnerable to Insecure Direct Object References in versions up to, and including, 2.10.7. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization an...

Authorization

The WCFM Membership – WooCommerce Memberships for Multivendor Marketplace plugin for WordPress is vulnerable to Insecure Direct Object References in versions up to, and including, 2.10.7. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization an...

CVE-2023-2276 WCFM Membership – WooCommerce Memberships for Multivendor Marketplace <= 2.10.7 - Unauthenticated Insecure Direct Object Reference to Arbitrary User Password Change

The WCFM Membership – WooCommerce Memberships for Multivendor Marketplace plugin for WordPress is vulnerable to Insecure Direct Object References in versions up to, and including, 2.10.7. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization an...

CVE-2023-2276 WCFM Membership – WooCommerce Memberships for Multivendor Marketplace <= 2.10.7 - Unauthenticated Insecure Direct Object Reference to Arbitrary User Password Change

The WCFM Membership – WooCommerce Memberships for Multivendor Marketplace plugin for WordPress is vulnerable to Insecure Direct Object References in versions up to, and including, 2.10.7. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization an...

CVE-2023-2276

The CVE-2023-2276 entry concerns the WCFM Membership – WooCommerce Memberships for Multivendor Marketplace WordPress plugin. Affected versions ≤ 2.10.7 are vulnerable to Insecure Direct Object References (IDOR), allowing unauthenticated attackers to access object resources and bypass authorizatio...

Authorization

The RegistrationMagic plugin for WordPress is vulnerable to Insecure Direct Object References in versions up to, and including, 5.2.0.5. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes it possible f...

CVE-2023-2548 RegistrationMagic <= 5.2.0.5 - Authenticated (Admin+) Insecure Direct Object Reference to Arbitrary User Password Change

The RegistrationMagic plugin for WordPress is vulnerable to Insecure Direct Object References in versions up to, and including, 5.2.0.5. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes it possible f...

CVE-2023-2548 RegistrationMagic <= 5.2.0.5 - Authenticated (Admin+) Insecure Direct Object Reference to Arbitrary User Password Change

The RegistrationMagic plugin for WordPress is vulnerable to Insecure Direct Object References in versions up to, and including, 5.2.0.5. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes it possible f...

CVE-2023-2548

CVE-2023-2548 affects the WordPress plugin RegistrationMagic (versions up to 5.2.0.5). The root cause is Insecure Direct Object References, where the plugin exposes user-controlled objects, allowing an authenticated admin+ to bypass authorization and access system resources. Impact: an attacker w...

WordPress plugin RegistrationMagic 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

WordPress WooCommerce Bookings Plugin <= 1.15.78 is vulnerable to Insecure Direct Object References (IDOR)

Software WooCommerce Bookings Type Plugin Vulnerable versions = 1.15.78 Fixed in 1.15.79 OWASP Top 10 A5: Broken Access Control Classification Insecure Direct Object References IDOR CVE CVE-2023-32747 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 81006e449dea Credits Raf...

WordPress WooCommerce Ship to Multiple Addresses Plugin <= 3.8.3 is vulnerable to Insecure Direct Object References (IDOR)

Software WooCommerce Ship to Multiple Addresses Type Plugin Vulnerable versions = 3.8.3 Fixed in 3.8.4 OWASP Top 10 A5: Broken Access Control Classification Insecure Direct Object References IDOR CVE CVE-2023-32799 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID c036222840...

HackerOne: Insecure Direct Object Reference (IDOR) - Delete Campaigns

An insecure direct object reference IDOR vulnerability was discovered on a website, which allowed an attacker to delete any campaign based on the campaign ID. By modifying the campaign ID parameter in the request, an attacker could delete campaigns on any program. This vulnerability could have...

WordPress Stream Plugin <= 3.9.2 is vulnerable to Insecure Direct Object References (IDOR)

Software Stream Type Plugin Vulnerable versions = 3.9.2 Fixed in 3.9.3 OWASP Top 10 A1: Injection Classification Insecure Direct Object References IDOR CVE CVE-2022-43450 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 760a85c05111 Credits Lucio Sá Required privilege...

WordPress Ruby Help Desk Plugin < 1.3.4 is vulnerable to Insecure Direct Object References (IDOR)

Software Ruby Help Desk Type Plugin Vulnerable versions 1.3.4 Fixed in 1.3.4 OWASP Top 10 A5: Broken Access Control Classification Insecure Direct Object References IDOR CVE CVE-2023-1125 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 4bb70b90c759 Credits Ameen Alkurdy...

CVE-2018-17449

An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. Remote attackers could obtain sensitive information about issues, comments, and project titles via events API insecure direct object reference...