3461 matches found
CVE-2024-2346
The FileBird – WordPress Media Library Folders & File Manager plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.6.3 via folder deletion due to missing validation on a user controlled key. This makes it possible for authenticated...
CVE-2024-2346 FileBird – WordPress Media Library Folders & File Manager <= 5.6.3 - Authenticated (Author+) Insecure Direct Object Reference
The FileBird – WordPress Media Library Folders & File Manager plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.6.3 via folder deletion due to missing validation on a user controlled key. This makes it possible for authenticated...
CVE-2024-2346 FileBird – WordPress Media Library Folders & File Manager <= 5.6.3 - Authenticated (Author+) Insecure Direct Object Reference
The FileBird – WordPress Media Library Folders & File Manager plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.6.3 via folder deletion due to missing validation on a user controlled key. This makes it possible for authenticated...
ProfileGrid – User Profiles, Memberships, Groups and Communities < 5.8.0 - Insecure Direct Object Reference
Description The ProfileGrid – User Profiles, Memberships, Groups and Communities plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.7.9 due to missing validation on a user controlled key. This makes it possible for authenticated attacker...
PT-2024-19882 · WordPress · Filebird
Name of the Vulnerable Software and Affected Versions: The FileBird – WordPress Media Library Folders & File Manager plugin versions up to, and including, 5.6.3 Description: The issue allows authenticated attackers with author access or higher to delete folders created by other users, making thei...
Crelly Slider <= 1.4.5 - Authenticated (Subscriber+) Insecure Direct Object Reference
Description The Crelly Slider plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.4.5 due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with subscriber-level access and above, to perfo...
VulnCheck KEV: CVE-2024-33939
The Masteriyo LMS Plugin for WordPress is vulnerable to an insecure direct object reference that could allow unauthenticated adversaries to view other users course progress. Versions up to and including 1.7.3 are vulnerable via the REST API...
CVE-2024-28320
Insecure Direct Object References IDOR vulnerability in Hospital Management System 1.0 allows attackers to manipulate user parameters for unauthorized access and modifications via crafted POST request to /patient/edit-user.php...
Rate My Post – Star Rating Plugin by FeedbackWP < 3.4.5 - Insecure Direct Object Reference
Description The Rate My Post – Star Rating Plugin by FeedbackWP plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.4.4 due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to rate priva...
ProfileGrid – User Profiles, Memberships, Groups and Communities < 5.8.0 - Insecure Direct Object Reference
Description The ProfileGrid – User Profiles, Memberships, Groups and Communities plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.7.9 due to missing validation on a user controlled key in the pgshowmsgpanel function. This makes it...
CVE-2024-32808 WordPress ProfileGrid plugin <= 5.7.9 - Insecure Direct Object Reference (IDOR) vulnerability
Authorization Bypass Through User-Controlled Key vulnerability in Metagauss ProfileGrid.This issue affects ProfileGrid : from n/a through 5.7.9...
CVE-2024-32808 WordPress ProfileGrid plugin <= 5.7.9 - Insecure Direct Object Reference (IDOR) vulnerability
Authorization Bypass Through User-Controlled Key vulnerability in Metagauss ProfileGrid.This issue affects ProfileGrid : from n/a through 5.7.9...
WP-Recall – Registration, Profile, Commerce & More < 16.26.6 - Insecure Direct Object Reference
Description The WP-Recall – Registration, Profile, Commerce & More plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 16.26.5 due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with...
WordPress ProfileGrid plugin <= 5.7.9 - Insecure Direct Object Reference (IDOR) vulnerability
Insecure Direct Object Reference IDOR vulnerability discovered by Kyle Sanchez Patchstack Alliance in WordPress Plugin ProfileGrid versions = 5.7.9...
WordPress Tickera plugin < 3.5.2.5 - Ticket leakage through IDOR vulnerability
Ticket leakage through IDOR vulnerability discovered by Martin Thirup Christensen in WordPress Plugin Tickera versions 3.5.2.5...
Elber Signum DVB-S/S2 IRD For Radio Networks 1.999 Insecure Direct Object Reference Vulnerability
Elber Signum DVB-S/S2 IRD for Radio Networks version 1.999 suffers from an unauthenticated device configuration and client-side hidden functionality disclosure vulnerability. Elber Signum DVB-S/S2 IRD For Radio Networks 1.999 Device Config Vendor: Elber S.r.l. Product web page: https://www.elber....
CVE-2024-32166
Webid v1.2.1 suffers from an Insecure Direct Object Reference IDOR - Broken Access Control vulnerability, allowing attackers to buy now an auction that is suspended horizontal privilege escalation...
WeBid 安全漏洞
WeBid is an open source auction website building solution. A security vulnerability exists in WeBid v1.2.1, which stems from the presence of an insecure direct object reference and access control corruption vulnerability...
CVE-2024-32166
Webid v1.2.1 suffers from an Insecure Direct Object Reference IDOR - Broken Access Control vulnerability, allowing attackers to buy now an auction that is suspended horizontal privilege escalation...
CVE-2024-32166
The CVE-2024-32166 issue affects Webid v1.2.1 and is an Insecure Direct Object Reference (IDOR) leading to Broken Access Control. This allows horizontal privilege escalation—attackers can prematurely complete a purchase on a suspended auction. Root cause and exact vulnerable component are describ...