PT-2022-10586 · WordPress · Expresstech Quiz/Survey Master

Name of the Vulnerable Software and Affected Versions: ExpressTech Quiz And Survey Master plugin versions prior to 7.3.5 Description: The issue is related to an insecure direct object references IDOR vulnerability. This vulnerability allows attackers to change the content of the quiz...

WordPress Quiz And Survey Master plugin <= 7.3.4 - Insecure direct object references (IDOR) vulnerability

Insecure direct object references IDOR vulnerability leading to Changing of Quiz Content discovered by Ngo Van Thien Patchstack Alliance in WordPress Quiz And Survey Master plugin versions = 7.3.4. Solution Update the WordPress Quiz And Survey Master plugin to the latest available version at leas...

Online Birth Certificate Management System 1.0 Insecure Direct Object Reference

Exploit Title: Online Birth Certificate Management System - Insecure Direct Object Reference IDOR Google Dork: N/A Date: 2022-9-27 Exploit Author: yousef alraddadi - https://twitter.com/y0usef11 Vendor Homepage:...

WordPress wpForo Forum plugin <= 2.0.5 - Insecure direct object references (IDOR) vulnerability

Insecure direct object references IDOR vulnerability that allows subscriber+ users to mark any forum post as Private/Public was discovered by Dhakal Ananda Patchstack Alliance in the WordPress wpForo Forum plugin versions = 2.0.5. Solution Update the WordPress wpForo Forum plugin to the latest...

WordPress wpForo Forum plugin <= 2.0.5 - Insecure direct object references (IDOR) vulnerability

Insecure direct object references IDOR vulnerability that allows subscriber+ users to mark any forum post as Solved/Unsolved was discovered by Dhakal Ananda Patchstack Alliance in the WordPress wpForo Forum plugin versions = 2.0.5. Solution Update the WordPress wpForo Forum plugin to the latest...

CVE-2022-38789

An issue was discovered in Airties Smart Wi-Fi before 2020-08-04. It allows attackers to change the main/guest SSID and the PSK to arbitrary values, and map the LAN, because of Insecure Direct Object Reference...

CVE-2022-38789

An issue was discovered in Airties Smart Wi-Fi before 2020-08-04. It allows attackers to change the main/guest SSID and the PSK to arbitrary values, and map the LAN, because of Insecure Direct Object Reference...

Design/Logic Flaw

An issue was discovered in Airties Smart Wi-Fi before 2020-08-04. It allows attackers to change the main/guest SSID and the PSK to arbitrary values, and map the LAN, because of Insecure Direct Object Reference...

CVE-2022-38789

An issue was discovered in Airties Smart Wi-Fi before 2020-08-04. It allows attackers to change the main/guest SSID and the PSK to arbitrary values, and map the LAN, because of Insecure Direct Object Reference...

CVE-2022-38789

CVE-2022-38789 affects Airties Smart Wi‑Fi devices released before 2020-08-04. The issue stems from an Insecure Direct Object Reference that lets an attacker change the main/guest SSID and PSK to arbitrary values and map the LAN. Multiple sources (NVD/Red Hat entry, CN/PRION/PTSecurity summaries)...

GHSA-QCQV-38JG-2R43 Pageflow vulnerable to insecure direct object reference in membership update endpoint

Impact Pageflow has a membership edit feature which allows users to edit the roles of user memberships associated with an account that they have the manager role to including their own. While the Entity dropdown select field is greyed out in the UI, an attacker can use tools which allow sending...

Pageflow vulnerable to insecure direct object reference in membership update endpoint

Impact Pageflow has a membership edit feature which allows users to edit the roles of user memberships associated with an account that they have the manager role to including their own. While the Entity dropdown select field is greyed out in the UI, an attacker can use tools which allow sending...

Airties Smart Wi-Fi 安全漏洞

Airties Smart Wi-Fi is a series of Wi-Fi extenders from Airties Turkey. A security vulnerability exists in Airties Smart Wi-Fi versions prior to 2020-08-04, which stems from an insecure direct object reference...

PT-2022-24568 · Airties · Airties Smart Wi-Fi

Name of the Vulnerable Software and Affected Versions: Airties Smart Wi-Fi versions prior to 2020-08-04 Description: The issue allows attackers to change the main/guest SSID and the PSK to arbitrary values and map the LAN due to Insecure Direct Object Reference. Recommendations: For versions prio...

CVE-2022-32277

Squiz Matrix CMS 6.20 is vulnerable to an Insecure Direct Object Reference caused by failure to correctly validate authorization when submitting a request to change a user's contact details. NOTE: this is disputed by both the vendor and the original discoverer because it is a site-specific findin...

CVE-2022-32277

Affected product: Squiz Matrix CMS 6.20. Vulnerability: Insecure Direct Object Reference caused by failure to correctly validate authorization when submitting a request to change a user’s contact details. Impact (as stated): Confidentiality: None; Integrity: Low; Availability: None. Root cause / ...

Squiz Matrix 安全漏洞

Squiz Matrix is a web CMS from Squiz, Inc. that helps digital marketers create and publish content while building websites without deep technical skills. A security vulnerability exists in Squiz Matrix CMS version 6.20, which stems from an insecure direct object reference vulnerability when it...

CVE-2022-32277

Squiz Matrix CMS 6.20 is vulnerable to an Insecure Direct Object Reference caused by failure to correctly validate authorization when submitting a request to change a user's contact details. NOTE: this is disputed by both the vendor and the original discoverer because it is a site-specific findin...

U.S. Dept Of Defense: IDOR when editing email leads to Mass Full ATOs (Account Takeovers) without user interaction on https://██████/

Dear DoD team, I found one critical bug on your domain: https://██████/ It's IDOR. Also this domain is from Hack US program. What is that IDOR? Insecure direct object references IDOR are a type of access control vulnerability that arises when an application uses user-supplied input to access...

CVE-2022-2080

The Sensei LMS WordPress plugin before 4.5.2 does not ensure that the sender of a private message is either the teacher or the original sender, allowing any authenticated user to send messages to arbitrary private conversation via a IDOR attack. Note: Attackers are not able to see...