4397 matches found
CVE-2026-3460
CVE-2026-3460 concerns the REST API TO MiniProgram plugin for WordPress. The vulnerability allows an authenticated user with Subscriber-level access or higher to modify arbitrary users’ store-related metadata (storeinfo, storeappid, storename) via an attacker-controlled userid parameter in the RE...
CVE-2026-3460
The REST API TO MiniProgram plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.1.2. This is due to the permission callback updateuserwechatshopinfopermissionscheck only validating that the supplied 'openid' parameter corresponds to an...
CVE-2026-3460 REST API TO MiniProgram <= 5.1.2 - Authenticated (Subscriber+) Insecure Direct Object Reference via 'userid' REST API Parameter
The REST API TO MiniProgram plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.1.2. This is due to the permission callback updateuserwechatshopinfopermissionscheck only validating that the supplied 'openid' parameter corresponds to an...
CVE-2026-3460 REST API TO MiniProgram <= 5.1.2 - Authenticated (Subscriber+) Insecure Direct Object Reference via 'userid' REST API Parameter
The REST API TO MiniProgram plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.1.2. This is due to the permission callback updateuserwechatshopinfopermissionscheck only validating that the supplied 'openid' parameter corresponds to an...
WordPress plugin REST API TO MiniProgram 输入验证错误漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...
CVE-2026-32114
Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, there is an Insecure Direct Object Reference IDOR vulnerability that allows any authenticated user to access metadata about AI personas, features, and LLM models by providing their...
CVE-2026-32114
Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, there is an Insecure Direct Object Reference IDOR vulnerability that allows any authenticated user to access metadata about AI personas, features, and LLM models by providing their...
CVE-2026-32114 Discourse's unscoped status lookups leak restricted metadata
Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, there is an Insecure Direct Object Reference IDOR vulnerability that allows any authenticated user to access metadata about AI personas, features, and LLM models by providing their...
EUVD-2026-13526
Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, there is an Insecure Direct Object Reference IDOR vulnerability that allows any authenticated user to access metadata about AI personas, features, and LLM models by providing their...
PT-2026-26549
Name of the Vulnerable Software and Affected Versions Discourse versions prior to 2026.3.0-latest.1 Discourse versions prior to 2026.2.1 Discourse versions prior to 2026.1.2 Description Discourse is an open-source discussion platform. Before versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, an...
📄 PEGA Infinity Brute Force / Insecure Direct Object Reference
PEGA Infinity suffers from brute forcing and insecure direct object reference vulnerabilities. Pega Platform versions 7.1.0 through Infinity 25.1.0 are affected by the brute force issue. Pega Platform versions 8.7.5 to Infinity 24.2.2 are affected by the idor issue. SEC Consult Vulnerability Lab...
Discourse 安全漏洞
Discourse is an open-source community discussion platform developed by Discourse. This platform includes features such as communities, email communication, and chat rooms. Versions of Discourse prior to 2026.3.0-latest.1, as well as versions before 2026.2.1 and 2026.1.2, have security...
CVE-2026-27397 WordPress Really Simple Security Pro plugin <= 9.5.4.0 - Insecure Direct Object References (IDOR) vulnerability
Authorization Bypass Through User-Controlled Key vulnerability in Really Simple Plugins B.V. Really Simple Security Pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Really Simple Security Pro: from n/a through 9.5.4.0...
CVE-2026-27397
CVE-2026-27397 corresponds to an IDOR/authorization bypass in the WordPress plugin Really Simple Security Pro (Really Simple Plugins B.V.). The issue arises from incorrectly configured access control levels, allowing unauthorized access via a user-controlled key. Affected range includes Really Si...
CVE-2026-32736
The Hytale Modding Wiki is a free service for Hytale mods to host their documentation & wikis. An Insecure Direct Object Reference IDOR vulnerability in versions of the wiki prior to 1.0.0 exposes mod authors' personal information - including full names and email addresses - to any authenticated...
CVE-2026-32736
The Hytale Modding Wiki has an IDOR vulnerability in versions before 1.0.0 that allows any authenticated user to access authors’ full names and email addresses by visiting a mod page via its slug. Affected software: Hytale Modding Wiki (pre-1.0.0). Impact: exposure of PII with MEDIUM severity (CV...
CVE-2026-32736
The Hytale Modding Wiki is a free service for Hytale mods to host their documentation & wikis. An Insecure Direct Object Reference IDOR vulnerability in versions of the wiki prior to 1.0.0 exposes mod authors' personal information - including full names and email addresses - to any authenticated...
EUVD-2026-12981
The Hytale Modding Wiki is a free service for Hytale mods to host their documentation & wikis. An Insecure Direct Object Reference IDOR vulnerability in versions of the wiki prior to 1.0.0 exposes mod authors' personal information - including full names and email addresses - to any authenticated...
CVE-2026-32736 Hytale Modding Wiki has Insecure Direct Object Reference / GDPR PII Exposure
The Hytale Modding Wiki is a free service for Hytale mods to host their documentation & wikis. An Insecure Direct Object Reference IDOR vulnerability in versions of the wiki prior to 1.0.0 exposes mod authors' personal information - including full names and email addresses - to any authenticated...
CVE-2026-32694
The CVE-2026-32694 vulnerability affects Juju (versions 3.0.0 through 3.6.18). It arises when a secret owner grants a secret to a grantee and relies solely on a predictable secret XID to verify ownership. A malicious grantee who can request secrets can predict past secrets granted by the same own...